Discovering a virus or malware on your website can be a stressful process, but it is important to act quickly to minimize the damage.

Signs that your website may have viruses
Your website exhibits abnormal behavior, which may include:

• Slow loading of the site.
• Displaying errors on pages that previously worked fine.
• Presence of unknown content (messages, images, or links) that was not added by the owner.

Additionally, website visitors may receive security warnings from browsers or search engines, such as "This site may harm your computer" or "The website is not secure".

Another sign is redirecting visitors to unknown or dangerous websites. Unusual activity in the email account, such as sending spam messages without the owner's knowledge, are also clear signs of viruses or malware.

Another indication of viruses could be higher server resource consumption than usual, even if the site has normal or low traffic.

Isolating the issue
The first step, if you suspect the presence of viruses or malware on your website, is to temporarily disable the site. You can display a maintenance page to inform visitors that the web application will be available soon. This deactivation prevents the virus from spreading to users' or visitors' devices and protects your reputation.

Scanning the website
Scan the site to identify viruses, and for this, you can use the tools integrated by the hosting provider in cPanel. We offer the solution Imunify360, which can be found in the Security section. Run a full scan of the site's files to identify infected files.

Other scanning methods include online malware detection services such as VirusTotal or Sucuri SiteCheck.

You can also access the files in the public_html folder and look for unknown or recently modified files. Check the access logs for unusual activity.

Removing viruses and malware
After a complete scan, Imunify360 will list infected or suspicious files. This tool offers removal of infected files or isolation of them.

Infected files may include unknown code, dangerous scripts, or backdoors. They are usually added in folders such as wp-content, plugins, themes or uploads. If a file is infected, try to remove the malicious code intended for the server and visitors. If the file is completely compromised, you can replace it with a clean copy from a backup.

Additionally, you can download and reinstall the core files of the platform used, such as WordPress, and ensure that all themes and plugins are downloaded from secure sources and are updated to the latest version.

As a solution for a severe situation, you can restore files and databases from a secure backup copy.

Securing the site
Once a website has been infected with viruses or malware, it means there are certain security vulnerabilities. Consider the following:

1. Ensure that your website has an SSL certificate, which encrypts traffic between the website and visitors.
2. Enable two-factor authentication for cPanel, FTP, and CMS access.
3. Change passwords for all accounts associated with the site, including cPanel, FTP, databases, and CMS users.
4. Update all themes, plugins, packages, and technologies used to develop the website, as outdated versions may have vulnerabilities that attackers exploit.
5. If using WordPress, install plugins such as Wordfence or Sucuri Security to monitor activity and prevent future attacks.