We understand cyber-attacks are very frequent, so in order to help our users, we created this article. In the unfortunate case that your WordPress application is compromised, there are certain steps you can take in order to recover.
Please know that Bunnyshell uses are robust security model so the chance for cross-contamination is very low, but you should check all your sites irrespective of this.
Restore your backups
First of all, check your backups. If the security was compromised recently you will, most likely, have backups of the site that are clean. They can be used for a quick recovery, or as a way of checking what was altered.
Enable maintenance mode
Second of all, it might be best to enable maintenance mode so that you can do your investigation undisturbed. This is achieved by going to Applications -> select desired application -> Settings -> toggle Set Website in Maintenance.
Scan your machine
Thirdly, use the Security feature on your Virtual machine called Security Scanning. This will attempt to find certain types of malware, but not necessarily PHP-related.
Moving on, install a PHP malware scanner in order to determine the extent of the compromise. This is very important as it helps you to find out early on.
Lastly, follow one of the following guides in order to perform a good clean-up of your site. Please have a backup as in some instances cleaning up malicious code can have unintended functionality consequences.
Important note: Our recommendation when it comes to recovery is to create a new clean VM on which to restore the clean/cleaned-up applications since sometimes attacks can be well hidden.