Today, we have received a report of malware on the WordPress site by an anonymous client. The malware has been identified, cleaned and the site is made secured by our Team gracefully.
The alert email was sent by Google’s Ads Team. Following is the message received by Google.
Here is how the suspicious code looks like
These requirements apply to your ads and any software that your site or app either hosts or links to, regardless of whether the software is promoted through the Google advertising network. The following isn’t allowed:
Malicious software or ‘malware’ that may harm or gain unauthorized access to a computer, device, or network
Examples (non-exhaustive): Computer viruses, ransomware, worms, trojan horses, rootkits, keyloggers, dialers, spyware, rogue security software, and other malicious programs or apps
How to prevent malware attacks on WordPress websites
Check the status of your site in the Google Search Console. If you haven’t used Search Console before, enter the URL of your website and click ‘Add a property’ to see its status. You may need to verify that you own the site.
If the Search Console doesn’t report any problems, your site could still have security issues that were detected by Google Ads. Consult with your webmaster or web hosting provider to investigate further. Learn more about how we identify malicious or unwanted software.
Removal of Malware or any unwanted software.
Google provides resources and instructions to help you fix your site through Help for Hacked Websites. If you can’t fix the ad’s destination, update the ad with a new destination that complies with this policy.
Edit the ad.
Editing the ad will resubmit the ad and its destination for review. Most ads are reviewed within one working day, but some can take longer if they need a more complex review.Email sent by Google ads team. They have blocked all the ads and send this email.
How to fix malware on WordPress – 6 Steps To Remove malware from WordPress site
As a security expert, we understand the risk of losing and compromising the data so here are a few steps that we did to remove malware from the affected WordPress site or how to fix malware on WordPress.
- Change the admin passwords straight away because there is a chance of a data security breach.
- Check the files and directory permission, that should up to the WordPress recommendations.
- Understanding the damage (infected files, database, security breach) and prepare a backup plan with proper execution is essential. There are chances that important data gets deleted or corrupted during malware fix, so backups will save you from real damage.
- Identify and remove the suspicious files from the root, wp-content, wp-includes, index.php, .htaccess, and all other files.
- Further, after making sure that WordPress files are restored to its original state and no unnecessary file existed on the space, you are good to go.
- Now make sure every plugin and theme is upgraded, this is very important for maintaining the site security. In many cases, the core update or plugin upgrade releases do not just feature releases but can be a security release too. So we should upgrade the plugins, themes, and core WordPress as early as possible.
You can hire Salam Experts services for the regular maintenance and upgrades and if you need technical assistance in removing the malware from the website. Feel free to contact us. We will be in touch with you within a few minutes.