A typical website these days that tens of thousands of users a month rarely goes down due to the volume of traffic or the server hosting the website, crashing. It is most likely due to some weird abnormality like maintenance by the hosting provider deciding to swap out servers and change the IP unbeknownst to you. In that case, some DNS records need to be edited so the record points to the proper web hosting IP address.
Besides human error of not getting the memo on something like the all too common play-out of what was mentioned above, the major reason that sites go down is that the site is infected by malware. Yes, anyone using WordPress as your Content Management System or us humans, navigating the web to our most popular mom and pop website have probably encounter this situation. You are heading to a site that you are familiar with and the site redirects you another site or if you have pop-ups galore that is click bait for the unsuspecting user to click in and get their own PC infected.
How do I get rid of the malware on my website?
Website hosting services like Siteground use to provide a Site Scanner weekly report of malware detection. I’m not sure what happen to that built in service but as the web is gets more scary to surf, these services get outsourced to Website Security Platforms such as Cloudflare and Securi. Check if you webhosting service offers this built-in feature for not only detecting malware or the website being down but whether they offer to remediate the issue. The most basic Webhosting Service Packages do not offer malware removal services.
Third Party Malware Removal Service – Sucuri’s Website Security Platform (WSP) Plans
Unfortunately, malware removal from Sucuri requires an annual subscription plan. However, the Securi basic plan offers a lot of features to protect, detect, and remove malicious items from your website. The competing service is CloudFlare. These services do a heck of a lot more than just website security but we are keeping things simple in this post. I would go ahead and purchase the Securi Basic Plan, reset your credentials to your Cpanel, FTP, WordPress, and in other databases. Malware resolution can take a day or two unless you pay Securi a $100 to jump the queue. It is highly advisable that you turn off access to your website during this downtime or you could get blacklisted from search engines like Google.
Where do I go in CPanel to restrict my site from visitor access while malware is removed?
Head over to File Manager. You may see several options in File Manager
- Home Directory
- Web Root
- Public FTP Root
- Document root for Acme
Web root leads you to the folder that is required for editing .htaccess. Simply add to lines of code at the top. It’s not picky where you add it.
deny from all
deny from all allow from IP_ADDRESS
The IP_ADDRESS should be replaced with an actual IP. That actual IP is your WAN IP. WAN IPs can be discovered through a google query “what is my IP”
Securi Support Request
It’s highly advisable you place a support request with Securi support the minute you become aware of Malware and keep on them to push for resolution.
Website Protection, Malware, and other Vulnerabilities
As mentioned before secure your site with the following password resets…
- Msc Databases
However, there’s additional work to be done once the malware storm is over. I highly recommend grabbing the Securi WordPress plugin for your website and activating it to work with your $200 Securi Basic Plan. Request from Securi support that you have the firewall activated so this malware issue doesn’t keep happening. Also, definitely consider MFA for user accounts wherever possible. Finally, utilize WP TIme Capsule for backup to something like Google Drive or have your Managed IT company package all these services into one neat little package. It’s a lot, I know!!!
Website Backups and Updates
Restore from backup using the following link.
Finally, it is definitely in your best interest to update your WordPress Plugins. The head back into CPanel for updating the PHP with maybe some guidance of the Webhosting provider. DO NOT PERFORM THESE STEPS UNTIL YOU MAINTAIN SOME QUALITY BACKUPS.
How to switch to a different PHP version?
SiteGround has implemented a unique server setup that allows each customer to choose which version of PHP to use for their account. Our customers can also use different PHP versions for different directories in the same hosting account.
The PHP versions currently supported are: PHP 5.6, PHP 7.0, PHP 7.1, PHP 7.2 and PHP 7.3.
