This plan is for addressing websites that have been compromised. There are
levels of compromise so each occurrence will need to be overseen. As a
general rule this is a list of the immediate and on-going steps that need to be
taken.
Immediate Steps:
- Cycle FTP passwords.
- Remove unneeded or malicious user accounts and cycle passwords for
admin users. - Cycle database password.
- Scan for malicious code manually.
- Scan for malicious code automatically with Imunify.
- Deleted malicious files and folders.
- Remove and malicious plugins or modules.
- For WordPress, install WordFence.
- Daily backups
On-Going Steps:
- Daily automated malware scan and manual review.
- Error and traffic log review.
- Uptime monitoring implementation and review.
- 14 day protocol.
