Today's entry we will start with advice - how to quickly and effectively get rid of an infection on a created website, and in the second part of the article, we will learn how to prevent it.
If you're reading this entry, you're probably in a situation where your website isn't functioning as it should. It's either not working at all, redirecting to a site with very unwanted content, or certain subpages are misbehaving. Let's not hide it - such situations usually concern websites built on CMS Wordpress, and no - not because it's a flawed solution. But more on that later.
The simplest and fastest solution to such a situation is to restore the website from a backup. It requires absolutely no technical knowledge, just two or three clicks at most. At WEBD.pl, we automatically back up websites so you don't have to remember to do it, but the most important thing is to notice the infection on the website fairly quickly. Then you log in to cPanel (if you don't remember your password - we're here to help HERE).
After logging in, only two steps separate you from saving the situation and achieving ZEN. You need to find the Restore Backup option (in Polish: 'Przywróć kopię zapasową'), and then restore the files and most likely also the database from the backup (remember to choose a backup from the day when the website was working correctly and ideally both backups from the same date). In the screenshots below, we have visualized these options. Yes, yes - don't rub your eyes - backups at WEBD.pl are stored up to 6 months back. And yes, yes - restoring a backup at WEBD.pl is free. 😉
Can the problem be considered solved? Not entirely... Logically speaking, you've restored a version of the website from, let's say, a month ago - to its functional form, but vulnerable to infection. Since it has been attacked once, failure to take preventive measures for the future will lead exactly to the same critical situation. Quoting Einstein - 'Insanity is doing the same thing over and over again and expecting different results.' So let's not be insane, let's prevent. To start off:
1. Change the password for the WordPress panel.
2. Update WordPress to the latest version along with all its plugins and themes.
3. Clean up - deactivated, unused plugins are not needed, right?
So little is needed to enjoy peace of mind or, as some prefer, a functioning website.😊
Uh... We can take a breath; we have the situation under control. It's clear to us that not everyone needs to have the necessary technical knowledge regarding hosting, but they say we learn throughout our whole life, so now a few words about how infections occur and how to recognize them, even if the website is functioning 'more or less' correctly (STILL).
You're welcoming viruses onto your server, rolling out the red carpet for them, if:
- You don't update WordPress, Joomla! and other CMSs and their plugins, even though you receive notifications that you must do so, and that was yesterday.
- You save passwords in your browser for hosting resources, then click on a link you received in an email from a more or less familiar sender ('at first glance, it looked normal') and the party is over.
- You don't change access passwords to the server and site regularly (the password should be strong, not because we're all masochists 😉).
- You don't scan devices you use daily with antivirus software.
If you're reading this now and simply panicking because, well, your server password is stored everywhere and hasn't been changed out of convenience for 4 years, below are symptoms of a virus presence on the server.
- The website is running very slowly (no, it's not always the hosting's fault, it's the hacker 😉).
- The contact form on your website sends 'interesting' and definitely unauthorized emails here and there.
- Visiting your website triggers a series of alerts from the antivirus installed on your device (because you do have one installed, right? 😉).
- The website redirects to content you definitely wouldn't post, often displayed in the language of our Far Eastern neighbors.
- In the site's dashboard, you see programs you had no idea existed.
- We've blocked your site (it's not our favorite activity, more of an unpleasant necessity).
Now our dream is for the administrators of WEBD.pl to notice the traffic on the servers related to website updates, passwords, and others. Contribute your bit to making this dream come true. 😉