Before our security team can proceed with any cleaning required, please have the site administrator complete the following:
- Review the list of admin users on the site removing any that should not have administrator access. Ensure all users have secure passwords that aren't being shared between people.
- Update all administrator user passwords to something as strong as possible. Compromised passwords are the most common entry point for re-entry.
- Review the list of themes installed on the site, and if any are no longer in use or are sitting in a deactivated state, delete them. Inactive themes with security issues in their code could still put your site at risk since at the end of the day the code still resides on the server until deleted.
- Review the list of plugins installed on the site, and if any are no longer in use or are sitting in a deactivated state, delete them. Inactive plugins with security issues in their code could still put your site at risk since at the end of the day the code still resides on the server until deleted.
- Run all available plugin and theme updates. Keeping plugins and themes updated ensures they’re running the latest version, patching any security issues that could be used to introduce malware to the site.
The two most common ways that sites become infected with malware are through insecure passwords and outdated plugins or themes. Your site administrator or WordPress developer should be updating your themes and plugins regularly to safeguard against infection. And, by completing the above steps proactively, you help us clean up your site faster!
Note: It may not be possible to update premium themes or plugins directly through the WordPress dashboard. If necessary, contact the theme/plugin developer or refer to the documentation supplied at the time of purchase for further update information.
Please contact us once you’ve completed these steps so we can hand your site over to our security team.
