WordPress是全球最流行的网站管理系统之一。据 W3Techs 称,它为(According to W3Techs)互联网(Internet)上 34% 的网站提供支持。WordPress的流行部分归因于大量可用的插件和模板,这些插件和模板几乎可以在网站上完成任何事情。
广泛的功能也带有漏洞。黑客通常能够访问代码并用恶意软件感染WordPress站点,就像他们可能在路由器上植入(malware on a router)恶意软件一样。
恶意软件(Malware)可以感染和破坏您的网站,因此迅速采取行动从您的WordPress网站中删除恶意软件非常重要。
首先联系您的虚拟主机(Contact Your Web Host First)
在尝试以下任何建议之前,请先联系您的托管公司。主机服务器,特别是如果您在共享服务器上,可能会将恶意代码从另一个站点传播到您的站点。
在尝试从您自己的站点中删除恶意软件之前,请他们扫描他们的服务器以确保它不是罪魁祸首。此外,他们可以向技术含量较低的网站所有者就如何安全地扫描和删除其网站中的恶意软件提出建议。
一些主机可能还提供服务,他们会为您删除它。然后备份您的网站,降低将恶意软件带入备份的风险。
网络主机拥有处理恶意软件的专业知识、工具和选项,因此请先与他们核实,然后再尝试自行处理。
采取预防措施(Take Preventative Measures)
在威胁发生之前尝试阻止它们总是更好的。用户应该采取的最关键的措施是确保他们始终运行最新和最稳定的WordPress版本,即使他们只是在他们的计算机上安装测试版本。
通常会发布较新的版本来修复以前版本中发现的常见漏洞。插件和主题也是如此。让它们保持最新并删除那些你不使用的。
恶意软件可能在WordPress(WordPress)网站上造成的许多负面问题包括:
- Web和MySQL增加了对服务器资源的消耗。
- 不需要的广告。
- 垃圾邮件批量发送。
- 窃取客户和用户的个人数据。
- 从您的网站丢失信息。
- 谷歌处罚。
如果您的网站被感染或被黑客入侵,您该怎么办?在本文中,我们将概述从WordPress站点中删除恶意软件可以采取的步骤。
使用 WordPress 恶意软件删除插件(Use WordPress Malware Removal Plugins)
如果您可以登录并访问您的 WP 管理区域,您可能不必重新加载整个站点。使用合适的WordPress 插件(WordPress plugin)可能有助于从您的WordPress网站中删除恶意软件。
MalCare 安全(MalCare Security)(MalCare Security)
MalCare是一个高级插件,可以立即从您的 WP 安装中删除恶意软件。它不仅可以清理被黑网站,还可以防止未来的安全漏洞。
MalCare的众多好处之一是它会在自己的服务器上扫描您的站点。您的网站不会对其资源造成任何负载,并将继续平稳运行。
有四个定价级别,一个站点(个人(Personal))从每年 99 美元起,到 20 多个站点的Custom Agency Plus计划。
Malcare是一个全面的 WP 安全插件,包括许多附加功能,例如:
- 实时电子邮件警报。
- 跟踪小文件更改。
- 最大限度地减少误报。
WP 安全性最常用的插件之一是WordFence。它包括恶意软件扫描程序和端点防火墙。
从防止暴力攻击到防火墙阻止,WordFence 的免费版本(the free version of WordFence)对于小型网站来说已经足够强大了。
如果您想要额外的功能,例如双重身份验证、密码泄露保护和高级手动阻止,您可以购买高级许可证。定价基于您购买的许可证数量,一个起价为 99 美元。
多合一 WP 安全和防火墙(All in One WP Security & Firewall)(All in One WP Security & Firewall)
具有最多功能的免费安全插件之一是 All in One WP Security & Firewall。它使用仪表和图表提供了一个简单的可视化界面。
该插件专为初学者和更高级的开发人员设计,分为三个类别:基本、中级和高级。
All in One WP Security将通过以下方式保护网站:
- 提供文件和数据库安全。
- 增强用户注册安全性。
- 阻止强制登录尝试。
其他功能包括备份.wp-config和.htaccess文件的能力。如果他们的网站出现任何问题,用户还可以恢复这些文件。
如需所有WordPress(WordPress)安全插件的完整列表,请访问 WordPress.org(visit WordPress.org)。如果您无法登录,您可能需要重新安装整个站点。
如果您更精通技术,并在自己的服务器上运行站点,请仔细按照以下步骤操作。
请记住,备份您的网站并删除它可能很危险,并且只能由技术含量高的网站所有者尝试。
备份您的数据库和所有文件(Backup Your Database & All Files)
如果您被感染并需要从WordPress网站中删除恶意软件,请务必立即保护您的内容。在做任何事情之前,请对您的WordPress网站进行完整备份,以便在出现任何问题时进行恢复。
请务必备份 MySQL 数据库(back up a clean version of your MySQL database)和FTP帐户的干净版本。有几种方法可以备份站点,包括通过 cPanel、phpMyAdmin 和WordPress插件(例如Vaultpress)。
强烈建议所有WordPress用户定期备份他们的网站。以下步骤概述了如何从WordPress网站手动删除恶意软件。
第 1 步:检查您的文件(Step 1: Examine Your Files)
备份整个 WP 站点后,将备份 zip 文件下载到计算机上。通过左键双击打开它。您应该看到以下文件:
- 所有核心 WordPress 文件。
- wp-config.php。
- .htaccess :这是一个隐藏文件,包含(.htaccess)WordPress数据库的名称、用户名和密码。为确保您已备份此文件,请使用代码编辑应用程序或允许您查看隐藏文件的 FTP 程序。(an FTP program)请务必检查“显示隐藏文件”(Show Hidden Files)选项。
- 包含主题、插件和上传的 wp-content 文件夹。
- SQL 数据库。
第 2 步:从 Public_html 文件夹中删除所有文件和文件夹(Step 2: Erase All Files & Folders From The Public_html Folder)
当您确定您拥有网站的完整备份时,请进入您的网络托管文件管理器(File Manager)。
找到public_html文件夹并删除它的内容,除了wp-config.php、wp-content和cgi-bin 文件夹。( cgi-bin folders.)
