Hi,
when I search my website as trendstopfive and when the result comes after Google search, it shows this site may be hacked. I downloaded the antimalware and cleaned website. Now the anti-malware does not show any malware but when I request Google webmaster to review it is saying that there is still malware is present. Can you please search the malware and tell me how to remove it from the system as I am not a developer. Thank you.
Website:https://trendstopfive.com/
Malware showed by Google Webmaster: http://www.trendstopfive.com/eh9h/3gaxk.php?fbq=core-values-quiz
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
If your droplet has been compromised it is extremely difficult to clean in to ensure that it is not compromised. Cleaning up files containing malware is a good step but without identifying how your site was compromised and ensuring it cannot be again your droplet may remain compromised with attackers retaining access.
I strongly recommend redeploying your site on a new droplet from scratch rather than risk re-deploying on a compromised server.
Instead of redeploying, start with cleaning the files and database first. You’ll first need to assess at what level the hosting is compromised. Just ping me if you need help.
Hello there,
You can install malware detection software like Linux Malware Detect, also known as Maldet or LMD. It will help you to locate any malicious files on your droplet.
If you’re interested in securing your droplet (everyone should be in general) you can double-check our tutorial - An Introduction to Securing your Linux VPS.
The article will cover the basic and some more advanced steps in website and server security.
You can check the article here:
https://www.digitalocean.com/community/tutorials/an-introduction-to-securing-your-linux-vps
For WordPress I could suggest following the steps from this answer here on how to secure your WordPress websites:
https://www.digitalocean.com/community/questions/how-to-secure-wordpress-without-a-security-plugin
Once you’ve done that I could suggest the following as well:
Install a plugin called Wordfence and run a security scan for each website
Delete any plugins and themes that you do not use
Change your WordPress core files with clean ones and also run a core checksum with the wp-cli tool
Also, make sure to check your Apache or Nginx access logs for any strange POST requests
Hope that this helps!
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.