Malware is the last thing you’d want in your cPanel. It can not only inject malicious software but leave your website exposed for exploitation. So when you detect malware in cPanel, you need to act quick and remove it at the earliest.
Types of Malware That Can Affect cPanel
There are many types of malware out there. But the cPanel is often attacked by specific types of malware. These are:
Rootkits
Hackers employ the Rootkits malware to gain access of your computer remotely.
Cryptojacking malware
Mainly used in the cryptocurrency domain, hackers use this malware to use your computer’s resource for crypto mining.
SEO spam malware
The malware injects hidden links and unsolicited ads/offers into your webpages.
Spambots
Use your computer to send spam emails, often used for phishing.
Malicious redirects
The malware redirects visitors to a third-party website, often presented with ads or affiliate offers.
DDoS malware
Make your server a node in a Distributed Denial of Service (DDoS) botnet.
Credit card skimmers and form jacking malware
The malware steals the card information whenever you use the credit card or submit a form.
The malware mentioned above pose a threat not only to your website but to the visitors as well. This can create a bad reputation. So go ahead and use a malware scanning tool for cPanel like ImunifyAV to keep your cPanel safe.
Steps to Remove Malware from cPanel
As and when you detect malware in your cPanel, here are the steps you need to take to remove it:
Install a fresh WordPress version
The first and safest thing to do is to install a new WordPress version. It’d replace the existing malicious code with new, fresh codes, thus making your website/server safer. Before that, you must take a backup of your wp-admin and wp-includes folders. After installing the new WordPress code, place these folders in the WordPress root directory.
Inspect the database wp_users table
In many cases when a server is hacked, the hackers place new users in the wp_users list to gain access. You need to check for these newly added users and remove them from the wp_users table. You should also remove users that are no longer necessary.
Install the Sucuri and Wordfence plugins
Two of the necessary plugins to safeguard your WordPress server are Sucuri and Wordfence. Sucuri detects unauthorized changes to your website, while Wordfence scans the root directory and the folders within to check if they’re related to WordPress. Both these plugins will prevent malware in the future.
Delete unnecessary files
Files that are not necessary or have been forcefully added pose a significant threat. So scan for these files, either via a plugin or manually, and remove all of them. In case the files are related to core WordPress files, create a copy of them before deleting. And then place them in the new WordPress version after scanning.
Check cron jobs
Cron jobs are programmed to check for malware. And if they do not find any, they will download some files and place in the root folder of the website. You need to change the configuration if that’s the case.
Check functions.php of installed themes
Themes installed from unknown publishers are another way scammers get into your website. Thus, look for folders from unverified developers and check their functions.php files. If there are any malicious files, it’s best to remove the themes and report them.
Check outbound links in source code
As already mentioned, hackers will place outbound links in your website’s source code to redirect users to another site. Thus, check for these links using ctrl+U and remove them.
Check recently modified files
Check the files that have recently been modified by the cPanel and undo the changes if they seem suspicious and not done by you.
Change wp-login URL
Lastly, it’s recommended that you change the wp-login URL so hackers can’t find the login page. In most cases, users keep the default login page provided by WordPress. This is not ideal from a security point of view. Furthermore, you can use 2FA for login purposes.
So that’s how you remove malware from cPanel and keep it safe in the future.
Types of Malware That Can Affect cPanel
There are many types of malware out there. But the cPanel is often attacked by specific types of malware. These are:
Rootkits
Hackers employ the Rootkits malware to gain access of your computer remotely.
Cryptojacking malware
Mainly used in the cryptocurrency domain, hackers use this malware to use your computer’s resource for crypto mining.
SEO spam malware
The malware injects hidden links and unsolicited ads/offers into your webpages.
Spambots
Use your computer to send spam emails, often used for phishing.
Malicious redirects
The malware redirects visitors to a third-party website, often presented with ads or affiliate offers.
DDoS malware
Make your server a node in a Distributed Denial of Service (DDoS) botnet.
Credit card skimmers and form jacking malware
The malware steals the card information whenever you use the credit card or submit a form.
The malware mentioned above pose a threat not only to your website but to the visitors as well. This can create a bad reputation. So go ahead and use a malware scanning tool for cPanel like ImunifyAV to keep your cPanel safe.
Steps to Remove Malware from cPanel
As and when you detect malware in your cPanel, here are the steps you need to take to remove it:
Install a fresh WordPress version
The first and safest thing to do is to install a new WordPress version. It’d replace the existing malicious code with new, fresh codes, thus making your website/server safer. Before that, you must take a backup of your wp-admin and wp-includes folders. After installing the new WordPress code, place these folders in the WordPress root directory.
Inspect the database wp_users table
In many cases when a server is hacked, the hackers place new users in the wp_users list to gain access. You need to check for these newly added users and remove them from the wp_users table. You should also remove users that are no longer necessary.
Install the Sucuri and Wordfence plugins
Two of the necessary plugins to safeguard your WordPress server are Sucuri and Wordfence. Sucuri detects unauthorized changes to your website, while Wordfence scans the root directory and the folders within to check if they’re related to WordPress. Both these plugins will prevent malware in the future.
Delete unnecessary files
Files that are not necessary or have been forcefully added pose a significant threat. So scan for these files, either via a plugin or manually, and remove all of them. In case the files are related to core WordPress files, create a copy of them before deleting. And then place them in the new WordPress version after scanning.
Check cron jobs
Cron jobs are programmed to check for malware. And if they do not find any, they will download some files and place in the root folder of the website. You need to change the configuration if that’s the case.
Check functions.php of installed themes
Themes installed from unknown publishers are another way scammers get into your website. Thus, look for folders from unverified developers and check their functions.php files. If there are any malicious files, it’s best to remove the themes and report them.
Check outbound links in source code
As already mentioned, hackers will place outbound links in your website’s source code to redirect users to another site. Thus, check for these links using ctrl+U and remove them.
Check recently modified files
Check the files that have recently been modified by the cPanel and undo the changes if they seem suspicious and not done by you.
Change wp-login URL
Lastly, it’s recommended that you change the wp-login URL so hackers can’t find the login page. In most cases, users keep the default login page provided by WordPress. This is not ideal from a security point of view. Furthermore, you can use 2FA for login purposes.
So that’s how you remove malware from cPanel and keep it safe in the future.