确保(Make)您也在查看不可见文件,包括. htaccess,因为它可能会受到损害。
如果您托管多个站点,则应该假设它们也受到了威胁,因为交叉感染很常见。对同一服务器上的所有托管站点执行相同的过程。
打开wp-config.php文件并将其与示例wp-config文件进行比较。您可以在WP GitHub 存储库(WP GitHub repository)中找到此文件。
此外,请查看您的文件以查看是否有任何可疑之处,例如长字符串。如果您确定某些东西不应该在那里,请将其删除。
现在转到wp-content目录并:
- 列出所有已安装的插件,然后将其删除。
- 删除(Delete)所有主题,包括您正在使用的主题。稍后您将重新安装它。
- 查看你的上传文件夹,看看里面是否有你没有放在那里的东西。
- 删除所有插件后删除index.php 。
第 3 步:安装 WordPress 的干净版本(Step 3: Install a Clean Version Of WordPress)
导航(Navigate)到您的网络主机控制面板并将WordPress重新安装到原始位置的同一目录中。
如果您在附加域上安装了 WordPress,它将是public_html目录或子目录。(public_html)在您的虚拟主机控制面板中使用一键安装程序或快速(QuickInstall)安装(取决于您的托管公司)。
解压缩 tar 或压缩文件并将文件上传到服务器。您需要创建一个新的wp-config.php文件并输入网站备份中的数据。您只需要输入数据库名称、密码和前缀。
第 4 步:重置永久链接和密码(Step 4: Reset Permalinks & Passwords)
登录(Log)您的 WP 网站并重置所有用户名和密码。如果有任何无法识别的用户,则意味着您的数据库已被入侵。
您可以聘请专业人员清理您的数据库以删除任何恶意代码。
要重置永久链接(Permalinks),请转到设置(Settings)>永久链接(Permalinks),然后保存更改(Save Changes)。此过程将恢复 .htaccess 文件并修复您的站点URL(URLs),以便它们能够正常工作。此外,重置所有主机帐户和FTP密码。
第 5 步:重新安装主题和插件(Step 5: Reinstall Theme & Plugins)
不要安装旧版本的主题或插件。相反,从WordPress存储库或高级插件开发人员的站点获取新的下载。不要使用不再受支持的插件。
如果您对旧站点主题进行了自定义,请查看您下载到计算机的备份文件并将更改复制到新副本上。
第 6 步:扫描并从备份中重新上传您的图像和文档(Step 6: Scan & Re-Upload Your Images & Documents From Your Backup)
这一步可能很乏味,但它是必要的。在将图像和上传的文件复制回文件管理器中的新wp-content > uploads文件夹之前,请仔细查看它们。(Carefully)
使用(Use)最新的防病毒程序扫描所有文件以查看是否有任何文件被感染。使用FTP(FTP)客户端或文件管理器将干净的文件上传回您的服务器。保持文件夹结构相同,以免链接损坏。
第 7 步:通知 Google(Step 7: Notify Google)
如果您发现您的网站受到来自Google的警告的影响,您需要让他们知道您已删除恶意软件,以便他们可以忽略您帐户上的通知。
如果您已有帐户,请转到Google Search Console并登录。( Google Search Console)如果没有,请注册您的网站。
在左侧导航中找到安全和手动操作。(Security & Manual Actions)单击(Click)下拉菜单并选择安全问题(Security Issues)。
在这里,您将看到有关您网站安全性的报告。选择请求审核(Request a review)并将其提交给 Google。
How to Remove Malware From Your WordPress Site
WоrdPrеsѕ iѕ one of the most popular wеbsite management systems used worldwide. According to W3Techs, it powers 34% of all websites on the Internet. The popularity of WordPress is in part due to the enormous number of plugins and templates available that allow almost anything to be done on a website.
That broad range of functionalities come with vulnerabilities as well. Hackers are often able to access the code and infect WordPress sites with malware just as they might plant malware on a router.
Malware can infect and destroy your site, so it’s important to act quickly to remove malware from your WordPress site.
Contact Your Web Host First
Before attempting any of the suggestions below, contact your hosting company first. It is possible that the host server, especially if you are on a shared server, is spreading malicious code from another site onto yours.
Ask them to do a scan of their server to ensure it is not the culprit before attempting to remove the malware from your own site. In addition, they can make suggestions to less technical website owners on how to safely scan and remove malware from their site.
