Dealing with Malware Infections (Firstserv Guide)
A malware infection can be a serious and sometimes complex issue. In some cases, it may be best to seek assistance from a developer or security specialist to fully clean your site and prevent further compromise.
Initial Steps to Clean an Infected Site
1. Remove or Replace Infected Files
- Delete any malicious files identified
- Replace critical files with clean versions from:
- Recent backups (e.g. JetBackup)
- Official sources (CMS downloads, plugins, themes)
✅ We strongly recommend keeping your own independent off-site backups in addition to server backups.
2. Update All Passwords
Change all access credentials, including:
- cPanel login
- FTP/SFTP accounts
- Email accounts
- CMS admin accounts
- Database passwords
✅ Use strong, unique passwords for each account.
3. Update Your Website Software
Ensure all components are fully up to date:
- CMS core (WordPress, Joomla, Drupal, Magento, etc.)
- Plugins / extensions
- Themes
⚠️ Where possible, remove and reinstall plugins/themes using fresh, verified copies rather than updating existing files.
4. Update PHP Version
- Use the latest supported PHP version available in cPanel
- Newer versions include important security improvements
Database Considerations
More advanced malware infections may affect your database, not just files.
Your Options:
- ✅ Clean the database manually or via a professional service
- ✅ Restore from a known clean backup
Important (E-commerce & User Data)
If you restore a database:
- Any data created after the backup (e.g. orders, user submissions) will be lost
✅ In these cases, professional cleaning may be preferable to avoid data loss.
Compliance Considerations
If your website stores or processes personal data:
- You may be required to report a breach to the Information Commissioner’s Office (ICO)
- Review ICO guidance to determine if your incident is reportable
WordPress-Specific Cleanup Steps
If your site runs WordPress:
Core Security
- Update WordPress to the latest version
- Change all passwords (including database credentials)
User Accounts
- Review all users
- Remove any unknown or suspicious accounts
- Reset passwords for all legitimate users
Security Keys (Salts)
- Update your WordPress salts in
wp-config.php - Generate new ones from WordPress.org
Plugins & Themes
- Remove unused plugins and themes
- Reinstall all plugins and themes from trusted sources
- Ensure everything is up to date
File Review
- Check for unfamiliar or suspicious files
- Work with a developer if unsure what to remove
Investigating the Cause
You may be able to identify how your site was compromised by reviewing server logs:
- Look for unusual POST requests
- Pay attention to unexpected activity targeting PHP files
✅ This can help prevent reinfection.
Ongoing Protection
Even after cleaning your site, additional protection is recommended.
Security Tools
Consider using a web application firewall (WAF), such as:
- Wordfence
- Sucuri
✅ These tools offer:
- Malware scanning
- Firewall protection
- Ongoing monitoring
Important Notes
- No single security solution is 100% effective
- Ongoing maintenance and updates are essential
- Regular backups remain your best recovery option
Summary
To recover from a malware infection:
- Remove or replace infected files
- Update all passwords
- Update your CMS, plugins, and themes
- Use the latest PHP version
- Address any database issues
- Investigate how the attack occurred
- Implement additional security measures
If you need help assessing or responding to a malware issue, the Firstserv support team is available to assist and advise on next steps.
WGS AI Assistant