Portal Home > Knowledgebase > Articles Database > Wordpress infected (virus)

Wordpress infected (virus)

Posted by boka003, 01-23-2016, 11:50 AM
Hi, I have problem on my wordpress site, when i try to open link in browser, avast block my site. Now when i scan my site here i get this: https://sitecheck.sucuri.net/results/glasrepublike.com I allredy install plugin Anti-Malware Security and Brute-Force Firewall and fix all errors that plugin find. But still my web site is infected. Is anyone have some experence whit this ? Thank you

Posted by WPCYCLE, 01-23-2016, 12:25 PM
1. Contact your host. See if there's anything they can do or if they can clean it for you 2. Virus and Malware can hide in places that scanners won't always pickup 3. Have you resintalled/re-update WordPress? 4. Install clean version of your themes and plugins? 5. Delete deactiavted plugins? 6. Delete not needed themes? (You only need two...your active one and a backup theme which could be 2015 or 2016) 7. Is your computer free of virus and malware? 8. Log in through sftp and inspect the files that's been listed 8a. Go through all folders and look for extra files and delete them 9. Change your account password 10. Do you have access to logs? Look through them. That's just a simple run through that may help.

Posted by boka003, 01-23-2016, 06:54 PM
Thank you for reply, I do everything except number 10, i can not find access logs. Aloso, i using vps not web hosting. Is trhere anything other that i can do ?

Posted by Silvatech, 01-23-2016, 07:19 PM
I would run clam AV at root level and see what it finds. I would not have it remove anything at first though unless you are sure.

Posted by Silvatech, 01-23-2016, 07:31 PM
http://www.clamav.net/documents/installing-clamav scrolls down and youll see how to install it depending on which OS your using (Example ubuntu centos etc.) If you are not comfortable using terminal. I would suggest you see if your host will help you. Otherwise you might need to higher someone to help you out. So I am hoping you little familiar with terminal.

Posted by net, 01-23-2016, 07:43 PM
Moved > Hosting Security and Technology.

Posted by boka003, 01-23-2016, 09:04 PM
Thank youu i will be try whit this, just to find some good tutorial for this

Posted by boka003, 01-23-2016, 09:32 PM
Edit: I install it by this tutorial: http://solutionsatexperts.com/instal...rus-on-centos/ But i have problem in this last stetp, number 5. It's say: And here is what i try, but whit some errors:

Posted by Silvatech, 01-23-2016, 09:34 PM
You can have clam AV scan to check without automatically removing anything. I would suggest either google anything it finds or post it up here and get thoughts. Or heck maybe do a bit of both =). Hope you can correct your issues.

Posted by brianoz, 01-23-2016, 09:41 PM
If you're running a VPS it's worth getting a security update to the server itself to make sure it hasn't been hacked. Unless you're expert, the easiest way to unhack a site is to run Wordfence (or move the site to a host who will unhack it for you!). Wordfence does a series of detailed scans and will help you remove virus infected files. Unfortunately disinfecting a site is harder than stopping it getting hacked! The other option is finding a host that provides anti-hacking measures.

Posted by bear, 01-23-2016, 09:44 PM
If it's not finding the directory, it's probably because you need to change the script/call to reflect your own server. "site" is a generic folder that you need to change to your own folder, as well as the location of the text file it writes to in the cron.

Posted by acm_whr, 01-23-2016, 10:48 PM
Hello, Please follow the below options to clean the site of any issues: - You can download a copy of your site, and scan locally with a virus scan, once finished, delete the files on the server and upload the clean ones -Use the 6Scan feature https://wordpress.org/support/view/p...can-protection Once the above has been completed, you will need to take action to prevent the exploitation from occurring again: 1) Scan your local pc, and any PC that connects to your account with a virus scanning tool. Using more than one is best: http://www.safer-networking.org/ http://www.clamav.net/lang/en/ http://www.malwarebytes.org/ 2) Update all passwords on your account 3) IMPORTANT: Update all scripts and plugins on the account and keep them updated to prevent further attack Infected computer uploading data to the site that is becoming infected itself. (It is best to scan your computer for Malware using Malwarebytes, Spybot, and NOD32 to remove any malicious pieces of software that may be the culprit) Test your pc here (use full scan/clean options): http://www.eset.com/online-scanner Let me know if it helps.

Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
hostinglite.com??? (Views: 287)


Customer Testimonials

John Doe
It's a great service with fantastic support. It's definately good value for your money. Overall rating, 10 out of 10.
Mike Smith
Much better than my previous hosting company - I also got help with migration at no extra cost. Friendly support too.
Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.