To change the PHP version in your SiteGround hosting account simply follow the steps below:
- Log in to cPanel for your account
- Go to 1H Software section -> PHP Version Manager
- Navigate to the directory you would like to change the PHP version for (note that the change will apply to subdirectories for it as well)
- Click on the directory name
- Select the desired PHP version and click Save
You can take advantage of the Managed PHP version service. This means that we will automatically update your PHP version to a newer, stable and secure one when such is available. To apply that, select the Managed PHP Version option and click Save. This will add the following handler in your .htaccess file:
AddHandler application/x-httpd-recommended-php .php .php5 .php4 .php3
This handler will ensure that your websites will always be running on the recommended PHP version without any changes on your end.
Sucuri Monitoring Alerts
It’s highly recommended to have the Sucuri WordPress Plug-in installed for you to receive ongoing notifications about what is happening with your website. However, like all monitoring alerts, the default alerts can be a bit noisy.
Some site owners like to very closely monitor certain types of access or changes. Sometimes they want this visibility for site administration purposes (for instance, to simply be aware if others who have access are taking actions), and sometimes they want these types of alerts to ensure that security hasn’t been breached. All alerts that the plugin sends are designed to notify users if an action is taken that *might* impact site security. These actions can also be benign, though if an alert is received and the site owner is certain that they did not make that change, there may be cause for additional investigation.
Make sure you go into the Sucuri WordPress Plugin and edit the alert settings.
How to get rid of “Event: Plugin Activated” notifications…
Please disable those alerts in WordPress. To disable these notifications, please follow these steps:
1) Log into your WordPress admin account.
2) Once on the WordPress dashboard, click on to the Sucuri Plugin.
3) Then, click on Settings.
4) On the upper side of the screen, click on Alerts from the menu bar
5) Under the ‘Security Alerts’, uncheck the option “Receive email alerts when a plugin is activated”
6) Click on Submit.
For extra security, point your website (DNS A record) address to the Securi firewall. SSL Certificate
More Securi Details
– The Securi Protection Platform is the Web Application Firewall and Intrusion Prevention System. Includes CDN capabilities as well as virtual patching of known threats.
More info here: https://sucuri.net/website-hack-protection/
& here: https://sucuri.net/website-performance/
– The Securi Monitoring Platform is a dashboard with full scale inventory management control, notifications of IoC (indicators of compromise) system update notifications using both remote and server side scanning. Also has IP whitelisting and Geographical Blacklisting controls.
More info here: https://sucuri.net/malware-detection-scanning/
– The Securi Response Platform is their Incident Response Team of unique and highly qualified professionals that clean websites. Securi support removes SEO spam, blacklisting, malware, back doors and much more.
More info here: https://sucuri.net/website-malware-removal/
Based on our conversation today I believe one of our 3 WSP Plans would be the best option for your website
– Unlimited website cleanup remediation and blacklist/warning removal services
– Includes Web Application Firewall with CDN, virtual patching and caching options
– Includes our remote and server side scanning monitoring system for optimal notifications
– All WSP plans require you pay for one year at a time and renew services annually
Website Down Support Summary
Securi isn’t the only game in town for removing malware. By all means if you have the resources to go to your FTP, download the code, scan it, and re-upload it. Then make it a DIY project. This is more of a get it done right and now service. Make sure you take a moment to follow these post clean-up instructions. This is important to ensure that your website does not become reinfected.
1) Change all admin passwords associated with the website (FTP, admin dashboard, cPanel, etc.)
2) Ensure that all software is up to date (CMS, plugins, themes)
3) Run an antivirus scan on your computer
4) If you haven’t already, put your website behind a firewall
5) Remove any old/backup copies of your website that you may have on your server
6) Remove any unused plugins, themes, and pages on your website. By reducing your website’s attack surface, you can greatly reduce your chance of reinfection.
7) Review your authorized users (in your admin dashboard) and remove any that are unexpected or unused
Support Request Cheat Sheet.
FTP Host: siteground271.com
Hostname hosting IP: 35.x.x.x
FTP User: name
FTP Pass: xoZZ6eO2ksDZtEK
FTP Port: Default port
Make sure the support team has all this information.