All articles, Business, Web Hosting Tips, Websites and e-commerce

How to clean the site from viruses and eliminate the consequences of hacking

How to clean the site from viruses and eliminate the consequences of hacking

Today, hackers around the world are successfully intruding into all kinds of websites. Websites made on WordPress are most susceptible to hacking, regardless of what web hosting they are on.

This problem has reached a high level of danger, so in this article, we will talk about the actions to be taken in the event that your online resource on WordPress, Joomla, Datalife, or any other popular engine has already been hacked.

The cause of the intrusion

First of all, you need to understand the reasons for hacking sites. Any Internet resource (popular or not, new or old, profitable or unprofitable) can bring potential benefits to the attacker, as hacked sites can serve for:

  • sending out spam;
  • sending visitors to the resource to other sites (e.g., for phishing);
  • spreading viruses to user computers and stealing their data;
  • hacking websites of other owners;

And that’s not all. Most often, sites are hacked in groups and automated mode. The robot travels the Internet in search of sites with certain vulnerabilities, scans them, and begins the process of hacking.

In addition, some sites are infected in the process of creation, when unscrupulous programmers use in their work-free technologies taken from unverified sources. Hackers often infect free modules and put them on the Internet as bait.

Therefore, questions like: “Why was my site hacked?”, “Who on Earth needs my Internet resource?”, which asks the owner of the site after the intrusion, does not have a specific answer.

Signs of breaking the security

At first, you may fail to notice the intrusion, because at first glance all the sites will function normally. Therefore, it is necessary to learn how to define it. The most obvious sign of hacking is that there is an image of hacking on the site. Besides, there are other signs, including:

  • the appearance of unknown files in the directory containing the site;
  • the appearance of foreign code in the body or files of the site;
  • when logging on to the site from a computer or mobile device you are redirected to another site;
  • when you log on to the site, a “conflict” occurs between browsers and anti-viruses, as a result of which the site is marked as dangerous.

In the presence of the above features on your site, you can be certain that it has been hacked. Most often such popular engines as WordPress, Joomla, Datalife, and others will be broken. It should be noted at once that eliminating the local consequences of hacking has no sense – deleting an alien file from the root directory, removing the iframe from the template, and removing new code from .htaccess – are fruitless.

After you have deleted “everything”, the symptoms will appear again within a few hours. The owners of the sites tend to blame the hosters, although, as a rule, the latter is the last one to be blamed. The intruder automatically obtains all necessary data to re-access the site if at least one malicious file remains on the account. Below we will tell you what you need to do to completely get rid of the virus.

The consequences of breaking

The negative consequences of unwillingness to act can vary a lot, namely:

  • the ban by search engines;
  • reduction in the level of attendance;
  • receiving complaints about you to the authorities (when redirected to a fraudulent site);
  • blocking of hosting (in case of account spam or attack on other sites).

Obviously, you do not need it. So, try to quickly solve a problem by organizing a timely cleaning of the account.

to do?

The complexity of account cleaning is the need to completely remove all malicious files and foreign codes since the removal of only one of them mean that the attacker will continue to be able to freely access your site.

It is fine if at the same time you will have a healthy backup on which there are no signs of hacking. After all, with the same sequence of steps backup facilitates your work.

Step 1. Saving the necessary information

First of all, you should save the database. It is impossible to infect it with a virus (the exception is such a trifle as inserting a code into the news, which, as a rule, happens very seldom). Verify that the uploads and image folders do not contain PHP or any other type of executables.

Save all other files in such folders. However, remember that the chances of the virus getting back to your site increase if more data is saved. So, keep everything to a minimum. You can use your healthy backup if it suits you completely.

Step 2. Global cleaning of the active host account

Next, you need to delete everything. Write to the hoster about your desire to bring the account to its original state as after the usual removal of files from the folder with the site, you can forget them elsewhere, which means doing monkey business.

Step 3. Recovery

If you have a backup, upload it. And then update to the latest version of the distribution engine.

In the absence of a backup, you need to download the latest version of the distribution from the official site of the engine. You also need to upload the template, database, and each saved file, after checking everything manually and with the help of an antivirus.

Step 4. Protective measures

One of the most important steps is the last stage, the purpose of which is to avoid repeated hacking. To achieve this goal, it is necessary to:

  1. Add a complex password on the admin’s part. Remember that thousands of passwords are daily hacked by the usual brute force dictionary.
  2. Protect access to the admin part with a captcha or Google captcha.
  3. Change the address of the access to the admin part from standard to unique.
  4. Update the engine to the latest version and continue doing it regularly. Beware that open-source software may keep breaking down, and one of the purposes of updates is to regularly plug holes.
  5. Update all site extensions to the latest version. Often it is vulnerabilities in plugins that cause hacking.
  6. Look for security plugins on the search engine and install them. We will not advise any specific plugins as each engine has its own plugins, with which you can secure the site.


Your site, after having been hacked once, is now at risk, so you should make every effort to protect it. To prevent repeated hacks, activate the remote monitoring system, which will monitor the versions of your site files, and, if necessary, apply automatically and roll the site back to a working state.

Sitelock is a good and inexpensive protection system. The service is ordered as a regular hosting package for a period of one year with a subsequent extension:

If you want to say goodbye to problems in a long run, try to do everything as it should!

We also recommend you use these tips for those customers who have not faced this problem yet but who want to protect themselves for the future.

Refer to consultants of our technical support at and you will get answers to questions you may have. We can also recommend specialists for the treatment of your Internet resources against a variety of viruses.