Malware is short for malicious software. This type of software is designed to gain entry into a system without the knowledge of the owner. Once present, a malware generally goes on to create chaos. It can target the infected system itself or it can hurt other systems too.
In this world of connected devices, malware attacks are becoming more common and the easiest way to target people is through websites. When it comes to websites, targeting stores with bad security is a favorite among cyber-criminals.
Generally, it happens because store owners ignore site upkeep once their ventures start to earn. They only get involved once a malware attack hits. As Magento is the most-used store-building solution, websites built on it are mostly targeted too.
In most cases, malware attacks on Magento stores are script-based and can be fixed in a few steps.
So, in this article, I will teach you how you can remove malware from a Magento store.
Cleaning Malicious Script From Site
The first step to check and clean any malicious code on your site is to bring an experienced developer or solution partner on board.
Before making any changes to your site, you must create a backup of your site’s data and files.
Scan Your Site
Go to MageReport and start a scan for your site in order to identify the unapplied patches for Magento core and to find the malware scripts present in your site.
Install Missing Patches
After the scan, you should install all the patches the scanner has recommended. Once installed, you should your Magento site in a testing (non-production) environment. You can download Community Edition patches from here.
Remove Unknown Admin Account
An unknown Admin Account is like a ringing alarm. In most cases, it indicates the failure of your website’s security. You must remove such accounts immediately. Therefore, you need to login into your Magento store’s Admin Panel. Then, go to System → Permissions → Users and then remove all unknown accounts from it.
Once done, you need to protect your current admin accounts. So, you should change the passwords of all known admin and also change the admin ID to a unique name while avoiding IDs like administrator, root, admin, and so on.
(While you are at it, you should read what our CTO said about website security in one of his talks. The talk is about WordPress, but a lot of things he said apply on all types of websites.)
Review SSH & FTP Users
Once you have removed unauthorized admin accounts, you should check for other entry points. As a safety measure, review all SSH and FTP users and all users who are old, unused, and unknown. Change the passwords of all active users.
Till this step, I taught how you can protect the entry points from malware infections. Now, I will discuss the steps you need to take for removing malware code from your Magento store.
Remove Code From Head
Remove Code From Footer
Once you are done with code clean-up, you should scan your site again using MageReport to verify that the malware is no longer present.
Secure Admin Panel
Once all cleaned up, you need to check the protection of the possible entry flaws. You should change the front name of Admin panel in order to secure it. Furthermore, verify that your site URLs (‘app/etc/local.xml’ and ‘var’) are not accessible publicly.
For more protection, you can read our Magento security tips to keep your ecommerce store safe.
Remove Google Warnings
If Google has marked your site for having malicious code, then you can request for a review after cleaning your site. The entire procedure takes a few days. Search results and browser warnings are removed within 72 hours, once Google verifies that your site is now clean. For review requests, you can get a ton information from Google Developers site.
Suffering From Persistent Attacks?
Keep Your Eyes Open
It is a lifetime process to protect your site from malware. Keep your Magento software updated and visit the Magento Security Center regularly. Remember, when it comes to malware attacks, prevention is better than cure.