Wordpress: malware removal and security

Modified on Tue, 16 Nov 2021 at 09:59 PM

WordPress is software designed for everyone, emphasizing accessibility, performance, security, and ease of use. The basic WordPress software is simple and predictable so you can easily get started. It also offers powerful features for growth and success.

Many websites, including our main website www.nyhost.net built on Wordpress platform. It's easy, intuitive and reliable. However, it requires constant maintenance. PHP version changes all the time, plugins get security patches and updates, even themes files frequently change. You SHOULD assign someone to keep website(s) up to date. If you build your website now and leave it for just 6 months "as is", it will compromise via outdated plugins and themes.

If you wish to secure your Wordpress site 100%, please follow our recommendations below:

1. Keep an eye on Wordpress core files. Those are being released every 2-4 months. You must upgrade Wordpress ASAP because new scripts contain certain improvements and security patches.

2. Update current theme and plugins ONCE PER TWO WEEKS.

3. Remove unused plugins and themes.

4. Install WordFence plugin then purchase Premium License. WP protection will cost only $99 per year. With Wordfence, you'll be able to secure Wordpress, monitor and fix any malware events within dashboard.

5. Avoid non official plugins at all costs. Official, verified plugins are searchable via Wordpress Plugin Installer.

6. Force HSTS (HTTP Strict Transport Security) or https://.

7. Activate 2FA (two factor authentication) for all admins. We do recommend Authy app.

OMG!!! My Wordpress site has been compromised! I see malware EVERYWHERE, even .JS files!

If you have recent cPanel backup, we can use it for site restore free of charge. NYhost does keep weekly and monthly backups on offsite servers in EU (different data center for extra redundancy). If you do not have own backup, we can search offsite servers then provide available dates (restore points). Successfull restore will cost $10 (one time fee). 

Note: NYhost.net doesn't guarantee availability of backups. You must maintain own backups on local computers or cloud storage.

Manual malware removal

Malware removal is available to all NYhost.net customers at additional cost: $300 per malware event. It does include FREE Wordfence Premium license for 1 year ($99 value). Express malware removal (same day) is available for $400. Please keep in mind that website cleaning and re-installing clean PHP scripts may take up to 48 hours. It's long, complicated process. Your patience is appreciated.

If you need any assistance with existing Wordpress project or new website, please do let us know via Online Help Center. We'll be happy to assist you at any time!

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article