There are many sources through which a virus can infiltrate a website; below are just the most common and general cases:
- through the CMS due to errors and vulnerabilities made during development
- through a hacked theme (template) of your website
- through additional modules and plugins used on the site
- due to unauthorized access to the administrator’s login and password
- due to unauthorized access to hosting or FTP connection credentials
- due to server infection caused by hosting administrators
- if the administrator’s computer is infected, viruses may infiltrate the site during login to the admin panel or connecting to the server via FTP
How to check if the website is infected with a virus
- a message about virus detection appears in the search engine’s Webmaster panel
- when finding the site in the search engine, a warning about the site being infected appears when trying to access it from the search results
- if antivirus software is installed on the computer, a message about a potential threat appears when visiting the infected site
- hosting services with antivirus software send notifications to the site administrator about the detection of viruses on one or more sites in their account
Cleaning the site from viruses and removing dangerous code
The methodology and sequence of actions for cleaning websites from viruses and subsequent protection from hacking depend on each specific case and the damage the virus has caused to the site at that moment.
Some viruses do not damage the content and structure of the site; for example, a virus may send spam or load additional advertisements, while other viruses can seriously harm the site intentionally or due to incorrect infection processes (not following the method intended by the hackers).
Sequence of actions for cleaning the site from viruses
1. Determine the source of infection
This is a very important and quite complex process that depends not only on the treatment of the site from viruses but also on the subsequent antivirus protection of your resource.
Identifying the source of virus penetration can be aided by:
- studying server logs
- checking FTP connection statistics
- finding infected files and comparing their modification dates with the aforementioned logs (this does not always work, as the date of the last file modification may be artificially changed)
- checking for the presence of additional users in the database with administrator rights or equivalent capabilities
2. Deleting infected files
Infected files should not be confused with the source of infection. The source of infection is the path through which viruses penetrate the site, while infected files are the consequence of viral infiltration on the hosting.
Finding infected files can be aided by antivirus software on the server (if it is installed on the hosting) and checking the local copy of the site with antivirus programs like AI-Bolit.
3. Preventing virus infiltration into the site
Protecting against subsequent infections is extremely important, as simply cleaning the site on the server or uploading a clean local copy will not help if only the consequences are removed and not the cause of the infection.
Antivirus protection and prevention for the site
- Choose a reputable hosting service with antivirus protection
- Check the computer you use to access hosting and connect via FTP with antivirus software that has up-to-date signatures
- Change the current passwords for hosting and FTP
- Change the passwords for all users with administrator rights on the site
- Change the database password (if you find malicious users or data). Remember to update the password in the config file
Remember, there is no universal remedy for treating and protecting a site; each case requires detailed analysis, but the tips above will help you establish the correct action plan when detecting viruses on the site.
SEO Specialist Tip: Infection of a website with a virus will always have negative consequences for SEO promotion. The flow of organic traffic will cease immediately after a notification about the infection appears in search engines. However, site metrics may begin to deteriorate even before the search engine detects the infection—for example, users may be redirected or content from other sites may be loaded along with the main content, significantly slowing down the site’s loading time, complicating usability, and degrading behavioral factors. Therefore, at the first suspicion of a virus infection on your site, take the measures described above.
