When malicious code is detected there on a website, there’s a certain urgency in clearing up the code. In most cases, it’s not possible to continue with Google and Facebook advertising, and in more serious cases, the customers might even be directed to external websites, causing damage to the user experience and the image of the brand. In acute cases where the damage is ongoing, the website is marked, and organic promotion is damaged for long periods of time!

Clearing a Hacked Website from Malicious Code

When a website is hacked, it, unfortunately, affects all of it. It’s almost never just a single file. The hacks are mostly done when the website administrators did not properly maintain the system and did not update the security software when new updates were available. Therefore, we almost always recommend performing a step-by-step scanning process that includes several essential steps:

ask us anything! its free 🙂

    1. Alignment – shut down security loopholes through which the intruder hacked in the first place.
    2. Security improvements – adding new security layers to identify security loopholes.
    3. Initial scan – identifying a code and removing it in a thorough scan (does not identify every problem).
    4. Extended scan – code detection and removal in a targeted scan (according to the type of hack).
    5. Human scanning – going over code files according to the hierarchy by a person.
    6. Damage reduction – cleaning and neutralizing the side effects of being hacked.
    7. Delivery of a clean site back to the client.

    Below is a slightly more detailed explanation of the steps above.

    Alignment For Website Integrity

    The first thing that has to be done is to neutralize additional risks. We must perform a full alignment over the website. In other words, we must ensure that the website meets the highest standards:

    • Updating the website system – make sure it is the latest version of the system.
    • Updating the website design – make sure it is the latest version of the design template.
    • Updating the website plugins – make sure that all the plugins on the website are updated and maintained.

    Only when everything is up-to-date and works properly could you move on to the next stage in the process.

    Improving Website Security

    The site was probably hacked because of a non-standard add-on or because the system was not properly maintained. But even then, we don’t expect to be attacked just like that. We want to ensure that even if we miss some stuff, we can still feel safe and sound. That’s why we should install detection, monitoring, and security control tools for the website.

    We mean it, ask us anything!

      Improving the security on the website will usually include adding a firewall, adding a CDN, adding two-step verification, changing the login address to the management panel, and a variety of other actions that hold the attacker a little further away from the point of intrusion.

      Initial Scan to Identify Loopholes on the Website

      In the first step, we will perform a quick scan. This scan looks for and finds files that appear in known directories but shouldn’t be there. If, for example, there is a file in the system’s base directory, but this file is not recognized by the system plugins or is not recognized by the system core, the system will alert us so that we can check it.

      Besides that, the initial scan should identify whether there are changes in known files that may indicate the source of the hack. For example, an unusual code structure that does not fit the structure of the website and/or external sources and/or to the database – things that should not be on a standard website.

      Extended Scan to Detect Malicious Codes

      There are quite a few cases where we detect only some of the hacks in the initial scan. For example, sometimes we receive a warning from Google that there is malicious code on the website, but we scan it over and over and cannot find it.

      In these cases, it’s usually an add-on that attracts the hack from an external source (a code scanner will not detect it) or that the source of the hack is from a window that was manually embedded in the website’s content (iframe) and affects the visibility of the website, even though the website itself is not necessarily hacked, but rather the external website is the one that was hacked, and that affects us, too.

      Personal Scanning for Malicious Code

      There are super exceptional cases in which no scan finds the source of the website hack. In these cases, we go further and scan the server and directories outside the website itself. That is, we start the personal scan by going over the code file by file that are in the ROOT directory of the server.

      In quite a few cases, specifically in external libraries, we will find the same link that makes the website refer to external sources or the code that allows the attacker to come back to our system repeatedly.

      Reducing Damages from the Website Hack

      If you fix a hacked website quickly enough, the damage is proportional and goes away quite quickly. On the other hand, if too much time has passed, the search engines will identify the website as a risk factor for users, because the cleaning does not repair the damage that has already been caused!

      Sometimes we have to search the system for pages that were created (sometimes virtual pages that only Google sees…) and remained even after cleaning the website and returning it to normal operation. In these cases, we contact Google in various ways and perform other extensive actions to reduce the damage.

      In Conclusion,

      Everything can be broken. Everything can be fixed. But time has a significant value in these cases. If your website has been hacked, it is recommended not to wait too long, and repair in real-time to reduce the extent of the damage as much as possible!