1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Need Help to remove Malware in wocommerce

Discussion in 'Site & Server Administration' started by swiftsaves, Jun 16, 2023.

  1. #1
    We run a wocommerce website, was one of the best performing it had a malware attack through some unsecure plugin, We have tried everythign to remove the and have no sucess, do not want to do a new load as all the customer data and design will be lost.

    Plugins dont work any suggestions of help will be much apprciated.

    thank you
     
    swiftsaves, Jun 16, 2023 IP
  2. azeem javed

    azeem javed Member

    Messages:
    14
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    36
    #2
    what this malware actually doing , how did you notice its there? how your wocommerce working ?
     
    azeem javed, Jun 16, 2023 IP
  3. swiftsaves

    swiftsaves Well-Known Member

    Messages:
    751
    Likes Received:
    23
    Best Answers:
    0
    Trophy Points:
    155
    #3
    upon visting the website with it shows pop up messages.
     
    swiftsaves, Jun 16, 2023 IP
  4. azeem javed

    azeem javed Member

    Messages:
    14
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    36
    #4
    try to add sucuri in your website , it will sort out, adding just a plugin might not help, you need to scan and check inside some php files like , header.php wpconfig and htacess file , there might b a long line "numbers" like code ..

    uninstall any crack plugin if you are using...

    or you can submit your website to them with access details and they can help you.
     
    azeem javed, Jun 16, 2023 IP
  5. swiftsaves

    swiftsaves Well-Known Member

    Messages:
    751
    Likes Received:
    23
    Best Answers:
    0
    Trophy Points:
    155
    #5
    Many thanks and much appropriated for taking your time to advise and reply. Yes this plugin is already added now on to new installs, It turned out theme from theme forest was infected with this numbers code . which was redirecting to allow page and then to a an affiliate chinese site.
    However damage is already done as our Vary best working website is down and its been 19 days Main advertising account is suspended .
     
    swiftsaves, Jun 19, 2023 IP
  6. Efetobor Agbontaen

    Efetobor Agbontaen Active Member

    Messages:
    136
    Likes Received:
    41
    Best Answers:
    5
    Trophy Points:
    85
    #6
    Sorry about your loss. But for future purposes, I will summarize how I 100% handle stubborn Malware:

    • First, lock them out by changing Passwords to all doors and windows to that website.
      What I mean is, Change the password to the following:
      • WP Admin

      • cPanel (If u use it)

      • FTP Passwords
    • Install WordFence: This is the best security plugin to me. I have gone through their source code and they know their work.

    • Scan your entire website with WordFence and delete all infected files. (Don't attempt to repair). Just delete them.

    • The previous step is probably going to break the website, so you should have WordPress files and your theme files as a backup. Now if your website breaks, simply copy back the WordPress/Theme files via FTP. (You should be able to tell what is missing from the error log).

    • At this point, your website should be clean. However, there are some really stubborn Malware that hides in the Database. And WordFence and many other security plugins have issues detecting some Malware in Databases.
    In this case, here’s a “Not so efficient” way I fix it.

    • Export the entire Database as a .sql file

    • Rename that file to .php

    • I then use a PHP Malware scanner I am currently developing to scan the newly renamed php file. (Feel free to contact me if you would like to know more about my scanner)

    • When I find the malware, I try to identify the post this malware was placed on (Usually, Malware that resides in the Database would be placed as a Js/PHP code snippet). So it becomes easy to simply remove the affected area.

    • Once this is removed, Congratulations!, your website is Clean and secure.
    Another reason I like WordFence is because if maybe a skilled hacker finds a 0 Day vulnerability in your website and breaks into your Website again, you will get an Email before they are able to do anything. And you keep getting emails if any of your files is being modified.
     
    Efetobor Agbontaen, Jun 19, 2023 IP
  7. Mark Elijah

    Mark Elijah Greenhorn

    Messages:
    145
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    18
    #7
    Removing malware from your WooCommerce site requires caution. Consider a professional for guaranteed safety. If determined to do it yourself, back up your site completely first! Then, identify and remove suspicious files, update plugins/themes, change passwords, and run a security scan. There's a risk involved, so proceed with caution.
     
    Mark Elijah, Mar 23, 2024 IP
  8. GreenHost.Cloud

    GreenHost.Cloud Member

    Messages:
    313
    Likes Received:
    23
    Best Answers:
    3
    Trophy Points:
    33
    #8
    You can try using a security plugin like Sucuri or Wordfence to scan and remove malware. Also, your host's control panel usually has an antivirus that you can scan.
     
    GreenHost.Cloud, Mar 28, 2024 IP
  9. infernal2016

    infernal2016 Member

    Messages:
    13
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    36
    #9
    Additionally, utilizing the antivirus tools available in your hosting control panel can provide an extra layer of security. It’s always good to have multiple layers of defense when it comes to website security.
    Remember to keep these security plugins updated to the latest versions to ensure they can protect against the most recent threats.
     
    infernal2016, Apr 22, 2024 IP