Learn how we automate the process of:

  • Positively identifying and removing ALL website malware
  • Monitor your website files
  • Determine how your website was infected
  • Protect it from being infected

Malware Removal – Signature Based

First, we use our vast database of signatures. These signatures positively identify known malicious code. This database grows constantly as we find new malicious code. This is the fastest method of website malware detection which is why we use it first.


Understand that others in our industry talk about “hashes”. These are file hashes that are created on your files, then compared to hashes of what the files should be. We DO NOT use hashes. They are too strict and too slow for us.


There are two types of malicious code: infectious and infected. Infectious code is malicious code that is injected into known good files. It tries to infect the device used to browse the infected website. This code is accurately removed from the good file – automatically.


Infected code are files the cyber criminals have uploaded to the infected website. These could be backdoor shells, phishing files or other such malicious website malware. These files are removed by our system – automatically.


Our scanner was developed in-house and uses the fastest most accurate methods to positively identify website malware with no false-positives.

Malware Removal –¬†Anomaly Detection

Our Anomaly Detection identifies website malware based on what we consider to be normal, and flagging anything outside of that. The flagged code, potentially un-desirable, is further analyzed by our system which decodes all obfuscated code and checks it against our vast rule set.


One example is finding a .php file in an images folder. It may or may not belong there, it may have passed our signature based scan, but it’s suspicious so it gets analyzed. If the code is trying to connect to another server, or grab files from another server or other such potentially malicious actions, it will meet many of our rules and given a probability number. If this number is high enough, it is determined to be malicious.


If flagged code is determined to be malicious it is automatically removed.


In this phase our system is also analyzing the log files looking for evidence of how or when this file might have been placed on the filesystem for your website.


This process of our service is extremely accurate at finding all malware but is more time-consuming so we still use the signature-based detection first. Malicious code found during this process is added to our signature based database for more efficient detection in the future.

Malware Removal –¬†Behavior Analysis

Behavior analysis (BA) involves examining code that passes the first 2 tests (signature-based and anomaly detection). Here our system is actually analyzing the code looking for suspicious behavior: file uploads, remote file inclusion, access to the filesystem, etc. These types of behaviors are examined fully and along with log files helps our system determine if the code is malicious or not.


Our BA engine is the final step in our positive identification of website malware and is the most time consuming – still automated, but requires more system resources than the previous two methods.


All of these methods have been perfected by our service and constantly updated as the methods of cyber criminals change.

File Integrity Monitoring

Experts agree that prevention is necessary – but so is monitoring!


With our File Integrity Monitoring every change to your website’s files are examined by our system. If malicious – it’s automatically removed and our system works on determining the root cause analysis (how it happened).


Our Basic and Free Plans check your sites once every 4 hours. We’ve perfected the process so it only takes 4 seconds to check a website’s files for any additions or changes. Any files that have been changed or added since the last check, are automatically scanned for website malware with all the processes listed above.


If any malicious code is found it’s automatically removed on our paid plans! No need to create a ticket, no need to login to our dashboard, no additional fees. That’s the real benefit of an automated process. Then you’re notified.


On our paid plans, you’re notified with an email that let’s you know what was removed and how it happened and any actionable steps you might need to take to help us, help you, keep your websites malware free.


That’s our innovation working for you.


Our re-infection rate is something we’re extremely proud of: .047%


This means that 99.953% of the time, sites we clean and protect stay that way. These numbers only include sites that were infected before using our service.


Your website is analyzed by our systems and we produce and implement a micro-tuned security strategy designed specifically for your website.


If you have a Joomla website on the same hosting account as a WordPress website, our system produces a totally separate security plan for each. Most web application firewalls apply all their rules to all the websites – not customized at all.


Our system blocks: SQL injection, cross-site scripting, remote file inclusion, local file inclusion, cross-site request forgery and many other attacks.


We believe, and we’ll think you’ll agree, this approach, this customized security plan, is better suited to protect your websites from the advanced strategies of today’s cybercriminals.

Root Cause Analysis

This part of our process is quite unique. Usually customers tell us they were told by other services, “update all your scripts, change all your passwords and run a good anti-virus program on your local computer.”


We don’t use such a generic approach to your website security. You want to know “how” your site was infected. It’s only human nature. You want to know!


Our process analyzes your files and logs to determine how your website or websites, were infected. Even on a hosting account with multiple websites under one control panel, our system can determine how your sites were infected – which one was used as the point of entry, if there were more than one successful breach, etc.


Don’t you want to know?