Although the WordPress infrastructure has a solid structure in terms of security, it is not 100% safe from attacks. If you want your site to have a more robust structure against hacking attempts and malware / links, this article will help you. In addition, in this article, we will try to explain in a few steps how you can clean the malware and added links on your site. In order to have a problem-free site, follow the steps below carefully, and do not forget to back up your site before doing anything.
How are viruses, that are transmitted to the site, detected?
There are several ways to do this, we recommend that you use online sites. The list below contains the best sites in the world where you can scan for viruses online. After logging in to the sites, type your page link and scan for viruses. A sample scan should be as follows.
Some websites you can scan for viruses:
These sites do not remove viruses that infect your site, they only detect whether there is any malware on your site. Read the rest of the article carefully to clean the viruses on your site.
How to clean the malware or virus that infects the site?
If you have detected a virus on your site, you should clean the viruses on your site without wasting time. If you do not clean it, your links will be deleted as you distribute malware from Google and similar search engines in a very short time and your company will be adversely affected. Let’s proceed step by step to prevent this.
Step 1 – Update the WordPress engine
The first step you have to do is to re-install your WordPress infrastructure. Connect to the infrastructure of your WordPress site with the help of FTP (example: FileZilla program). Delete all the files in your public_html folder, but don’t delete the wp-config.php and wp-content folder and .htaccess file here. Then download the latest version of WordPress from the WordPress official site. Download from here: http://wordpress.org
After downloading, open the .zip file and send other files except wp-content to your repository with the help of FTP.
After this process, log in to your WordPress admin panel, it will ask for a database update and continue. In the second step, we have cleaned your WordPress infrastructure, let’s move on to the process of cleaning your theme.
Step 2 – Use the latest version of the theme you are using
The second step is actually the most important step. Make sure to check if the theme you use on your site is licensed. If you have installed an illegally distributed theme, your site will have a vulnerability that allows 80% of infected files or hacking attempts.
You can purchase any of the paid themes, which are posted on our paid WordPress themes page, and you will be able to get the necessary support from theme authors where you have questions.
The biggest benefit of purchasing a paid theme is that you have the chance to update for a lifetime. We strongly recommend that you use a paid theme on your new sites to install. If your theme is a free theme and you haven’t made much changes, my advice to you is to check the theme from where you downloaded it for any updates. If there is no update, you can download the theme from the official site and replace the files in your theme or skip this step.
Step 3 – Update the plugins you use
We recommend that you always use plugins downloaded from the WordPress.org site. Be sure to pay attention to the author’s reliability when using the free-distributed plugins in some forums. Some malicious friends can add their own sponsor links into the plugins they distribute for free, which may provide negative returns to your site in terms of backlinks. We recommend that you disable all the add-ons you use and install the new versions again. For this, you can connect to your FTP folder and manually delete the wp-content / plugins folder. Then, it will be more advantageous for you to use the add-ons you have just downloaded in this way.
Step 4 – Clean your database
This step can be a bit complicated, if you are not familiar with this topic, I suggest you skip this step. After connecting to the hosting of your site from CPANEL, click the phpMyAdmin tab and download the database file you use with an .xml extension to your computer. With the help of a notepad, check all external links except your site from here. If you did not see any link, skip this step. If you spot a link, clean up and re-import the file.
Step 5 – Check file permissions
This is one of the most important steps. Check if there is write and read permissions on folders and files on your site. After connecting to your site’s hosting with FTP, right click the files and check them from the file permissions tab. The sample structure should look like this:
Home directory public_html : 755
wp-includes/ : 755
wp-admin/ : 755
wp-admin/js/ : 755
wp-content/ : 755
wp-content/themes/ : 755
wp-content/plugins/ : 755
wp-admin/index.php : 644
.htaccess : 644
wp-config.php : 644
If your file permissions are OK this way, if not, please make the necessary updates.
Step 6 – Check WordPress users
We recommend that you to check the users on your site. After logging into the WordPress admin panel, click on the Users tab and check if any admin (administrator) has been added except you. If you have detected another administrator than you, be sure to delete them.
If you have a single-author website or blog, we recommend that you disable your site for registration. To do this, click General from the Settings tab and unchecked anyone can register.
Step 7 – Check your passwords
In fact, this is one of the most important steps. Use the constant password refresh feature on your site. Do not use your old passwords and do not create your passwords from numbers and letters that are easy to guess. Example: 123456 your name, your last name and your date of birth etc.
In addition, constantly update the password of your e-mail address you use on your site and do not make them the same password.
Step 8 – Use Akismet comment spam plugin
One of the most important plugins we recommend to our customers is the Akismet. You can easily prevent spam comments left on your site with Akismet. Download Akismet for free here: https://wordpress.org/plugins/akismet/
Paid WordPress plugins for security
If you want a more secure site, then I can recommend some paid WordPress security plugins. With these plugins, it is possible to make your site more secure against possible hacking attempts, and you can also detect security vulnerabilities on your site with them. All of these plugins are paid and offered for sale at CodeCanyon company.
1. HideMyWP Plugin
Hide My WP plugin is a plugin that allows you to hide all the folder and link structures found on standard WordPress sites. Apart from the WordPress version, it allows you to rename wp-content, themes, plugins, wp-admin and all other links and folders. With this plugin, which has reached a sales figure of over 8500+ all over the world, it is possible to reconfigure your WordPress sites in a way that prevents a possible attack.
2. Security Ninja Plugin
Security Ninja plugin detects all possible vulnerabilities on your site and provides you with a detailed report. In addition, this plugin gives you tips on how to fix all these vulnerabilities. With this plugin, which we also use on our own sites, you can detect all WordPress vulnerabilities on your sites and create a more secure site.
Last Word
If you follow the above steps one by one, your WordPress sites will get rid of all malware and you will have a safer site. If there is anything we missed, please share it with us in your comments.
If you need professional support on security, please contact us on our contact page.
