Cleaning up an infected Joomla web site

Detection

You can scan your website using Sucuri Site Check.

Cleaning the infections and securing your site

Clean the infections

If you have a backup of Website files prior to detection of virus infection, then download the backup from the server and replace the infected one.

If you do not have a backup, then you have to remove the malicious code yourself. For example, many viruses add an iframe script to the bottom of every javascript file. Use "find and replace" function in your editor to remove this script in every file.

Change passwords

Change your ftp, cpanel, joomla, database passwords. Make sure you use strong passwords. You can generate strong passwords here.

Change your Joomla administration credentials

Enter Joomla backend and use user manager to change your username and password.

Change your user database credentials

Enter the cpanel of your website. This should be given by the hoster. In databases, delete the old user and create a new one.

Now open configuration.php and change these lines

var $user = 'new_username';
var $password = 'new_password';

Set proper folder permissions

Change your folder permissions. You can use fileZilla to do so.

  1. Right click on you public folder and set 644. Check "Recurse into subdirectories" and select "Apply to files only".
  2. Wait for the process to finish and then right click on your public folder again and set 755. This time check "Recurse into subdirectories" and select "Apply to folders only".

Check out this article for more.

Upgrade Joomla

Upgrade Joomla to its latest version

Leaning Resources

  • How to remove malware from your site article.
  • Security Checklist/You have been hacked or defaced Joomla article.

Post A Comment

Anti-Spam Quiz: