Did you just stumble upon a message stating that “The Site Ahead Contains Malware” or “The Site Ahead Contains Harmful Programs” and didn’t know what to do about it? We’re going to teach you why this is happening and guide you step-by-step so you know exactly what to do to fix the errors! But first…
WordPress is a dominant content management system that powers around 30% of all websites on the Internet. It offers a plethora of incredible features, but it doesn’t mean that WordPress is resistant to malware attacks. On the contrary, security has always been one of the system’s weak spots.
A research revealed that over 90 thousand hacker attacks are happening each minute. Another study proved that 73% of the most popular WordPress-based websites are vulnerable to attacks. This is the reason why you often see a notification: The Site Ahead Contains Harmful Programs.
If you are a website owner, you should react immediately upon seeing this message on your site. This is why you need to eliminate the malware notification:
- It ruins website credibility and reputation, chasing away even the most loyal visitors.
- An average user does not care why this message appears, but he will definitely close the window and go to the competitor’s site.
- The message proves you don’t take care of online security, revealing the lack of professionalism.
- If it takes you too much time to react, it means that you neglected your own website, so why wouldn’t your visitors do the same? So it’s important to harden the WordPress security.
These reasons should be more than enough to convince you to engage. In this post, we will show you how to fix the problem called “The Site Ahead Contains Malware”.
Why You See the Message in the First Place
Before you learn how to cope with this problem, you need to understand its origins. Steven Lee, a
cybersecurity specialist at ResumesPlanet.com, recently explained that there are two main reasons why websites show the malware warning sign:
1. The site has been hacked
The purpose of a hacker attack is to spread malware through your website and potentially even distribute it to other sites and users’ devices. This is the main cause of malicious software warnings. In general, hackers attack websites for one of these 7 reasons:
- Hacking as a hobby: A part of digital attackers consider hacking to be extremely amusing, so they do it for the adrenaline rush.
- Hack to steal: Other hackers have more tangible objectives in mind. They attack websites to steal and earn real money.
- Bring a site down: This happens mostly when hackers want to eliminate or at least slow down competitors.
- Information leakage: Business is like a poker game – if you know the opponent’s cards, you can win easily. Some hackers steal information to gain comparative advantage over other companies.
- Political motives: There are hackers who want to highlight current political problems and increase awareness about these issues.
- Hacking as a form of activism: An average hacker believes he is the modern-day Robin Hood who attacks websites for sheer idealism and altruism.
- Security hacking: Sometimes, hacking occurs just as the precautionary measure to warn about potential safety issues of a website.
2. Suspicious ads
Low-quality ads are the second most common cause of malware warnings. This happens when your pages display ads leading to sites that contain malware. Ad networks sell inventory (or advertising space) on web pages offered by popular publishers.
Ad networks administer huge volumes of user-related data, which is a perfect target for spamming or the so-called scamvertising. According to the research, hackers use real ad networks to deliver scams, spam, adware and other low quality and suspicious sites to a wide and highly targeted audience.
But what does it actually mean? It means that fraudulent web content can hurt people by dispersing false information or literally stealing their money.
In each one of these cases, you need to react promptly and remove malicious software from your website. Keep reading and you will see how to do it.
How to Fix “The Site Ahead Contains Malware” issue
Step 1: Backup Your Website
Malware issues are only one of many reasons why you need to conduct website backup. It’s a precautionary measure that you need to complete to avoid losing entire website content. A backup is basically a copy of your files and database that you can restore in case hackers attack your site.
The website backup is a complex process that can be completed in three different ways:
- Back up WordPress website through your hosting
The easiest option is to select a hosting organization that conducts regular website backups. Most companies do it on the daily basis, automatically backing up core WordPress files, media, themes, database, and plugins. If you’re not sure who to pick, we’ve put together a nice comparison between 2 big players in the industry: Siteground and Inmotion.
- Back up site manually
In your WordPress directory, there are several folders such as wp-content, wp-includes, or wp-admin. Each one of these folders contains important files that keep the website fully operational. You can backup all WordPress files manually using the cPanel or the SFTP program.
The same procedure goes for WordPress database. You can back it up manually – go to the hosting panel and find phpMyAdmin. You need to select all database checkboxes in the main administration pane and export them to the secure folder on your computer.
- Back up website automatically using WordPress plugins
You’ve probably figured out by now that WordPress website backup is a complicated mission. If you want to avoid it and focus on other duties, you can install a plugin to cut the long story short. There are dozens of reliable WordPress plugins to help you out here, so we recommend you choose among the best choices available.
Step 2: Remove Malware
Now that you’ve backed up your website, it is time to remove malicious software. The easiest way to do it is by using WordPress plugins such as Security Ninja. A tool like this scans an entire website to identify problematic files within minutes. It will scan all active and disabled theme and plugin files as well as files uploaded to the wp-content folder.
