What would you do if your site (or even one/all of your client’s sites) was infected with malware?
Bit of a weird situation, but one of my first clients (a local business owner) who left me a few years back for another local firm came back to see if I could improve the look of his WordPress site as his new firm seem to be lacking in that area and unwilling to make any changes.
When I sat down with him a few weeks back and pulled up his site, the first thing that happened was a malicious ad popped up. He doesn’t have any access to the server the site is hosted on, but I pulled up the site’s HTML source code and found the malicious code injected on his page, so I told the guy to contact his firm and get them to fix it pronto.
The next day it was still happening, so I pulled up the firm’s website to try find an email to contact and offer my assistance in cleaning the malware, and the same thing happened on their site – malicious ad popup.
I found an email address and reported the issues to them. 5 minutes later I get an email back from the firm’s director saying he’s aware and is working on it. I offered him my help and he responded saying he’s just fixed it himself.
That same client contacted me again yesterday to say the malware is still on his site, and that he’d contacted his firm and hadn’t gotten a response and asked if there is anything I can do as obviously it’s affecting his business and Google had even blacklisted him from using Adwords because of it. So I sent another email to the firm once again asking if they need any help cleaning it up – no reply.
Today the customer contacted me again to say that he’d finally heard back from the firm and they recon they’ve fixed it. So I pull up his site and all they’ve done is install a free anti-malware plugin which has “quarantined” the infected files. Except they weren’t quarantined at all as it was still happening.
I figure out which files are infected – happened to be a dodgy knock-off version of a premium theme, pull open the WordPress theme file editor, and remove the malicious code myself. Forwarded that information to the firm along with instructions to remove it from any other sites they run using that theme and nothing. Not even a thanks 🙄