How to regularly remove malware from website?
May 21, 2019 10:23 AM   Subscribe

I installed Wordfence on my Wordpress website (free, not paid yet). Am I supposed to just delete the files they say are bad?

So my previous hacking experience turned into a 2 week disaster, and I'm still dealing with it. I finally got everything back to mostly normal. I installed Wordfence and it sends mw warnings of what they 'think' are malicious files. It gives me the choice to ignore or remove.I don't know enough to assess whether these files are actually bad or word fence is misreading them, so I don't know if its safe to remove? How do I figure this out and learn how to identify malicious files? Thank you.
posted by Vaike to Computers & Internet (2 answers total)
Are we talking a lot of files or a handful? Can you shell into the server and rename them / move them to a quarantine directory & see if anything breaks?

Can you give some examples of the file names that it says are malicious?

If it were me, I'd do a complete backup and reinstall - but if you're trying to clean the existing install, I'd do this:

Get a list of files Wordfence is recommending you remove. Shell into the server, create a quarantine directory outside WordPress that is not world-readable or writeable, and shouldn't be displayed online / accessible via the Web. Move any questionable files into that directory. See if anything breaks. Nuke the directory if it's suspicious. You can also look at the files' ownership information, timestamps, etc. and see if any of those provide clues as to whether they're malicious or not.
posted by jzb at 1:26 PM on May 21, 2019 [1 favorite]

Also, after this round, you shouldn't have to "regularly remove malware" from your website if you keep Wordpress up to date (or if your web host keeps it up to date). If you do, then you have a bigger problem that needs to be addressed.
posted by Umami Dearest at 12:30 AM on May 22, 2019 [4 favorites]

« Older Buying time to sort things out   |   Barring therapy, how do you isolate your family... Newer »
This thread is closed to new comments.