WordPress Malware Detection, Plugins & Removal
Posted on December 18, 2014
Has your WordPress site been hit by the recent spate of MalWare attacks? The recent wave of WordPress malware attacks, dubbed the SoakSoak.ru malware has taken advantage of an exploit found in the Rev Slider plugin. This plugin is very popular and in February some security concerns were identified and addressed. The reason why the soaksoak Malware has become an issue now is because end users didn’t update their plugin and we are where we are today, with tens of thousands of WordPress sites impacted with malware. Some people speculate that this malware may float around the web for years to come given how widespread it already is.
So, how can you detect this malware? What plugins should you use to sort out your site and how can you remove the bugger? Read on!
WordPress Malware Detection
If you have your site connected to Web Master Tools (and, you really should have!) then Google will notify you if/when they detect malware on your site. Once Google detects it it then puts warnings on your site like the one on the right which really isn’t great. They also add a warning to the SERPs page which will cause your CTRs to fall off a cliff. Ideally, if your site has malware, you want to detect it before Google does.
If you haven’t received a warning but want to check you can use the the Sucuri Sitetest to detect malware on your site. You can also use Aw Snap File Viewer to also test to see if there is any malware on your site, this tool can also isolate where the malware code is to make it easier to remove.
If the worst has come to pass and Malware is detected on your WordPress site then it’s time for the malware removal protocols to kick into gear! You can do it!
WordPress Malware Removal
Don’t be too daunted by the prospect of having to do some malware removal from WordPress, once you get into it it’s not too challenging and there are just a few steps you should follow.
- Contact your host to let them know you’ve found Malware. Ask them if they can help with the Malware removal or if they have any stable backups that you can roll your site back to.
- Take the site offline so as not to allow malware to spread.
- Change all passwords for e-mail, cpanels, WordPress logins etc.
- If you’ve been able to roll back then submit a request to Google via WMT to review your site and lift the malware warnings
If your host can offer you a rollback then you’re pretty much out of the woods. For malware removal a rollback is the best solution as it reverts all files to the way they were before the malware was detected. This gives you a second chance then to go and update all plugins and add any extra security as required. But, what if you can’t really go for a rollback as you’ve lots of new content that you don’t want to lose, or perhaps your host doesn’t provide that facility for malware removal? Then, we’ve got to try cleanse each file on a file by file basis, but, thankfully, there is a malware removal plugin that is phenomenal! Read on!
WordPress Malware Removal Plugins
If you have to to remove the malware using plugins the best plugin I’ve found for the job is the Anti-Malware and Brute Force Security by Eli plugin. This plugin is beyond beastly in it’s ability to remove WordPress malware and the plugin author is well on top of things. When the SoakSoak.ru malware was first detected within hours this plugin had been updated to include that threat and is now able to remove that malware completely.
Malware Removal Plugins – It’s ok to be skeptical!
I get it, you’re not convinced that a malware removal plugin (that is free) could cleanse your site. I was in the same boat until I had to use this plugin and the above steps on a few sites. Some sites had received GWT warnings which prompted us to run the tool on a lot of our client sites to keep them healthy. For every site that Google had detected a malware issue with using this plugin and the steps above sorted this issue and the sites have received the green light again from Google. Some sites were flagged by the Sucuri test site and Google hadn’t yet deteced the malware issue. This then allowed us to cleanse those sites before Google even spotted the malware. A retest on the sucuri site then showed that the Malware removal plugin had done the trick beautifully.
WordPress Malware Detection, Plugins & Removal – Preventing Better Than Curing
Like all things it’s a lot better to prevent any malware issues than having to go detect, install plugins and then remove the malware. Each malware threat comes with a few hours of research so that you can get a handle on what you’re dealing with and find a way to fix. To that end, try avoid malware – always!
– Make sure your passwords are all 100% strong by using a tool like the Strong Password Generator.
– Make sure that all your themes, plugins and core WordPress files are always up to date.
– Make sure you have some security plugins in place like iThemes Security.
– Make sure you run regular scans of your machine and any devices connected to it – inadvertently you may the source of a malware attack so important to keep your machine clean and safe.
If you follow the above you’ll reduce the chances of a malware issue on your site and you know what, that’s a good thing!
If you’ve been stung by WordPress malware I hope the above guide will allow you to get it removed and resolved quickly. If you’ve any questions please comment below or if you’d like help on your site then get in touch.
Also, if you’ve read this far I suggest you join my mailing list below and then everyone’s a winner!
Brendan Flynn
December 19, 2014 (11:40 am)
Just to let you in on something you are probably aware of the people at X Theme are posting this on the forum…”It’s been brought to our attention that some hosts are demanding users to update Revolution Slider to the latest version by a certain date. It’s unfortunate as there is a lot of misinformation floating around out there about this issue as it’s been patched in Revolution Slider for approximately 8 months now. The hosting company(ies) that indiscriminately sent out that message have shown they have not taken the time to properly investigate the issue and are making false assumptions, when they really should just be telling people to make sure to have that patched version – which has been out since April – not necessarily the 4.6.5 version that just came out
Having said all that, we will have the latest version of Revolution Slider (4.6.5) out in our next update which is due out this week. and it is always advisable to keep things on their latest available version. This should give you plenty of time to meet your host’s demands.
With automatic updates enabled, you should be able to quickly update to 3.1, at which point you will see an update notice in your dashboard for Revolution Slider 4.6.5. To receive automatic updates, make sure your site is validated. Alternatively you can update the theme/plugins manually by following the instructions in our KB.”
Robert Ryan
December 19, 2014 (12:26 pm)
Hey Brendan, cheers for reading and the comment.. Ye, true re Rev Slider.. I don’t think Theme Punch are at fault though per se.. Read an interesting article about it which was saying that it’s the success of WordPress coupled with the hubris or lack of knowledge of site owners that really resulted in the current malware mess.. And I think that’s about right.. I also think that this will be one of the last big WordPress malware threats as maybe now WP users will keep plugins/themes/core files up to date.. Especially if hosts are now enforcing that all plugins and themes are kept up to date and are stepping up their malware detection as well..