Do you have a serious malware infection within your site and need guidance on how proceed? At Nexcess we're ready to help guide you through the process.
What to do when your site has been infected
If your site was infected with malware, these are the steps you need to take now.
The actions we describe below are listed from easiest to most complicated. If you’re unsure how to do any of these steps, please get in touch with our friendly support team by email or through your Nexcess Client Portal. They’re available 24/7 to help you.
Update your administrator user password
Update the admin user password for your CMS. In the dashboard of the application or CMS you use to manage your site, update the password for the admin users who can modify your site’s content and files.
If your site supports it, you may use the command line interface (CLI) to reset or update admin user credentials. This is an advanced method, and you’ll need more advanced knowledge of your CMS to make changes.
Review admin users
Check the list of your site's admin users (users with the role of Administrator or similar) to ensure you recognize them. Remove any admin users who shouldn’t have access to your site.
Update your application or CMS
Ensure that your application or CMS is updated to avoid unpatched software security vulnerabilities. Keep plugins and modules updated on the site. Those plugins or modules can be updated in your site's dashboard or the command line (CLI).
How to keep your WordPress site secured
The best practices for tightening up the security for your Magento are well documented in the following article:
How to secure your WordPress site | Nexcess
How to keep your Magento store secured
The best practices for tightening up the security for your Magento are well documented in the following article:
How to improve the security of your Magento store | Nexcess
Update your database user password
Update the database user password for your application and CMS and then update any application configuration files with that new database password.
If you need assistance with how to update the password of admin users or how to update your database user password, please get in touch with support.

We’re here to help
Of course, we’re always here to discuss your options to clean up your site.
For 24-hour assistance, any day of the year, contact our support team by email at support@nexcess.net or through your Nexcess Client Portal.
Fully Managed Hosting plans with Nexcess
Nexcess Managed Hosting offers you faster speeds, more robust security, inherent scalability, and trusted support. Once your website is ready to go live, consider our stellar hosting plans:
- Managed WordPress Hosting with automatic plugin and platform updates.
- Managed WooCommerce Hosting with built-in image compression and the acclaimed StoreBuilder interface.
- Managed Magento Hosting with instant auto scaling, PCI compliance and premium security.
Nexcess Blog
Stay up to date with the latest news in hosting on the Nexcess Blog powered by Nexcess experts. Subscribe to make sure you never miss an update.
Nexcess Knowledge Base
Search our vast repository of web hosting help articles in the Nexcess Knowledge Base with expert guidance for optimizing your website and online store.
Why choose Nexcess?
We’ve optimized hosting for the industry’s leading commerce and content platforms. That means speed, security, scalability and support are built in. Backed by free migrations and 30-day money-back guarantee, let us show you why we’re the best.
No one optimizes hosting for open-source applications better than Nexcess!
Related articles
- Is WordPress Secure? How to Protect Your Site | Nexcess
- WordPress Malware Removal Techniques to Try | Nexcess
- Using the Paid iThemes Security Pro Plugin Version | Nexcess