Via our web hosting platform or via Patchman you may receive a message to inform you of malware on your website. This is often due to an outdated version of your CMS, plugins or theme in which vulnerabilities have not yet been resolved.
The message indicates in which file the malware is located. It is important to remove these infected files as soon as possible and then update your website.
Delete the malware
Locate the file in the File manager by following the path of the folders as stated in the malware message. For example, if malware is found in the file 'www/wp-includes/examplefile.php', this means that the infected file in question is 'examplefile.php'. You can find the file by clicking on the 'www' folder in the File manager, and then clicking on the 'wp-includes' folder.
In the File manager you will see the folder structure at the top. As soon as this matches the path from the malware report, you know that you have found the right folder and you can find and delete the file in question.
Update your website
Adjust your website passwords and manually update your CMS (e.g. Wordpress) installation, plugins and theme to the latest version to prevent recurrence. To do this, follow the steps in the article 'My website has been hacked'
If you notice that a plugin or theme has not been updated for more than 6 months, it may no longer be supported by its developers. It is then advisable to look for an alternative.
Make sure you also delete plugins and themes that you don't use. Simply disabling this via your dashboard is nut sufficient.
In the article 'I want to make and keep my website secure' you will find more tips that you can use after the problem has been resolved.