If you have received a report from our support team notifying you that your site is infected with Malware or discovered that your site was hacked. Please follow the steps outlined below in an attempt to restore your site back to its original condition.
Restore Original Files:
Our report that we send to you will consist of the files that have been infected. If these are core files of your web application such as the default WordPress files or default Joomla files, you can remove them entirely from your hosting account and replace them with the original version of the files that you can download from the CMS’s official website, such as WordPress. Please ensure that the version for the files that you download matches the version of the application installed on your website. Applications such as WordPress and others store all of their data on databases so your content and updates will in most cases not be lost by replacing the files.
Perform a Clean Up:
In some cases, the infection or malware may spread to other files apart from the core website files, such as themes or other HTML or PHP files. In such cases, it may not be feasible to simply remove the files as they may break the functionality and design of your website. In such a situation, you can opt for your one-time cleanup service, as a part of this service we scan your files across multiple anti-malware services that we have and also clean and remove the malicious code from the pages and scripts. Once this is done, we again scan the files and submit reports to you showing the cleaned up files. Please note, that this service does not provide protection against future attacks or infection and only cleans up files that are already infected.
The service is charged at $8.95 per website/domain. This option is provided to you by our support staff on the report and the ticket that is sent, you can opt for it by simply replying to the same ticket.
Restore from a known good backup:
In some intensive hacks or attacks simply removing the files from the account may not resolve the issue and the malware will simply re-appear again on the website within a few days. In such cases, we would recommend performing a full restore of the entire website, including all files and databases, from the last known good backup that you may have. If your service with us includes backups we can restore the oldest backup that we have and scan to confirm it was clean. For Shared, Semi-Dedicated & Reseller Hosting users, we have backups that go back up to the last 7 days and can be restored by you.
Restore cPanel Backup
For Managed VPS or Dedicated Server users who have a backup service with us, we can perform the restore for you on request.
Change all Credentials
Once a clean version of your website has been restored and made functional. You should immediately change all credentials, this includes your cPanel, FTP, Email Accounts, Website / WordPress Login Credentials, WordPress Database Username and Password.
- Change cPanel Password
- Change FTP Password
- Change Email Accounts Password
- Change WordPress Password
- Change WordPress Database Password
Update all Applications
You should also immediately update your application such as WordPress to the most recent version that is available, including all associated plugins and themes. Additionally, if your site was hacked or infected via a plugin, refrain from using the same plugin on your website again.
- Update your WordPress to the latest version
- Update WordPress Plugins to the latest version
At Ucartz, we make secure our servers at the operating system and network level, protecting our customers against various vulnerabilities and network attacks. However, due to the wide variety and diverse nature of web applications and software, it is not possible for a web hosting company such as ourselves to individually monitor and secure each website on our infrastructure.
For pro-active & continued security, we highly recommend using our SiteLock website protection services that offer comprehensive 360-degree protection to your websites. You can find more details about it here.