Many WordPress sites are falling victim to malicious hacking, leaving sites with unsafe malware injected into the backend code. If this happens to your business website, you can lose business immediately. When your site is flagged by malware, Google will display a message in search results that says, “This site may harm your computer.”
What is malware?
The term malware is derived from the phrase “malicious software” and includes software, code or scripts that are designed with the intent to gain access to or damage a computer without the user knowing that it’s doing so. Malware can be harmful and cause destruction to a users computer. Some malware is just a nuisance and performs silly tasks such as redirecting users to another website.
Regardless of the intent, Google and other search engines are blacklisting sites. According to Sucuri.net a leader in malware detection, “Hacked sites can lose nearly 95% of your traffic in as little as 24 to 48 hours if not fixed immediately – losing your organic rankings and being blocked by Google, Bing and many other blacklists. Hacked sites can also expose your customers and readers private and financial information, and turn your site into a host for dangerous malware and illicit material, creating massive liability.”
Malware Removal
If you’ve discovered that your website contains malware, you should take action immediately to reduce the impact it can have on your business.
- Step 1. Secure your website. Contact your hosting company or a malware removal specialist to quarantine the site as soon as possible.
- Step 2. Determine which files have been altered. You can do this by looking at the dates on the files. Either remove those files or remove the malicious code from the files. Especially with WordPress website, this can be a daunting task. If you’re not comfortable editing HTML, javascript, php or other code, we recommend you have an expert help with this step.
- Step 3. Once the malware has been removed, notify Google using Webmaster tools that you have cleaned out the Malware. Google states that it takes up to 72 hours for them to do a review to ensure that your site is malware free before removing the red flag on your site.
When a WordPress site contains malware, there are several places many places files and locations where malware can be injected. Some of the most common places include the website’s .htaccess file, javascript files or within plugins that allow write access to users. It is often challenging to identify the issue and sometimes there are multiple locations of the malware. Malware may be injected into a website through a plugin script or it may also be embedded in an iframe.
Unfortunately, we are seeing more and more of these flags on websites, especially WordPress sites, since WordPress is so widely used it’s a more prominent target. If you find yourself in this situation, don’t panic, but realize it will take a little time to rectify the situation and leave it to malware removal experts to get the job done quickly and thoroughly.