Some hosts might also offer services where they will remove it for you. And then backup your site, reducing the risk of carrying the malware into your backup.
Web hosts have the expertise, tools, and options to deal with malware, so check with them first before attempting to do it on your own.
Take Preventative Measures
It’s always better to try to prevent threats before they happen. The most crucial action users should take is to make sure they are always running the latest and most stable version of WordPress, even if they are only installing on a test version on their computer.
Newer versions are usually released to fix common vulnerabilities found in previous versions. The same is true for plugins and themes. Keep them up-to-date and remove those you aren’t using.
Some of the many negative issues that malware can cause on a WordPress site include:
- Web and MySQL increased consumption of server resources.
- Unwanted advertising.
- Spam mail sent in bulk.
- Theft of customers’ and users’ personal data.
- Loss of information from your site.
- Google penalties.
What can you do if your website is infected or hacked? In this article, we will outline the steps you can take to remove malware from a WordPress site.
Use WordPress Malware Removal Plugins
If you can log in and access your WP admin area, you may not have to reload your entire site. Using a suitable WordPress plugin may help remove malware from your WordPress website.
MalCare is a premium plugin that will instantly remove malware from your WP installation. Not only will it clean up a hacked site, but it will also protect against future security breaches.
One of the many benefits of MalCare is that it scans your site on its own servers. Your website will not experience any load on its resources and will continue to run smoothly.
There are four pricing levels starting at $99/year for one site (Personal) up to a Custom Agency Plus plan for more than 20 sites.
Malcare is a comprehensive WP security plugin that includes many additional features such as:
- Real-time email alerts.
- Tracking small file changes.
- Minimizing false alarms.
One of the most used plugins for WP security is WordFence. It includes a malware scanner and endpoint firewall.
From protection against brute force attacks to firewall blocks, the free version of WordFence is powerful enough for smaller websites.
If you want additional features such as two-factor authentication, leaked password protection, and advanced manual blocking, you can purchase a premium license. The pricing is based on the number of licenses you buy, starting at $99 for one.
One of the free security plugins with the most features is All in One WP Security & Firewall. It provides an easy visual interface using meters and graphs.
The plugin is designed for beginners and more advanced developers with its three categories: basic, intermediate, and advanced.
All in One WP Security will protect websites by:
- Providing file and database security.
- Enhancing user registration security.
