How to Recover Your Website from Malware Infection Part II

If you have determined that your website is in fact infected it is best to take it down and restore it from a known clean backup. Yes, I assume much that you have a backup but in Part I of this post I spoke a length of the value and importance of doing so but I will say it again. Backup, backup, BACKUP your website so if any issue occurs you can recover. As was said in the previous post backup your database and files. (Note: In this case, I’m assuming you have shared or managed hosting (VPS or cloud) which means you don’t need to worry about backing up the server itself. If you have your own server (physical) or unmanaged server (cloud or otherwise) you should work with a qualified provider to develop a DR (Disaster Recovery) plan that will also address this server OS and webserver configuration. For the sake of this post I assume you have shared hosting and a single hosting account (no redundancy).

Take Down Your Infected Site

Taking down your site is an important step in recovering it. Remember having an infected site up and online can damage your brand, hurt SEO/SEM (Search Engine Marketing/Search Engine Optimization) efforts, so it is imperative you remove the site and rebuild.

Change All Your Passwords

Your passwords may have been compromised in the breach so it is import to change ALL of them. This includes web Cpanels, FTP, SSH, Mysql, etc. I recommend you move to stronger authentication mechanisms such as 2-factor authentication (where applicable/possible) or at the very least stronger passwords that change frequently and the use of a password manager.

Move to More Secure Protocols

Some protocols such as FTP and HTTP have inherent weaknesses and should be avoided. Choosing to continue to use them puts your web efforts at risk so you should move toward more secure alternatives such as SFTP, SCP and HTTPS.

Restore Database

Restoring your database is different depending on the database technology involved. Again I’m assuming you have tested and validated that the contents of this database restore are clean and you are good to go.

Examine Files

If you know the particulars of the infection you are dealing with you can search for it within your CMS files to validate that your last know backup is clean. You could also review the source HTML, PHP, ASP, JavaScript, etc. manually. Sometimes a conventional desktop anti-malware solution can detect some known issues in this code as well. Once you know that the backup you are to restore is clean go ahead to the steps detailed below.

Restore Files

All CMSs have files that will need to be restored to their previous state. This often involves using SFTP to restore those files from backup.

Reinstall & Patch Your CMS (if applicable)

If you are restoring to an older version of your CMS then you should immediately upgrade it after you have restored the database and these files. You can also reinstall from scratch and patch as another option.

Test & Scan

Now that your site is back up and running you should remotely scan it for malware. Check the source and validate that you are in fact back and in a clean state. Several online services will actually scan your site for malware and vulnerabilities a few of them worth investigating are:

Free Website Malware Scan



Google Safe Browsing (Replace site= with your

Commercial Website Scan w/ Free Website Scan Option





Most hosting providers offer this now as service as well so check out your web hosting or cloud services provider to find out the options. Evolutionary IT offers this fully managed secure cloud solutions with options such as secure managed hosting, website backup, pen testing, etc.

Notify Google/Bing

See Google’s Cleaning your site guidelines which will detail all the steps to get your site cleaned and back in its search results.

Plan for the Future

Looking forward it may make sense to work with a professional organization to improve the security (better (security baked in/AKA secure coding practices) design, pen testing, backups), availability (added redundancy and fail-over) and improvement of your disaster recovery process.

There is no rocket science to keeping your site safe – just simple planning and procedures. So start these today and enjoy the peace of mind of knowing you can restore should disaster or malware infection. Remember backup and disaster recovery are all critical to surviving a malware attack on your website or elsewhere. If you’ve got questions, please feel free to leave them in comments below. If you’d like help cleaning up your site or need advise on how to avoid these painful issues, contact us for more information. As always, we are glad to help.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top