How to clean malicious code from your website?  Print this Article

If your website has been hacked and malicious content has been inserted into your files, you should clean them as soon as possible to prevent further damage to your hosting account.

Let's say that the following code has been inserted to some of your files:

<?php eval(base64_decode('malicious_code')); ?>

You have to search in all of your files for this string. Also check timestamps for file modifications that are out of place.

First you should download all files to your local PC using a FTP client.

Then, search and remove any malicious code.

Once the malicious code has been removed, upgrade all applications on your hosting account to their latest stable versions.

After your site is cleaned and upgraded:

  1. Update your computer's Antivirus software to the latest version.
  2. Run a complete antivirus scan on your local computer including all hard drives.
  3. Ensure your Operating system (Windows, Linux or MacOS) is up-to-date and all security patches are applied.
  4. Ensure your Internet connection is secure. If you are using wireless connection the only secure encryptions is wpa2. For more information contact your router vendor or ISP.
  5. Change your SiteWorx password.
  6. Change your database password
  7. Change all passwords for your web applications backend.

If your website or CMS (WordPress, Joomla, Drupal, etc) was infected, we can get your website cleaned up, determine causes(s), and help to secure your site against future attacks.

Contact us for details

Was this answer helpful?

Related Articles

How Do Websites Get Hacked?
The most common reasons for a hacked (defaced) website include: Outdated web application....
What is a Brute Force Attack and how to block it
Brute Force is a method of guessing your password by trying combinations of letters, numbers and...
How to protect your account from TRACE request attacks?
In order to protect your account from HTTP TRACE request attacks, you can add this to your...
How to block access to a specific folder?
To block all access to a specific folder in your account, you should add this rule to the...
Force SSL/https using .htaccess
You can force an HTTPS connection on your website by adding these rules in your website's...