Step 1: Take Your Site Offline (If Serving Malware)
If your site is actively serving malware or phishing content to visitors, add a maintenance page immediately to prevent further damage. Contact support for help if needed.
Step 2: Change ALL Passwords Immediately
- cPanel password
- All email account passwords
- WordPress admin password
- Database password (update in wp-config.php)
- FTP account passwords
- Client portal password
Step 3: Enable 2FA on Everything
Enable 2FA on your cPanel, client portal, and WordPress admin immediately.
Step 4: Contact Support — Open an URGENT Ticket
Open a support ticket labelled URGENT — Security Incident. Our team will assist with malware scanning and removal.
Step 5: Scan and Clean
- cPanel → Virus Scanner → scan entire home directory
- Review recently modified files in File Manager (sort by date modified)
- Look for unfamiliar PHP files in
public_htmland subdirectories
Step 6: Restore from a Clean Backup
If you have a recent backup predating the compromise, restore from it. Verify the restore is clean before bringing the site back online.
Step 7: Update Everything
Update WordPress core, all themes, and all plugins to the latest versions immediately after restoring.
After recovery: Audit how the site was compromised (outdated plugin, weak password, etc.) and fix the root cause to prevent reinfection.