How do I remove malware from my website?
Malicious software (malware) is put somewhere on the site when a website is compromised, either by modifying existing files or by inserting new ones. Malware is designed to destroy your website and can be hard to detect.
If you are not familiar with how the website code looks, it is a challenge to find out what portion of the code is malware that needs to be deleted. Each hack is special, so it’s just a matter of searching at your website’s files and finding out what’s not supposed to be there.
Tip: Make sure that you have a site backup before you start removing malware. That way, in case something goes wrong, you still have all your files. You can use the File Manager to make a manual backup, or use our Backup & Restore feature.
Use a paid service to clean your site
If you don’t feel up to manually cleaning your site, or don’t have the time, using a paid service and having them clean up your site for you might be worth it. This is probably the simplest and fastest solution if you are at a loss as to where to start.
When you browse the internet you’ll find tons of choices in many price ranges. We suggest using SiteLock, a paid add-on service to which you can subscribe.
SiteLock tracks the site and checks it for known bugs on a regular basis. If malware is found, SiteLock Patch will delete it automatically. It is fully integrated with our servers and can be accessed from the control panel directly.
Check out our guide on how to get started: Set up security for SiteLock.
Remove malware from a CMS like WordPress or Joomla
- If your website is created with a CMS, then the original installation files are a good place to start because they are not corrupted and accessible for you to download.
- Get a list of all the malware-containing files. You will find it on the control panel of One.com.
Upload your CMS installation files. It must be the same version that you loaded. The files can be found here:
- Install old installations for WordPress
- Install old installations from Joomla
- Install old installations from Drupal
- Install old installations for Prestashop
- Install old installations of Opencart
- On your machine, open the installation files and compare them to the list of infected files in the File Manager.
3. If the infected file is absent from the installation files and is not part of an extension or template, then it is likely to be malware and can be completely deleted.
4. If the infected file is part of the installation file, you should overwrite it with the installation file that you have just downloaded.
5. If the configuration file (configuration.php, wp-config.php) with your database link information is corrupted, you need to make sure you have applied the login details to your database.
6. If the infected file is part of a plugin, extension, template, or other module you’ve attached to your CMS, you can uninstall the file and then reinstall the plugin.
7. You need to ensure that your CMS is updated to the latest version after you have gone through all the files and either replaced them or removed them. Your models, themes, plugins, and other add-ons are the same.
Clean malware from other files
In certain situations, if your website has been custom made, you need to delete the malicious code from the file, for example. It would be hard to know what is malware and what isn’t, unless you are familiar with coding. For one example, check the screenshot below.
- In most instances, either the top or the bottom of the file is added to the malware code.
- Malware also consists of long text strings that appear longer than the rest of the file code.
- In File Manager, we recommend editing the file because it displays the syntax in colors, making it easier to spot
- which part of the code looks out of place.
- Delete the malware from the file when you have detected it and press Save in the top-left corner.
Remove malware from httpd.private or tmp folders
Malware infected files can often end up in web space directories that are not accessible from an FTP or File Manager connection. In these instances, to be able to delete the files, you have to link to your web space using SFTP or SSH instead.