I have received an e-mail from GoDaddy saying my WordPress site has been flagged for malware. It then lists some files, such as: php.backdoor.file_get_contents.005 - html/blog/hnwuc.php
I also have a security issues warning in Google's Search Console, which says my site is hacked with URL injection, and displays some URLs.
GoDaddy called me a while back, basically warning me that unless I add a security option this kind of thing could happen.
I do not wish to purchase GoDaddy's security at the moment, and my question to GoDaddy is, can I manually remove these malware files (or any other spam) from my site? If I can't do it through GoDaddy, then can I clean my site using Google or WordPress on my own?
Solved! Go to Solution.
Hi @adamsimpson. Thanks for being part of GoDaddy Community! The type of message you got would have been automatically generated. Likewise, if you are able to sufficiently clean up the files that were flagged in our system, you shouldn't need to worry about your account being suspended. You'll want to make sure that you not only remove the files but also take steps to secure your content. Usually, that's just a matter of making sure your WordPress core files, plugins, and themes are all up to date. There are some good plugins, like Wordfence, that will also help secure your files. Hope you're able to get it sorted out.
Thanks for the reply, but you didn't answer my question, for some reason. Can I remove any malware/hacking files myself, and if so, is this done through my GoDaddy account, or through WordPress?
@adamsimpson. I tried but I guess I wasn't clear enough Yes, it is possible for you to remove the malware yourself if you have the know-how to do so. Typically, there are links on the Google warning page that give you direction on what you can do if you are the owner of the site. That would be a good place to start if you're not sure what to do.
File clean up would mostly be done using FTP, which would give you direct access to the website files. However, updating and installing plugins would be done via your WordPress dashboard.
Thanks for the answer! That's what I wanted to know. I have also just spoke to one of your chat advisors, and he said I would have to manually look at the HTML of each page and delete the malware/suspicious code. This sounds rather daunting though, as I do not write code.
I will continue to read Google's advice on the matter, and see if I can sort it out myself, just a shame it's going to waste so much of my time!
If you are able to offer any other tips on how I can manually isolate and remove the malware, it would be appreciated. I am aware that should I not be able to do this myself, I was told upgrading to WP Premium, or to a basic security package, would also remedy this problem, as your experts would be able to remove it.
@adamsimpson - Unfortunately, I wouldn't be able to coach you through the clean-up process. Website infections are a lot like human sicknesses. There is a huge variety of them. Some are easy to take care of with self-help. Other times, you need a professional. I'd start by searching online for information about the files our system flagged. That might give you a place to start if the information from Google isn't helpful. Good luck!