Malware
Malware is malicious code that sneaks onto your website to do harm — redirecting visitors to spam, stealing data, or hijacking your site to attack others. On WordPress, it usually gets in through outdated software.
Also known as: malicious software · website malware
In plain English
Malware is software written to do something bad on your site without your permission. On a website, that might mean redirecting your visitors to sketchy pages, injecting spam links, quietly stealing customer information, or using your site to launch attacks on others. It almost always sneaks in through a known security hole in out-of-date WordPress, a plugin, or a theme.
Why it matters for your business
A malware infection hurts you three ways at once. Customers land on spam or get scared off. Google may flag your site as "hacked" and bury it in search. And your reputation takes the hit. Worst of all, it's often invisible to you — your site looks normal while doing damage in the background. Catching it early, and closing the door it came through, is everything.
How it gets in (and stays out)
Almost every infected WordPress site was running something out of date with a known, patchable hole. Keeping the software current, adding a security layer, and scanning regularly is what keeps malware out — and a clean backup is what gets you back fast if it ever slips in.
Common questions
- How do I know if my site has malware?
- Common signs: visitors get redirected to spam, Google shows a 'this site may be hacked' warning, your traffic suddenly drops, or your host emails you about it. Some malware hides well, so a proper scan is the only way to be sure.
- Will cleaning it once fix the problem for good?
- Only if you also close the hole it came through. Removing the malware without patching the vulnerability usually means it comes right back. A real cleanup removes the infection and hardens the door it used to get in.
Related terms
Run into this on your site?
Security & Malware Cleanup