Guide to Remove Malware from Your WP Engine Website
A web host is a fundamental requirement for any website on WordPress.org. So what do you do when it is WP Engine, your own hosting provider, that suspends your site?
A web host is the place where your website is located. When a hacker attacks your website, he or she makes changes in your website scripts. Depending on the type of hosting your website is on, your infected website might pose a threat to the other websites on the same network as in the case of shared hosting. This risk is significantly reduced in dedicated hosting, however, your visitors still face the danger of getting infected too.
Unlike what some people might think, hacks are not the fault of WordPress. Getting hacked is one of those constant dangers of owning a site. No platform or software is completely safe.Security can never be absolute because it’s dependent on a number of interconnected factors. There are signs which warn you of malware on your website:
- Security plugins send an alert.
- Blocked from WP Admin dashboard.
- Irregular traffic spikes on site.
- Visitors complain about being redirected to a different site.
- Site advertises random links.
- Google blacklists website. (We have a guide for removing Google Blacklist Warning here.)
- Browser warns of suspicious activity on site.
- Security scan indicates malware presence.
- WP Engine takes site offline.
If your site is suspended by your web host WP Engine, the first call of action must always be to contact them. Hosting providers will offer assistance as much as they can.
In this guide, we will walk you through all the steps to recover your hacked and suspended WordPress site.
1. Stay Calm
The emotional toll of watching all that you built brick by brick, crashing down in front of you is devastating but all is not lost yet! While it is natural to feel overwhelmed, rash decisions can play out terribly. So stay calm and follow each step correctly to get your site back online in no time at all.
2. Change WordPress Password
Whenever you suspect your social media accounts like Twitter or Facebook is being used by someone else, you change passwords, right? If you still have access to your WordPress dashboard, that’s exactly what you should be doing. You can also replace your email address and use the recovery function.
3. Reset Administrator Password via phpMyAdmin
If you cannot login to your WP Admin dashboard, the hacker has probably blocked your access to it. The good news is, you can still salvage your database by changing your password inside the website database using an admin tool phpMyAdmin.
4. Update Website
40% of the website hacks occur due to an obsolete plugin or theme script. Older WordPress plugins, themes and Core are more vulnerable to injections and modifications made by hackers. Updating your website will narrow down your problems to a great degree.
5. Scan for Malware
Install and run a full malware scan on your website. Make sure that the scanner is of high quality because hackers can infect a website with malware that appears similar to your own website files. Scanning your site should uncover all the malware on your site. You can use WordPress malware removal plugins as well.
6. Replace Compromised Files
A simple fix is to delete and replace files with original, that is, prior to the hack versions of the files. Note that it might be difficult to place the exact timeline of the hack, and select the correct versions to rollback to.
You can replace WordPress core files with a fresh install, without breaking your site. As long as the wp-content folder stays intact, everything should be able to go back to normal.
Either way, cleaning up the infected files will take a lot of time and effort overall.
7. Restore from Backup
Restoring your website from your backups is only possible if your regularly backup your site. In fact, if you have website backup, recovering from a hack can be as simple as picking the right backup version and restoring it.
8. Re-scan for Malware
This step is just to make sure that there is no malware remaining on your site. If you do find malware again, follow the previous two steps. There might be a backdoor in your website which is reinfecting your website over and over again. Identify and remove this rogue script as well.
9. Use a Web Application Firewall
A Firewall can help block IP and bots which can do you harm. Security Firewalls block certain kinds of network traffic, forming a barrier, guarding against IP which send malicious or suspicious requests.
10. Harden your site Security
Securing your website means minimizing the chances for another hack from ever happening again. While there can be no absolute guarantee, you can do your best to reduce the chances for a worst case scenario from occurring.
Check User permissions
WordPress user roles exist to control what users can or cannot do once they log into the dashboard. Administrator rights should only be given to people you explicitly trust. For that reason, after a hack, it’s a good idea to have a look around the Users menu to see if there is anything suspicious in the list, like an administrator user you don’t recognize.
Change SALTs (Secret Keys)
Secret Keys encrypt information in cookies with hash. If someone logged into your site recently, they still have access to it. Replacing the secret keys on your wp-config.php file will help you disallow the hackers access to the backend. Upon changing the salt, everyone who’s logged in will immediately be logged out from the site.
Change all other Passwords
Changing your WordPress passwords is not enough. If you suspect malicious activity via any login portals, you have to change the passwords of the following too.
- WP Engine Hosting admin back end credentials
- FTP login
- MySQL database password
- Admin email address
11. Contact WP Engine Web Host
Now you need to craft a great email detailing everything you did for securing your website. Explain to WP Engine that you have handled every possible security issue over an email and voila! You should have your website back online soon.
Now you have to work to Rebuild your website, the right way, this time. You have secured, updated, and protected you site, but to tie up the loose ends you need to make sure everything is working in the way you want it to.
Do I have any other option?
Imagine you could have most of the above steps done for you in a few clicks! Wouldn’t that be The Dream? Well many have described MalCare as their go-to Security service precisely for that reason. MalCare goes above and beyond to provide you with powerful security features, combined with excellent technical support. That way, you are not left helpless no matter what security measure you want to implement.
MalCare is a WordPress Security plugin that offers daily Intelligent 100+ signal deep scanning and one click cleaning, along with a whole host of awesome security hardening, powerful login and firewall protection features. With MalCare you can automatically keep track of active, inactive and updated themes and plugins.
Jajwalya is a WordPress enthusiast, and enjoys sharing their experience with fellow enthusiasts. On the MalCare blog, Jajwalya distils the wisdom gained from building plugins to solve security issues that admins face.