STEP 1: Determine If Your Site is Infected with Malware
I certainly don’t want you hastily going through these steps if you are not infected. So make sure you are actually experiencing one of the symptoms mentioned below before going through the remaining steps.
Symptoms of Malware on Infected Sites
- Errors that contain the following string: counter-wordpress.com
- Chrome or Safari browser warnings that read – “www.yourdomain.com contains content from counter-wordpress.com, a site known to distribute malware. Your computer might catch a virus if you visit this site.“
- Desktop virus software claims your site is unsafe or has a virus.
- Browsers or web scanners report that your site is infected with malware. Check the Sucuri scanner to determine site status. You can also check Google Webmaster Resources to determine if you’re site is infected. In addition, some browsers such as Chrome will give you a message indicating malware exists on the site.
- New files show up in your wordpress installation that were not there before. Usually, these have non-descriptive names – a list of filenames I’ve seen are provided within this guide.
- Your site uses an older version of Timthumb.php script (also known as thumbs.php or thumb.php in some themes), and now your site or server is reporting issues.
- WordPress back-end (dashboard), or other admin interface screens are not accessible or completely mish-mashed. If so, do a scan prior to continuing forward and deactivate all plugins to ensure none of them are the root cause.
That’s a long list of symptoms, and there’s probably a long list of folks out there that probably have malware detected on their sites.