Website Malware Removal – Using a Security Plugin, But Still Got Hacked?

Published 12 April 2021
Updated 28 February 2024
Agnes Talalaev
SEO wizard at Patchstack
Table of Contents

In this article, we will look into common attack vectors that are not covered by any web application firewalls or security plugins.

As a web developer or a website owner, it’s important for you to know that your sites are properly protected. 

Unfortunately, the security landscape changes rapidly and some attacks might come from an unexpected source, which even advanced security products fail to address.

Phishing attacks and social engineering

It’s known for years that the weakest link is not the computer systems, but the people operating them.

One of the common phishing and social engineering techniques is to trick the user into entering a username and password (such as a website admin panel password) into a fake login form.

website malware removal

Social engineering is also used to send emails on behalf of someone else and trick you into paying fake invoices or making you download files that end up being malware.

Other use cases can be also getting you to share personal information, stealing credit card information, and more.

PS! Never re-use the same password across multiple accounts online. Hackers always map all your online accounts and see if they can access other accounts with the stolen credentials as well.

Read about how to implement secure passwords here.

Data leaks

Most large companies have witnessed an attack where the user data has been stolen and then sold on the dark web. Most of this data eventually becomes public information and is easily accessible for attackers.

 If you’ve been re-using passwords, such leaks can give the attacker direct access to any of your accounts.

website malware removal

Linkedin, Myspace, 000webhost, Hostinger, WHMCS, WPSandbox, 8tracks, Adobe, Avast, Dropbox are just some of the many companies whose user data has been leaked. You can see the full list here.

Check if your passwords have been stolen here.

Computer viruses

There are different malware types that eventually can give access to your website. Let’s cover the most common ones.

Stealing access from developers

Computers are constantly targeted with malware that stoles information. Development tools are often targeted as well.

website malware removal

There is known malware that is trying to steal FTP credentials from File-Zilla users and SSH keys to access your web server. As long as to computer is infected, it will continuously send the data from your development tools (Putty, File-Zilla, etc) to the attacker.

Keyloggers

Keyloggers have been around for such a very long time, that we could easily call them “old-school”. Keyloggers are still being used by even government-sponsored attacks worldwide.

Keyloggers usually monitor your keystrokes, take regular screenshots of your desktop and send all that information again, regularly to the attacker.

How to recover from such attacks?

None of these attacks are targeted directly against your website. Website security products, hardening or other security plugins, etc. can’t prevent those attacks from happening. You still might need to perform website malware removal even if you have the most expensive security tool in use. But why?

Website Hacking Statistics

Because the problems explained in this article are the ones you cannot fix with any website security tool or plugin.

You cannot block phishing attacks, because they are not connected to your website in general. There are no hardening settings to protect your website from computer viruses and so on.  

But to keep your website secure, clean from malware, and out of blacklists you can do your part. We have explained in detail the biggest myths in website security and how you should approach security if you want to keep your website secure here.

Some tools allow you to reduce the risk, by limiting the access to the admin panel from a specific IP, so even if the credentials are stolen, the authentication can’t be completed. 

You can do that for example from the Patchstack App and apply specific IPs for admin authentication across all your sites.

The latest in Security advice

Looks like your browser is blocking our support chat widget. Turn off adblockers and reload the page.
crossmenu