Website Security & Compromised Website Information

Website Security & Compromised Website Information

Below will outline the necessary first steps in dealing with a compromised website that has been hosting malware, recently exploited and/or has vulnerable code.

Application, Module, Theme & Plugin Updates

All code can be exploited so the very first and most important step is to ensure that all applications are up to date with the latest versions. This includes all modules, themes and plugins that have been manually installed, whether they have been downloaded from a website or custom written by a developer for your use. These installed modules, themes and plugins must be actively maintained by the creators or they will quickly become vulnerable to exploits. If they are not being actively maintained then it is best to avoid their use. If they were being maintained then development was stopped you should look for an alternative that is up to date.

Malware & Exploit Cleaning and Removal

VeeroTech can sometimes clean & remove malware from your site(s) on a case by case basis. This service can be provided for a cost of $49.99 per occurrence and is made with a best effort. You may also opt for one of our WordPress Management services outlined below in this guide. We may not be able to obtain certain paid themes/plugins/modules. If you are unable to provide updated licensed versions then this software may not be able to be replaced. The intent of the removal process it to simply remove the infected code and replace it with clean code. We do not perform any type of security services for the site(s) in question. To further secure your site(s), we recommend that you review our guides below for self cleaning and removal, as well as, additional security measures. Please note that the guides provided below are informational and starter guides. Sites that contain vulnerable code beyond updating, should be reviewed by a developer specializing in code security.

Malware removal can be purchased here: https://manage.veerotech.net/cart.php?a=add&pid=302

https://www.veerotech.net/blog/drupal-security-useful-practical-ideas/

https://www.veerotech.net/blog/wordpress-optimization-part-2/

https://www.veerotech.net/blog/wordpress-security-plugin-use/

https://www.veerotech.net/blog/cleaning-hacked-wordpress-site/

In cases where there are many malicious files and/or files with code injected into them, the best route is to simply make note of all themes and plugins, then remove & replace all files with fresh copies. This will remove the infected files. It does not, however, prevent future exploit occurrences should any modules, themes or plugins still contain vulnerable code that has not been fixed by their developers.

WordPress Management Services

We currently offer two types of WordPress Management services as addon services to your account:

Basic Management ($24.99/mo., per site addon)

  • WordPress core, theme & plugin updates
  • Malware scanning & alerts

Advanced Management ($39.99/mo., per site addon)

  • WordPress core, theme & plugin updates
  • Site optimization assistance
  • Malware scanning and removal
  • Secondary backups

For more information on purchasing our WordPress Management Services, please reach out to our sales department here: https://manage.veerotech.net/submitticket.php?step=2&deptid=2

In Addition to the above links & guides, you can find our terms of service & support scope on what is covered/not covered on our hosting plans here: https://www.veerotech.net/policy/service-support-scope/


Application Updates

We require that any websites and/or applications being hosted on your hosting plan comply with the following requirements: https://www.veerotech.net/policy/website-application-update-requirements/


Removal Deadline

For sites housing active malware & injected code, we will allow a maximum of 72 hours from the time we notify you via a support ticket in our Compliance & Abuse department to resolve the issue. After which, we may suspend the account and/or remove all malicious files from our servers. Allowing malicious content & malware to be hosted on our network negatively affects our network, IP space reputation as well as other customers.