Currently, WordPress websites are infected with malicious code/malware due to using themes, plugins of unknown origin, themes, paid plugins that are shared for free and you are given malicious code. Or setting a simple, easy-to-guess password is a very common occurrence.
So when your website is hacked or infected with malicious code, what do you need to do? Let’s follow along.
The reason why infected with malicious code
- In the process of uploading data, if the data on your personal computer is infected with a virus when uploading, it will bring a virus.
- Administrative information or password are set at a simple level, not difficult enough, very easy for hackers to exploit.
- For example, admin, admin123456, 12345678, 12345678a
- Don’t update WordPress versions, plugins and themes to new versions (old versions have many vulnerabilities)
- Using the free theme and plugin is very likely to be infected with a virus compared to the paid version.
- Using paid themes and plugins but shared for free also makes website very easy to install malicious code.
- Non-compliance with standards, security rules of website/hosting usage.
- Do not regularly scan websites with tools and plugins to scan for malicious code.
- Website operating on the internet, there will be risks every day, every hour because there will be hackers, auto bots find vulnerabilities to exploit and insert malicious codes, so the website needs to be checked for updates and regular maintenance.
What to do when the website is hacked/infected with malicious code?
When a website is hacked/inserted malicious code, you often find malware scanning tools. I would like to introduce a plugin with the function of scanning malicious code, this plugin has 2 paid and free versions.
I do not guarantee it will be 100% removed, but it may be a good solution for you. You need to do it manually to filter.
Steps to deal with malicious code
Step 1: Install the malware-scanning plugin
You install this plugin and perform the scan, click Start New Scan (the scan time is fast or slow depending on your source code).
After the scan is complete, you will see the plugin shows very detailed files. As shown below, you can see the files in wp-content/theme are very infected.
Step 2: Identify folders, files and malicious code
You click on those files, the plugin will show the next paragraphs that are malicious, you copy this code and go to the source to find the exact file.
Step 3: Filter and delete malicious codes/files in the source code
Open the file, if you will see strange codes, not in the structure of the theme, you delete it.
If the file only has 1 paragraph inserted, press Ctrl + F and paste the code I circled in red to search to find that exact code and delete it.
Here is a source code I have supported a client scan.
If the scanned plugin displays the entire file, eg file system_m.php is not in the source code, the theme => you can DELETE that strange file.
It will take quite a while to process this.
After the deletion is complete, you can scan again.
Step 4: Update the full version of the WordPress source code
After removing the malicious code in the steps above, you need to make sure that your website is using the latest version of WordPress and that all plugins and themes in your website are also fully updated.
With unused themes and plugins, you should remove them from your website immediately to avoid being exploited.
Above are the steps you should take when your website is infected with malicious code. In addition to the above methods, there is another more radical way to remove malicious code, which is to reinstall the website but keep the data intact, you can refer to here.