We are seeing an increasing number of cases of multiple WordPress sites on multiple domains within a single server, all or many of which are infected with malware (viruses and tampering).
Why multiple sites are infected with malware or defaced in a chain reaction within a single server
Many server operators generally allow multiple domains to be hosted on a single server account.
Because the same root folder is shared by multiple sites, if a vulnerability exists in one site on the server that allows hackers to gain entry, they can access the folders of multiple domains on the server via a program (backdoor ) by tracing that site’s folder to the top, It is possible to plant arbitrary malicious backdoors or malware there.
Example of a program to get the full path of the current folder on the server
$dir = dirname(__FILE__); echo $dir ;
Disinfecting malware on one site in a server but immediately infecting it via another site
This situation is very troublesome because even if the malware is removed, the infection will soon spread via other sites and re-infect the server.
If left unchecked, low-quality programs may be installed, or multiple hackers may compete with each other to install a variety of malware, which may cause the malware to spread,
The site may stop displaying.
Search engines may exclude your site from search results.
In the worst case, the server company may force the entire site to stop displaying the malware to prevent damage.
In the worst case, the server company may forcibly stop displaying the entire site to prevent malware damage.
How to deal with malware chain infection
At WordPress Doctor, we perform batch cleanup and security measures for all infected sites on the server.
Basically, we perform the following tasks
1 Backup all sites in the server
We back up all files, folders, and databases for all sites on your server.
2 We will perform a full program cleanup of all sites on your server, as well as a highly accurate malware scan and removal.
From the backup files mentioned above, we replace all files with malware-free legitimate files and folders in our local work environment, and conduct more accurate malware scanning of files and databases. Some files that are suspected to be infected or frequently infected are visually inspected by experts to remove malware.
Anyone can also use our free WordPress: Malware Scan & Security Plug-in [Malware and Virus Detection and Removal] to easily scan for malware, etc.
3 The above cleaned site programs and files are applied to the server in a batch.
If there is a malware infection across the server, it will be replaced with the cleaned files in a batch. This makes it possible to make hacking via other sites on the same server impossible for all sites at once.
4 Delete unnecessary sites, etc. or quarantine them in a folder with permission 000
After adapting the above data, we will delete unnecessary sites or folders of sites not covered by the request, or quarantine them in a folder with permission 000 (permission not allowed to access via backdoors), depending on your request.
5 Security measures will be taken for each site
Finally, we will log in to the site and perform security measures and simple operational checks on all sites.