[ad_1]
I am a graphic designer by profession and I am new to WordPress. I manage several sites that are being overrun with infections. I would love some beginner steps to clearing out malware. We use WordFence and our hosting service uses ShieldScan but we are still getting a lot of infections. I would be immensely grateful for any help. I think my boss thinks too highly of my skill level which is basically nil at this point.
I appreciate any advice!
[ad_2]
Can you describe the infection? How do you know they are infected? There isn’t a lot of information here to allow someone to troubleshoot your issue
Did you pay for all themes/plugins that should be paid for?
Are all the same sites on the same hosting account? (note, not same service, but same actual hosting account)?
First step is finding out where the infections are coming from and blocking them, until you do that, you are wasting time doing cleanups after infections.
WF/ShieldScan will only do the discovery & cleanup, as you’ve discovered.
The 2 most common ways you can get infected with malware are:
1. Using nulled plugins/themes. That means buying software from a “GPL free” website – more often than not, those sites inject software with malware.
2. Not updating your themes/plugins/WP core regularly. This means at least once a month. You also need to pay attention to how frequently software receives updates from the developer – if you notice once that hasn’t had an update for more than 9 months, you need to replace it.
u/greg8872 hit the nail on the head in terms of how your hosting should be setup. You need to move the sites into their own protected folders or accounts before you try and clean your sites.