We’re failing at answering malware and hacked site questions in groups on Facebook, that are dedicated on helping people learn and troubleshoot WordPress. When it comes to malware and cleaning up websites, when I see someone post about it in a WordPress help group on Facebook, I cringe. Why? Because I know what type of dumb answers are going to be shared, and they aren’t always a completely true or thorough answer.
How we are failing at helping people learn about hacked sites and malware in WordPress
Some of the answers are usually:
- Use this plugin or that plugin.
- Make the host clean it it for free.
- Statement: Malware is so easy to to remove. It’s always so obvious.
- Use this malware cleanup service or that service.
- Do a scan and remove the files that come up.
There’s more that I’ve seen on different WordPress support groups over on Facebook, but generally, a lot of them are somewhat similar to this list.
Use this plugin or that plugin
A malware plugin or security plugin is not always going to pick up all malware. Even Clam AV and other outside scanners don’t pick up every type of possible infection.
Make the host clean it it for free
The web host is not responsible if you use bad passwords (for the host, FTP/sFTP, database, WordPress), don’t update your site (WordPress core, outside scripts, plugins, themes), or have working clean backups (which would save you more headaches from cleaning, both time and money). YOU ARE RESPONSIBLE FOR YOUR WEBSITE. They won’t clean it for free unless it’s actually part of an add-on security service you previously purchased. Frankly, it’s even in most web host terms of services that you should be keeping any running scripts up-to-date too. That’s why, in some web hosts, they suspend your site until it is cleaned.
Statement: Malware is so easy to to remove. It’s always so obvious.
FALSE! FALSE! FALSE! Because there are cases that some malware and website virus scanners do no pick up everything, some things, are not so obvious. I’ve seen some really badly infected sites over the years, even multiple types of infections, and I’ve cleaned a few thousands sites in the past decade and a half. Some I’ve had to manually hunt it down. Some sites were so hacked that no files and a database was left. Some sites, ALL of it was gone, and the website owner didn’t have a single backup (even with the host.)
This type of statement usually comes from someone arrogant and knowledgeable enough in malware cleanup and security, but usually not advanced enough. People who know better and have seen the worst of what can happen, don’t say this type of thing.
Use this malware cleanup service or that service.
Great! But what if the person wants to try it themselves first? Why not nudge them in the direction of a tutorial first, THEN you can suggest a service. I like making money, but I’d rather at least give them the option of trying it out and also the option of choosing a service. Be helpful before selling something. They will choose what will work for them, and frankly a tutorial may give them the idea of whether they really want to tackle cleaning up and re-securing their website.
Do a scan and remove the files that come up.
Okay? Sure. That’s all?
NO IT IS NOT THAT SIMPLE. This type of answer helps no one. It doesn’t even address putting a security method in place and even other important things. It doesn’t address redoing all passwords, or even a backup plan. This is an incomplete answer. In this case, don’t even answer if you can’t be bothered to provide a proper sequence of steps to removing malware and securing site, as well as other preventative security tips.
How can we add more value to the WordPress malware support questions?
Let’s be more helpful and thoughtful. The majority of users join WordPress support groups to either get help, network, share knowledge, and in some groups, even make money or promote their brand. The problem is, that incomplete answers don’t really help anyone. It’s like throwing a lifesaver to a drowning person, but not doing anything to help lead them back to safety.
One of the pain points in the WordPress community is getting newbies help, whether just sharing a link to a proper tutorial resource, or giving them directions. It only takes moments, and believe me, from experience, they’ll appreciate it. If you’re burnt out, sit back and let someone else do it.
However, for those in the community who know security and know where some really great basic tutorials are, I’ve got a challenge for you. If you see a thread for malware and hacked questions, and the majority of the comments are incomplete answers to thoroughly cleaning an infected site, jump in and send them in the right direction. Don’t be afraid to point out that while some of the answers are right, they are not going to completely help them.
If you have done this, fantastic! It brings me joy to see that a new WordPress user has been helped.
Hi Nile – With the rise in the applications of digital technology, websites and apps there is a rising need to address cyber security and data privacy as well. You have written this blog on one of the burning issues at the moment. As a WordPress support group community on Facebook, people need to be more responsible and helpful, while answering such questions for the people in need. Thanks for writing on this topic. It is a great read.
Thanks Kedar! I work a lot with cleaning hacked sites, both clients of my own, and at WP Fix It, and this is an important topic that I enjoy talking about. It’s also a very involved one. It just irks me that people get lazy in replying to people that are hacked and honestly need a point in the right direction, even if it is to a few articles.
thats is true i used bad and easy to predict passwords in past hosting cant help you
great post and great that you have answered a lot of useful questions
you have almost covered all the important doubts great post girl
Hi Nile,
It was a great share! I can’t tell you how much I appreciate Facebook groups. I have learned a lot from them. But I think you are right, collectively they can sway your decision and nudge the person into a specific direction. I think we can do better as a community. I have played a role in helping several aspiring people. But I think I can do better too. This was a very inspiring read and will help me understand and correct my actions. Thanks a lot for such a great share!