- Blocking forceful login attempts.
Additional features include the ability to back up .wp-config and .htaccess files. Users can also restore these files if anything goes wrong on their site.
For a full list of all WordPress security plugins, visit WordPress.org. If you are unable to log in, you may have to reinstall your entire site.
If you are more tech savvy, and run a site on your own server, carefully follow the steps below.
Keep in mind that backing up your site and erasing it can be dangerous and should only be attempted by highly technical web owners.
Backup Your Database & All Files
If you’re infected and need to remove malware from your WordPress site, it’s important to protect your content immediately. Before doing anything, make a complete backup of your WordPress site so you can restore it in case anything goes wrong.
Be sure to back up a clean version of your MySQL database and FTP account. There are several ways to back up a site, including via cPanel, phpMyAdmin, and WordPress plugins (such as Vaultpress).
It is highly recommended that all WordPress users backup their site regularly. The steps below outline how to manually remove malware from your WordPress site.
Step 1: Examine Your Files
After you have backed up your entire WP site, download the backup zip file on your computer. Open it by left double-clicking on it. You should see the following files:
- All core WordPress files.
- Wp-config.php.
- .htaccess: This is a hidden file and includes the name, username, and password to your WordPress database. To make sure you backed this file up, use a code editing application or an FTP program that allows you to view hidden files. Be sure to check the Show Hidden Files option.
- The wp-content folder that includes themes, plugins, and uploads.
- SQL database.
Step 2: Erase All Files & Folders From The Public_html Folder
When you are sure you have a complete backup of your website, go into your web hosting File Manager.
Find the public_html folder and delete its contents except for wp-config.php, wp-content, and cgi-bin folders.
Make sure you are viewing the invisible files too, including .htaccess as it may be compromised.
If you are hosting multiple sites, you should assume they have also been compromised because cross-infection is common. Follow the same process for all hosted sites on the same server.
Open the wp-config.php file and compare it against a sample wp-config file. You can find this file in the WP GitHub repository.
Also, look through your file to see if anything looks suspicious such as long strings of code. If you are sure something should not be there, remove it.
Now go to the wp-content directory and:
- Make a list of all your installed plugins and then delete them.
- Delete all themes, including the one you are using. You will reinstall it later.
- Look in your uploads folder to see if there is anything in it that you didn’t put there.
- Delete index.php after you have deleted all the plugins.
Step 3: Install a Clean Version Of WordPress
Navigate to your web host control panel and reinstall WordPress into the same directory of the original location.
It will either be the public_html directory or in a subdirectory if you installed WordPress on an add-on domain. Use the one-click installer or QuickInstall (depending upon your hosting company) in your web hosting control panel.
Unzip the tar or zipped file and upload your files to your server. You will need to create a new wp-config.php file and enter the data from your website backup. You only need to enter the database name, password, and prefix.
Step 4: Reset Permalinks & Passwords
Log into your WP site and reset all usernames and passwords. If there are any unrecognized users, it means your database has been compromised.
You can hire a professional to clean up your database to remove any malicious code.
To reset Permalinks, go to Settings > Permalinks and then Save Changes. This process will restore the .htaccess file and fix your site URLs so they will work. Also, reset all hosting accounts and FTP passwords.
Step 5: Reinstall Theme & Plugins
Don’t install old versions of your theme or plugins. Instead, get new downloads from the WordPress repository or the premium plugin developer’s site. Don’t use plugins that are no longer supported.
If you have customizations from your old site theme, look at the backup files you downloaded to your computer and replicate the changes on the fresh copy.
Step 6: Scan & Re-Upload Your Images & Documents From Your Backup
This step can be tedious, but it is necessary. Carefully look through your images and uploaded files before you copy them back into the new wp-content > uploads folder in the file manager.
Use an up-to-date antivirus program to scan all the files to see if any of them are infected. Upload the clean files back to your server using an FTP client or the file manager. Keep the folder structure the same so you don’t end up with broken links.
Step 7: Notify Google
If you found out that your site was compromised by a warning from Google, you need to let them know that you have removed the malware so they can dismiss the notice on your account.
Go to Google Search Console and log in if you already have an account. If you don’t, register your website.
Find Security & Manual Actions in the left-hand navigation. Click the dropdown and select Security Issues.
Here you will see a report about your site’s security. Choose Request a review and submit it to Google.