Malware, otherwise known as malicious software are dangerous programs that can seriously damage your website, slow it down or make it vulnerable for future attacks. Even though Joomla is one of the CMS systems out there, sometimes Joomla websites can get infected with “bad” software.

If you need help Joomla malware removal check our Joomla development services or contact us directly.

In this article we will discuss everything you need to know about Joomla Malware removal and how to secure your website for the future.

First of all. How can I tell if my website’s been hacked?

hacked joomla

Sometimes errors on a website appear for others reasons – after updating Joomla, renewing plugins, on days with bigger traffic your website might slow down if you’re using a hosting plan with limited resources.

In order to determine whether your website’s security has been breached, it’s very important to look out for unusual behavior patterns for your website.

  • You find unrecognized content/ads on your site – one of the main forms of malware is called adware. It’s goal is to spam your website with various ads promoting products or services, as well as collect data about your users behavior.

Quite often these programs will spam pop-up us for fake offers or link to various click-bait articles. If you find that your website is spamming ads, then that’s as clear signal as you can get,  that your website is infected with malware.

  • Website slowed down, uses more resources – a slow down shouldn’t be a surprise or a thing to panic about if you’re using a shared hosting option which offers limited resources. With larger amounts of traffic, your site can slow down.

However, if your website starts to behave unusually, uses much more resources than it normally does for a longer period of time, this could also be an indicator that your website has been infected with malware.

  • Browser displays a message “contains malware, unsafe, etc.” – sometimes a browser will display a clear message that a website has been breached and is dangerous for anyone that visits it.

Google Chrome flags websites as unsafe following these criteriass:

  1. the website has a history of unsafe behavior
  2. it redirects you to an unsafe website
  3. the website is recognized as malicious by the browser itself
  • Your hosting account has been suspended by the provider – another case that’s pretty obvious that your website’s been breached, the fact that your hosting has been suspended. One of the reasons for web hosting suspension could be storing harmful or illegal content on a cracked website’s hosting.

Many hosting provider will initiate an immediate suspension of your account if it detects malicious software on your website. This is done in order to protect other websites on the server from getting infected as well.

  • You receive a message from Google Webmaster Tools – in some cases Google informs you automatically about a breach in your websites security or suspicious activity on it. This can be done via email, or an sms message.

So, if you receive a warning from Google Webmaster Tools, your website definitely needs checking out.

Joomla malware removal, a step-by-step guide

joomla malware removal guide

1. Create a full website backup

Performing a website backup is mandatory before you make any changes for your website.

In this case as well. Make a copy of any important folder or document that’s crucial for your website before proceeding with the cleaning process.

2. Download a fresh copy of Joomla

go to the official Joomla website and download a clean new copy of Joomla for your website.

The first that you’ll need to do here is to compare the joomla files that are already on your website with the ones from the downloaded fresh Joomla copy. This can be done via a file comparison tool (Diffchecker, WinMerge, Diffnow, etc.)

3. Compare and clean your Joomla files

the comparison checker will show you the differences in code between your hacked Joomla and a clean copy of Joomla you just downloaded. Next, you’ll need to clean and/or replace any file that is suspicious or harmful to your website.

Usually, malware targets the core files and folders of a hacked Joomla website – so check them out first and make replacements if necessary.

If the issue remains, you may need to check your plugins and themes, in other words, things that may have been downloaded from 3rd party sources and left vulnerable to being hacked and make necessary replacements there.

Lastly, you might want to check your database and common files like index.php, configuration.php and .htcaccess files too, just in case malicious software has spread to those parts of your website as well.

4.Update Joomla and components

After you’re done with cleaning infected files, you can move to the step of updating your Joomla site and its components. One of the main reasons why a website gets its security breached is the outdated modules that are present on a website.

Perhaps you haven’t been updating the CMS itself, the main plugins that you use or your theme which eventually led to gaps in security. That’s why during this step you need to make sure that everything is up-to-date.

5.Take a look at the admins of your website

Another way that malware could have reached your site is through a hacked account on your website. Perhaps there’s too many people that have administrative privileges on your site?

Reviewing accounts on your website is another step you need to take to ensure that your website is safe from malware. Such a program could’ve easily hacked or created a fake admin account hidden among normal users. This way, they’ve had access for your website.

Look at your accounts closely and remove anyone that seems suspicious.

6. Take a look at your modules

Even the most trusted add-ons can sometimes fall victim to hackers. Just recently one of the most trusted SEO extension suffered a huge breach in security which results in massive user data leaks.

No matter how much you love a module, if it puts your website at risk, it isn’t worth it. Some creators even abandon modules after a while and don’t update or fix them anymore.

Look closely at the modules and extensions that you use the most. Maybe it’s time to switch to a different one that has got the same function?

7. Make a website backup once again

After you’ve done cleaning and updating, it’s time to back up your website once again. Safety first. This is to make sure that you have a safe copy with all your files, in case something similar happens in the future.

8. Scan your computer with an antivirus

Another steps towards safety. An antivirus program will help you make sure that the cleaning process was successful and your environment is malware-free.

Any antivirus program should do the trick, however, you might also perform a check with one designed specifically for malware removal (like “Malwarebytes” scanner for example).

9. Check your website status for search engines

Has your website been blacklisted by the time you were done cleaning? It’s to submit it back for reconsideration. Many of the biggest search engines – Google, Bing, Yandex, etc. – may blacklist a website for having malware and endangering the average user.

If this indeed happened, head on to the Google Search Console and readmit your website for the search engine.

Future prevention of an infected Joomla CMS

protect Joomla in the future

Removing malware can be a hassle, burn a lot of time and effort. Here’s some recommendations to prevent it happening in the future:

Regularly update your website environment

Don’t neglect Joomla or your website extensions and modules, and keep them up-to-date. Many creators regularly improve their products security including Joomla. With every update the platform is getting better.

Improve your website’s basic security

Enable things like a captcha system, a two-factor security method and a website firewall if you don’t have one. These are basic security steps, however, they can significantly improve its safety.

Less administrators/super administrators

Like mentioned earlier, your website’s administrator accounts could be one of the main sources of a malware infection. Its greatly recommended to reduce the amount of people that have significant privileges on your website.

One way of going around this could be achieved by simply reducing the amount of accounts overall. Or you can reduce the privileges of accounts with admin status.

All in all

In this article we’ve discussed how to deal with a malware infected Joomla website: how to recognize malware, remove it and replace it with a fresh copy of the CMS. A simple deletion of files won’t do it, you need to create a backup as well take additional measures in order to ensure your Joomla website’s security in the long run.