For those of you who run your own websites, here is what I did to get clean. First, Google is fantastic…you receive a notification that your site has been hacked and on the webmaster tools are all sorts of tips and tools to clean it yourself. I could have hired a specialist for $200, plus another $150 to hard code the site, but it turns out that I was able to clean the site myself, with a little help from WordPress plugins, a very helpful tech at my host (Bluehost.com), and customer support at SiteLock (you’ll now see the little SiteLock certificate of security on the bottom right of the home page.
There are two issues to address when your security is breached.
1) Get rid of the malware
2) Get your site reviewed by Google once it is clean so that you are again considered a “safe” site.
For issue #1:
I immediately changed all my passwords — both on email and on the entry port to WordPress. Then I ran reports on Google webmaster tools to find out what the malware files were. As soon as I had that info, I went into WordPress and made sure all my files, plugins and upgrades were taken care of — this got rid of the malware files pretty quickly.
SiteLock and WordFence (a WordPress security plug-in) both identified all the corrupt files, which I removed…basically deleted the posts or just deleted all the links so that no hidden malware could be lurking around. I had to run scans several times to ensure all the posts were clean. I also removed all the links from my Gen Plus List. Sadly, I’ll keep the list off the site for now, since those links were hacked.
It does take a few hours to clean up all your files, so it might be worth it to spend the few hundred dollars and have a specialist do all the work for you.
After the malware and flagged files were taken care of, I ran a final scan and got a “clean” report from WordFence and SiteLock. Once I had the clean reports, I posted the certificate on my site and then (again in Google Webmaster Tools) did a site index and requested a site review.
Happily (as of today), the review worked and my site is back up and running. I’m hopeful I was able to resolve all the issues. If not, I’ll be plugging away, again, at finding and removing malware before I know it.
Thank you, also, to the fine folks out there who let me know about faulty links and bounced email.