What to do after your site has been cleaned of malware

The following steps should be following after an account has been cleaned of malware in order to prevent re-infection.

Please note that we can not guarantee a free cleanup in case of re-infection if the following steps have not been completed.

1. Update your web site software. Whether you're using Wordpress, Joomla, Drupal or any other tool you'll need to update its core version, as well as its plugins themes and extensions. You may need to contact your webmaster for this or get in touch with our team to request our professional Webmaster Help service.
2. Change all your passwords associated to your hosting account: cPanel, FTP, Email, and Client Area

3. Change your administrator password for your CMS (Wordpress, Joomla, or other). Double-check any additional users in your system to ensure that they're valid, and delete them otherwise.

Joomla instructionshttp://docs.joomla.org/How_you_reset_an_administrator_password%3F
WordPress instructionshttp://codex.wordpress.org/Resetting_Your_Password
Drupal instructionshttp://drupal.org/node/44164

4. Change your database password. To do this, you will need to create a new database user from the MySQL section of your cPanel. Don't forget to set proper permissions for that user to your database, and then delete your original user. Afterwards, update your software's configuration file. Common examples are:

Joomla: change parameter $password in file configuration.php in the root folder of your Joomla installation
WordPress: See http://codex.wordpress.org/Editing_wp-config.php
Drupal: Update file settings.php which is normally found in folder sites/all or sites/default

5. Scan all the workstations that had access to your hosting account with an updated antivirus. An infected workstation could potentially infect your web hosting account in certain situations.

6. Complete a full backup of your hosting account once everything has been cleaned, and start performing regular backups of your site whenever you make an important change. Store these backups on your local hard drive.

7. Clean up your account by removing old or unncessessary files, software, email accounts, subdomains, etc. Old scripts tend to have vulnerabilities and may be the cause of the initial infection even though they are not actively used on your site.

8. Update the version of your site software to the latest available version at least once per month.

9. If you haven't already done so, subscribe to Web Hosting Canada's SiteSafe Protection service for daily scans of your site and rapid malware removal in case of infection.

Article ID# : HC6011

Was this answer helpful?