Skip to content

Step 3: Cleaning Process

Verify Your Backups

Critical Step

Before making any changes, ensure you have clean backups available. A backup from after the compromise began may contain malicious code.

  1. Identify when the compromise likely occurred
  2. Locate a backup from before that date
  3. Verify the backup integrity
  4. Test the backup in an isolated environment

Clean the File System

For Managed Hosting Customers: Tibus support will handle this process

For Self-Service Customers:

  1. Download Clean Versions

    • Get fresh copies of your CMS core files
    • Download clean versions of themes and plugins
    • Save any custom code separately for review

  2. Remove Malicious Files

    • Delete unauthorized files
    • Replace modified core files
    • Clean upload directories of PHP files

  3. Review Custom Code

    • Check all custom scripts for modifications
    • Look for obfuscated code
    • Verify file permissions are correct

Clean the Database

  1. Export Current Database (for analysis)
  2. Check for Malicious Content
    • Review user accounts
    • Look for injected scripts in content
    • Check for modified settings
  3. Remove Suspicious Entries
    • Delete unauthorized users
    • Clean infected content
    • Reset critical settings

Next Step

Proceed to Step 4: Recovery