How to clean malicious code from your website?

If your website has been hacked and malicious content has been inserted into your files, you should clean them as soon as possible to prevent further damage to your hosting account.

Let's say that the following code has been inserted to some of your files:

<?php eval(base64_decode('malicious_code')); ?>

You have to search in all of your files for this string. Also check timestamps for file modifications that are out of place.

First you should download all files to your local PC using a FTP client.

Then, search and remove any malicious code.

Once the malicious code has been removed, upgrade all applications on your hosting account to their latest stable versions.

After your site is cleaned and upgraded:

  1. Update your computer's Antivirus software to the latest version.
  2. Run a complete antivirus scan on your local computer including all hard drives.
  3. Ensure your Operating system (Windows, Linux or MacOS) is up-to-date and all security patches are applied.
  4. Ensure your Internet connection is secure. If you are using wireless connection the only secure encryptions is wpa2. For more information contact your router vendor or ISP.
  5. Change your cPanel password.
  6. Change your database password
  7. Change the passwords for your web applications backends.

If your website or CMS (WordPress, Joomla, Drupal, etc) was infected, we can get your website cleaned up, determine causes(s), and help to secure your site against future attacks.

Contact us for details

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

What is a Brute Force Attack and how to block it

Brute Force is a method of guessing your password by trying combinations of letters, numbers and...

How Do Websites Get Hacked?

The most common reasons for a hacked (defaced) website include: Outdated web application....

Force SSL/https using .htaccess

In order to redirect your website to be opened through HTTPS, you should add the following...

How to block access to a specific folder?

To block all access to a specific folder in your account, you should add this rule to the...

How to protect your account from TRACE request attacks?

In order to protect your account from HTTP TRACE request attacks, you can add this to your...