WordPress attacked by VCD
What is VCD Virus?
VCD Virus is a malware that infects WordPress websites by leveraging loopholes in the outdated/old plugins and themes. This virus builds a backdoor on your website by adding hidden WordPress admin users.
VCD Virus creates Spam URLs on the website that allows hackers to get access to your website. Then those hackers exploit vulnerabilities in WordPress. Your website appearance will also become distorted and it will stop working eventually.
How to avoid a VCD Virus?
VCD Virus can be avoided with a Web Application Firewall (WAF) and regular malware scanning. Another way is to use Astra Firewall. It protects your website from all such viruses/malware and provides 24/7 security of your website.
How to identify a WP-VCD Virus?
You can identify a WP-VCD Virus from the following symptoms:
- Your hosting provider will suspend your WordPress account.
- A new WordPress admin user has been added without your knowledge.
- Pages on your website are being redirected to shady websites.
- PHP files in the Wp-content/uploads occur.
- You may get a warning message.
- A timeout error might occur.
How does a VCD Virus damage a website?
Many prominent websites have faced serious attacks from hackers and spammers because of a VCD Virus. A VCD Virus gives hackers access to your website and hackers exploit and misuse your website. It is a real threat to small websites especially. Once this virus is identified, your outbound port will be automatically blocked and that will create some problems on your website. These problems are:
- You won’t be able to install any new plugin on your website.
- You won’t be able to change your theme.
- It will affect outbound transactions.
What is the solution available to fix this virus?
Following are the ways to fix the VCD Virus:
With cPanel access
You can remove this virus if you have cPanel access by following these steps:
- Open your cPanel and go to the Advanced section.
- Click on virus scanner
- A new window will open where you will be given options on where you want to scan regarding the virus.
- Select “Scan the entire home directory”
- It will detect the virus in a few minutes.
- Then it will give you 3 options: Quarantine, Destroy and Ignore.
- Select destroy against wp-vcd.php file.
- Click on process cleanup.
- You don’t need to replace it because it is a complete foreign file.
Without cPanel access
If you don’t have cPanel access, you can fix this virus by following these steps:
- Download the website’s file backup
- To download the file backup, you can use an FTP client and scan it locally
- Find this file at public_html/wp-includes/wp-vcd.php
- Delete this file.
How to find VCD malware generator into theme and plugins
This malware adds in premium theme free version, so be vigilant before using premium themes free by downloading untrusted websites. To find VCD malware generator in themes and plugins, you have to download 2 Softwares, Everything and grepWin.
After installing these softwares, you have to delete the malware creator file from your theme and plugins. Make a backup first, to be safe.
Then follow the steps given below;
- Right-click on any folder
- Then right-click on theme and plugin folder
- Click “search everything”
- It will detect the malware
- Then clear the malware file
- Then create zip theme and plugin folder to upload on your website directly
- This way you have successfully removed WP-VCD malware/ hacking script from your website, theme, and plugins.
A step-by-step guide to remove malware from WordPress
Here is the step-by-step guide that anyone can easily use to remove malware from WordPress.
You need to be aware of using FTP and file manager. However, if you are not able to do that, you may try fixing your hacked malware by using plugins.
Now, let’s begin.
Step 1: Scan your computer
Your WordPress can be affected by malware in various ways. One of the ways that malware can infect your WordPress is that if your computer has a virus that is leaking your FTP password. This happens quite often. So you must make sure that your computer is virus-free. We recommend you to scan your computer using an anti-virus.
Step 2: Change the password of your cPanel/FTP
After making sure that your computer is virus-free, you should change your cPanel/FTP password and make sure that it is not a common password. Make it difficult.
Step 3: Download WordPress
Download the latest and updated WordPress package from the official website
Step 4: Remove files
Remove the files from the zip or tar.gz that you have just downloaded.
Step 5: Removing the malware infection
To remove the malware infection, follow the steps given below:
- Login to your FTP or
cPanel> File Manager
- Your WordPress installation files should look like this
Delete all these except the wp-content folder, and the wp-config.php file. Then your installation should look like this:
Make sure there are no strange codes or anything sketchy.
Then check everything in your “uploads” folder to make sure there are no PHP files or anything that you have not uploaded, and you’re done!
Step 6: Re-upload WordPress
Re-upload the WordPress files that you removed in step 4. Also, re-upload your theme if you have removed it.
Step 7: Re-install plugins and change WordPress Admin Password
Now, you should be able to access your dashboard and change your password. Select a difficult password otherwise, you’ll get hacked. Also, re-install plugins.
Step 8: Remove Google Warning
Now that your site is free from malware, you can submit your site to google and get the warning “This site may harm your computer” removed. Then login or create an account at Google Webmaster Tools, add your website, click “Health”, and then click Malware,
Lastly, request a review and you’re done!