Malware on WordPress

We recently had a client contact us about a WordPress website they were not able to log into and asked us to troubleshoot and repair the site. On our initial inspection we discovered not only could they not log in but the entire site was down.

After getting access to their hosting provider (whom shall remain nameless) we set up a new FTP account. When we looked at the files there were numerous .PHP files that had been renamed with the suffix .suspected. We tried renaming the plugins folder but that made no difference. We ended up deleting everything on the site except the wp-contents folder and the wp-config.php file. Then we uploaded a fresh WordPress installation. Next we added the plugins back in 1 at a time with the exception of one folder which was named “normalstiil” that was in the plugins folder. The client didn’t recognize the name and it turned out to contain a file named bouncer that was infected with a virus.

The end result is that we were able to get the site back up and operational without losing any of the clients’ data. If you manage your own WordPress website you should review your site on a regular basis. This particular website had a ton of spam in the comments (which we deleted and then turned comments off) and had some posts the client didn’t make. Reviewing your site on a regular basis improves your odds of being able to ward off potential trouble.

About Team 218 Web Services

Web Design & Development, Website Redesign, Local SEO, Organic SEO, and Evaluation - that's what we do. We've been creating software and building websites since 2004. We make our clients look GREAT online. We're here anytime you need help. No high pressure tactics or obligation - just honest, ethical answers. We are Website Problem Solvers. Let's solve yours!