10Web Help Center

Hi, how can we help?

10Web Malware Removal Program

Copy article URL

in this article

10Web prioritizes website security via continuous surveillance and active protective measures on all hosted sites. Acknowledging potential malware risks, we provide a no-cost WordPress malware removal service to safeguard your site, our servers, and users.

We deploy 24/7 monitoring and regular scans to identify malicious code. Upon malware detection, we promptly initiate the Malware Removal Process and alert the site owner.

Malware removal process

This process includes scanning for issues and eradicating infected files or code. The duration may extend up to one business day, longer for severely infected sites. In rare instances, site restoration from a backup may be performed.

Important:

Malware often infects plugins and themes that your site relies on to work correctly. Since removing a plugin or theme may cause your site to appear broken, we recommend putting the site in maintenance mode during the malware removal process.

Steps 10Web takes

Our support team starts the mandatory steps in our malware removal process anytime we detect a compromised site. First, we:

  1. Backup the website.
  2. Reinstall the WordPress core files.
  3. Change all SFTP, SSH, and database passwords.
  4. Remove any infected plugins or themes.

Depending on circumstances, 10Web may also:

  1. Scan your website with 3rd party security software.
  2. Deactivate plugins temporarily.
  3. Remove Javascript injections from pages or posts.
  4. Enable maintenance mode.

We may also take further steps not listed here to clean up complex infections. We’ll always communicate with you as the site owner to ensure you’re up to date with the process.

Steps website owners should take

Once we complete the malware removal process, there are also a few steps the website owner must take to secure the site.

  1. Update all plugins, themes, and WordPress core files.
  2. Download and install a new copy of any previously removed plugins and themes from their developers. 
  3. Review and delete all unused or unrecognized WordPress admin users.
  4. Update all WordPress admin user passwords.
  5. Enable two-factor authentication (2FA) for all WordPress admin users.
  6. Update all 10Web user passwords.
  7. Enable 2FA in your 10Web dashboard.
  8. Follow any additional instructions that we may provide on a case-by-case basis.

Important:

Please do not attempt to clean and reuse a compromised plugin or theme.

Website owners must take these steps within one business day to ensure site security. Site owners who don’t take these steps promptly will no longer be able to take advantage of 10Web’s free malware removal service.

Infections discovered during migration

All files go through a deep scan during migration. We will notify you immediately if we discover that your site is infected. In this case, you’ll have two options to continue with the migration:

  1. Purchase a plan, and we’ll begin the malware removal process.
  2. Cancel the migration and repair the site, then migrate to 10Web.

in this article