Trojan virus

  • I’ve been held to ransom by a hacker in Russia he has infected all three of my working websites that I trade from this is one of the website links I can’t log into the backend of my WordPress websites and need advice on how to approach my situation any ideas would be appreciated

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)

  • Hi @lcaines100,

    If you don’t mind, please allow me to help.

    Potential Solutions:

    1. Reload a clean back-up copy of your website. Did that help? Are you able to login?
    2. Contact your host for clean-up procedures. Our team uses SiteGround (host) and they’re pretty good at cleaning up websites or providing detailed instructions to remove all infections.
    3. Follow the Wordfence clean-up instructions provided here. Be patient, grab a cup of coffee or your favorite beverage, and start working through the instructions. Removing malware is a tedious process.
    4. Pay the ransom ??

    Once you clean up your website(s), you will need to further protect your website to prevent re-occurences. I would use a reputable host like Siteground, Wordfence Premium, and Cloudflare. Together, they offer enough protection if set up properly.

    Also, never use nulled plugins. 80% of all infections are caused by nulled plugins or plugins purchased from non-authorized 3rd-party plugin sellers.

    If the above was helpful, please consider closing this topic as “Resolved.”

    Best wishes!

    Note: I’m not affiliated with Wordfence. Simply offering goodwilll support.

    Plugin Support wfpeter

    (@wfpeter)

    Hi @lcaines100, there should absolutely be ways in which you can clean your site to gain back full control.

    Generosus helpfully included our site cleaning instructions, which would be in our recommendations as we’re unable to walk customers through this process ourselves on an individual basis here. Additionally the WordPress Malware Removal section in our free Learning Center may be helpful to you during this time.

    If you’re unable to clean this on your own, we do offer paid services but are unable to discuss those here – also keep in mind that site cleaning services are available from other sources too. Please contact presales @ wordfence . com if you’d like to discuss things further.

    Make a full backup of the site before making any changes yourself, or letting somebody else take a look.

    Make sure all plugins and themes are up-to-date and that WordPress core is on the latest version. We always recommend that you update your passwords for your hosting control panel, FTP, WordPress admin users, and database in order to cover the key access points where somebody could change or upload things on your site. Make sure to do this! Naturally we’d recommend strong passwords with 2FA where possible in the long-term, so something to consider once you’ve dealt with the issue at hand.

    Also make sure to check for administrative users you don’t recognize in WordPress > Users > All Users, just in case there is anything suspicious there. Delete any that you know shouldn’t have this kind of access to your site.

    If you find anything that you’re suspicious of but isn’t being picked up in scans or you’re just unsure, you can send files/code to samples @ wordfence . com. If you do, just make sure to remove any database credentials or keys/salts in any files you do send over. Our team can help advise if it’s something to be concerned about, and which steps to take next.

    Many thanks,
    Peter.

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.

Tags