It will conduct more than 50 tests, allowing you to see exact parts of the file that malware scanner marked as suspicious. Besides that, a security tool can delete files that don’t have to be in your WP folders. It also creates a whitelist of files that you have inspected and knows are safe.
Although security plugins can do the job automatically(check out our guide on WordPress security), some webmasters are still wondering how to remove malicious software manually. In case you are one of those enthusiasts, we are going to show you this process step by step here:
- Website Backup:
This is the first and the most important phase, but we already described it above and there is no need to repeat it.
- Download and Examine the Backup Files
Now that you have a backup folder on your computer, you need to open it and examine all files. These include WordPress core files, wp-content folder, wp-config.php and .htaccess files, as well as the whole database.
- Delete the Files in the public_html folder
At this point of malware removal, you need to delete almost all files from the public_html folder. The only ones you should leave are hacker-resistant server-related folders and the CGI-bin folder. In case you are operating multiple websites using the same account, there is a big chance they have been compromised as well. It means you have to follow this same procedure to remove malware from all sites.
- Reinstall WordPress
The fourth phase is to reinstall WordPress in the public_html directory. In case this was not the initial location of the content management system, you should reinstall it in the add-on domain. After that, you need to add a reference to the website back up and edit the wp-config.php file to recover the old site database.
- Reset Passwords and Permalinks
Now is the time to reset all usernames and passwords on your website. You can do it in Settings → Permalinks and click Save Changes when you enter new login details. Doing so, you will restore the.htaccess file and enable website URLs once again. Keep in mind that you also have to delete invisible files because they might also be compromised by the malicious software.
- Reinstall Plugins
This is the part where you need to reinstall WordPress plugins. We don’t recommend you installing old plugins, but rather reinstalling all of your previous plugins from the WordPress repository. This way, you make sure that all plugins are functional and up to date.
- Reinstall Themes
Once you’re done with the plugins, you should do the same thing with WordPress themes. You should install themes all over again or add a reference to the backup file in case you used a customized theme version. In each case, you must not upload old themes because they may be jeopardized. It’s important to keep in mind the type of theme you’re using. A premium WordPress theme is less-likely to get hacked compared to a free one. Check out our guide on the pros and cons of premium Wp themes.
- Upload Your Images from the Backup
This stage of the process is complicated because you need to upload images from the backup without copying any of the hacked files. For this reason, you need to inspect every folder containing images to make sure there are no compromised files. When you complete the examination, you can upload images to the WordPress server using FTP.
- Scan Your Computer
Now you need to scan your computer for extra safety. You should look for potential viruses, malicious software, or any other kind of suspicious programs.
- Install and Launch Security Plugins
The last stage of the manual malware removal is to install a safety plugin such as Security Ninja PRO. Although it can be fun to do control website security all by yourself, it is much more efficient to leave it to automated services. It won’t only save you a lot of time but also improve the overall reliability of your site.
Also, Security Ninja’s Cloud Firewall will help you protect site even further by automatically banning more than 600 million bad IP address.
Step 3: Remove the Backdoor
You might think that the work is done once you’ve removed the malware from your website, but it’s not. As the matter of fact, most webmasters are struggling to discover why the problem is reoccurring after the plugin security inspection.
The problem lies in the malicious code that can still crawl through the website using the so-called backdoor entrance. Therefore, removing the backdoor is the key step to recovering your website.
A backdoor is a type of program that opens your site or server up to access to other people over the Internet. In other words, it’s a code or a program that can bypass standard authentication and jeopardize website security.
Removing the backdoor is essential. You can do it single-handily by checking out each file and line of code to find a malicious element. Of course, you need to delete it manually as soon as you detect it, after which you can put back the secure version back on the server.
However, remove a malware line of code manually is very difficult, particularly because hackers often install their own backups and fail-safes along with the malicious code. For this reason, using WordPress security plugins is once again the best option for you. Plugins like Security Ninja and others can remove malware and delete the malicious code.
Step 4: Keep Google Informed
Now that you’ve finally solved the problem, you need to keep Google informed about it. The biggest search engine warns users about malware containing websites, but it doesn’t know that you fixed the bug. Therefore, you need to send a request to Google to eliminate the malware notification from search results.
The procedure is simple: go to Google’s Webmasters support, login, and choose security features. Google will show you safety threats there and you should verify that your website does not contain safety threats anymore. After that, users will not see the warning sign next to your site.
Whenever you see a notification “The Site Ahead Contains Malware”, you should treat it as an urgent message to find malicious software and solve the security breach. In this post, we showed you how to deal with this awkward but very common WordPress issue.
Did you ever face this kind of problem? How did you deal with it? Feel free to share your experiences in comments and we’ll be glad to discuss this topic with you!