Recently, one of WordPress hosted on Siteground has been infected with malware. When Siteground detects malware, they block the affected site(s) and send an notification to the site owner.
Just for your reference: if you sign up for Bluehost's Shared Hosting plan by clicking on this referral link, you are able to use it starting from USD2.95/month (with 1USD off per month.) If you sign up for a web-hosting service by clicking the links contained in this article, I will get some commission. However, I do not recommend a specific service just for commission; I have been running and managing some WordPress sites from several web hosting companies including Bluehost and Siteground for several years. If you are looking for a cheap web hosting service with relatively good resources, BH's Shared Hosting will be a good option to consider.
When accessing the infected site, the following screen appears.
Visitors will see the message "This site is currently unavailable. If you're the owner of this website, please contact your hosing provider to get this resolved."
An email notification with the title "Important: Malicious code detected on my-domain.com website" is also sent to the site owner.
A malicious code was detected on one of my WordPress sites. I could see some strange files under the WordPress site folder.
There are some suspicious files such as ws.php, wzewsdw.php, etc.
Also, I could find the list of malicious files from my Siteground account page.
How to remove malware from WordPress sites
When your WordPress site is infected with malware, you need to remove all strange files from your web-hosting server. However, just removing strange files will not resolve the issue. You may consider to replace all files WordPress files with new fresh ones including WordPress core file, themes and plugins files.
I just restored the data using the Backup/Restore tool provided by SG. Then, I contacted SG to request to unblock my site. They instructed me to take the following action to request a review:
You can now request a review for the site to be re-enabled from your Siteground account homepage > Review > More > Request Review
From my Siteground account homepage, I could find the Review button:
After I requested a review, I received an email notification with the title "Malicious Code Removed From Website my-domain.com" within an hour.
I updated all WordPress theme and plugins to the latest version and installed a security plugin named iThemes Security.
I think It's important to review other sites under the same web-hosting account for malicious codes even after you removed the malware from one of your sites. I found that other sites were also infected with malware.
