If malware is detected or the site starts redirecting unexpectedly, treat the incident as active until you verify file integrity, credentials, and application health.
Common symptoms
- The site redirects to spam or phishing pages
- Search engines flag the domain
- Unknown files or admin users appear
Troubleshooting steps
- Put the site into maintenance mode or temporarily disable public access if customer safety is at risk.
- Change cPanel, CMS admin, FTP, database, and email passwords associated with the account.
- Audit recently modified files, suspicious admin accounts, and unknown scheduled tasks or cron jobs.
- Restore from a clean backup if one is available and verify the infection source before bringing the site back online.
- Update the CMS core, plugins, themes, and all credentials to prevent immediate reinfection.
Additional notes
- Cleaning files without fixing the entry point often leads to reinfection.
- Backups taken after compromise may also contain malicious code.
When to contact support
Contact support immediately if the site is serving malware, phishing, or abusive content.