The GoDaddy product information in this article is outdated and currently under review for accuracy. For the latest up-to-date product information please visit godaddy.com
Malicious software, also known as malware, is becoming increasingly popular, with an estimated 1 million new malware threats being released every single day. Infecting a website with malware provides a hacker or a cybercriminal access to sensitive data, and can prove to be costly and damaging to both large- and small-sized businesses. It can be a daunting task to clean malware, especially for a smaller business.
Malware attacks have the potential to leave even a larger business with a crippled online presence that can take days or weeks to recover from. The aftermath of a malware attack can be time-consuming for webmasters who are left to find and delete malware on an infected website.
This will cause a big red message to display, alerting visitors to stay away. A message like this can be alarming and turn away profits from potential customers to the business website. In such cases, having a proper malware cleanup becomes a top priority. Warnings like these will stay visible on the infected site until the site owner has completed a full malware cleanup.
Where does malware come from and how does it infect?
The early developments of malware were created to deface and vandalize websites, sometimes as a prank. Today, malware is being created and distributed by organized cybercrime groups and individuals.
Targeting vulnerable website platforms
Many malware attacks target vulnerabilities in application-based platforms like Joomla!, Magento and WordPress — the most popular content management system (CMS).
The CMS of choice for today’s businesses, WordPress is also one of the most targeted and vulnerable applications for malware attacks for various reasons.
Content management systems, such as WordPress, require security updates to both core software and installed plugins and extensions (most of which are created by third-party developers). Too often, busy business owners with limited technical resources neglect to perform necessary updates and patches, leaving their websites ripe for a malware attack.
Hackers can infect vulnerable websites with malware that does all sorts of bad stuff, including:
- redirects website traffic to other sites.
- corrupts and destroys databases.
- runs rogue and undetectable spam or fraudulent email blast campaigns.
Malware + brute force attacks
Brute force attacks are another common way malware can infiltrate a website.
Using this method, a script or bug can target the login screen of a CMS’s administrative panel, entering every imaginable username and password combination until it is eventually granted access. Too often, these attacks are detected after the damage has been done.
If you’re not sure if your site has been infected with malware, you can use Google’s free Safe Browsing Site Status Report that will scan your site for signs of an infection.
If you are an advanced web developer and are comfortable looking into your website’s files, you can also check the most common files for infection: .htaccess, WordPress core files (file names usually begin with “wp-“) and any file names that you do not recognize. Typically, malware is encoded in Base64 format.
Another option for detecting malware is to sign up for GoDaddy Website Security, powered by Sucuri. All packages offer unlimited malware scans and removal, plus identification of blocklisting issues that could prevent you from being found on Google. This no-hassle protection makes it easy to keep your site clean and secure — without the need for combing through web files on your own.
Delete malware on your site
It’s incredibly difficult to remove all instances of malware by hand. Unless you’ve spent countless hours scrubbing sites before, the technical aspect might be too much for the average small business owner. The good news is, there’s an easier way. There are other automated solutions, like GoDaddy Express Malware Removal, that take care of the legwork for you. All you need to do is provide us with a little bit of information, and we’ll get to work. We won’t stop until it’s clean, so you can rest assured your site will be up and running in no time.
Steps for using GoDaddy Express Malware Removal to clean malware
Purchase GoDaddy’s Express Malware Removal.
Go to My Products and select Website Security.
Enter the domain name of the infected site.
Click Request Cleanup.
Note the malware problems you’re experiencing.
Provide your FTP or sFTP credentials.
Submit your request.
1. Purchase GoDaddy Express Malware Removal
Visit GoDaddy to purchase Express Malware Removal. With an expedited, 30-minute response time, your site will be fixed in no time.
2. Go to My Products and select Website Security
Once you’ve purchased Express Malware Removal, the product will appear in your account. Navigate to your account, view your products, and then click on Website Security. Click Setup for Website Security Express.
3. Enter the domain name of the infected site
Type in the domain name of the site in question. Then, click Get Started with Website Security.
4. Click Request Cleanup
After entering the domain, you will be prompted to request a cleanup. Do so by clicking on the Request Cleanup button.
5. Note the malware problems you’re experiencing
It’s possible that you could be dealing with more than one instance of malware. Check the boxes next to all possible issues.
6. Provide your FTP or sFTP credentials
Our team will use this information to access your files. These credentials are necessary for us to delete malware and clean your site.
7. Submit your request
That’s it! Click the Submit Request button, and you’re done. You can monitor the status of your request from the Cleanup tab within your account.
Best practices for keeping malware off your website in the future
After your Express Malware Removal has been completed, follow these basic and simple tips to keep your website secure:
- Update your core files, themes and plugins within your CMS regularly to stay on top of any changes or vulnerabilities.
- Install an SSL certificate to help protect your visitors’ sensitive data.
- Install a Web Application Firewall (WAF) for proactive malware protection.
- Run scheduled malware scans with GoDaddy Website Security, powered by Sucuri.
- Keep installed plugins on your site at a minimum, and remove any that are not necessary.
- Limit authorized access to your website.
- Change your passwords every 90 days.
And, of course, if you run into issues again, GoDaddy Express Malware Removal will be there.
Most malware cleanup services will only scan and perform a malware cleanup after the attack has happened. With a Web Application Firewall (WAF) you can be proactive and stop attacks before they even happen. Attacks like SQL injections, cross-site scripting, brute force and zero-day attacks can all be prevented and stopped by using a WAF.
For eCommerce websites that collect sensitive information, like credit card numbers and home addresses, we recommend practicing additional security methods to ensure the safety and privacy of your customers. Read 10 ways to keep a hacker’s hands off your eCommerce website to make sure you’re doing what’s necessary to protect your customers.
GoDaddy Website Security, powered by Sucuri
We take security seriously. GoDaddy offers a variety of security products that can help lock down and protect your online business. We work by first scanning and taking a deep dive into your website’s files to find malicious malware. If malware is found, you will be notified immediately and will be given the option to submit a cleanup request. From there, you can sit back and let our team of security professionals go to work for you.