Malware is a burden on site owners, developers and security companies alike. What is malware and why does it matter to your small business? If you fail to check for malware, it can ride roughshod over your website – leaving you out of pocket and with an ever-decreasing user base.
The best solution is to prevent malware attacks before they happen, using a number of tools, plugins and services.
However, if you’ve found this information after your website has been attacked, don’t worry. The effects aren’t permanent, and you can be back to normal in a flash.
In this post, we’ll first discuss what malware is and how you can be affected by it. We’ll then look at how to cure an already infected site, and cap it off with some ways you can protect your WordPress website in the future. So, let’s get to it.
What is malware (and how does it affect your website)?
Malware – short for malicious software – is intrusive code that tries to take control of your website in some way. It’s normally installed via a corrupted file, and often packaged within an otherwise “healthy” piece of software. However, malware can take on many forms:
- Viruses. This is the most common example of malware. It is often found lurking in suspect email attachments.
- Trojan Horses. Named after the Greek method of warfare, this is also known as “backdoor malware.” It’s normally disguised as a legitimate program, but once installed, it can take control of your entire computer.
- Drive-by downloads. This type of malware uses your website as the delivery method for other corrupted files, and depending on the security exploit, can cause damage without the recipient noticing.
You’ll also come across malware classed as “pharma hacks.” This type embeds links to suspect websites within your content and search engine results pages (SERPs).
Being infected with malware has a huge impact on your website and your business. Aside from the obvious monetary and time investments involved in fixing the (potentially multiple) issues, a debilitating customer trust problem can result. After all, if you appear to be putting your customers’ web safety and personal details into jeopardy, you’ll likely see your income go into freefall.
How to cure a site infected with malware
In some cases, you won’t see a clear warning that you’ve been infected with malware, although most browsers now warn you before allowing you to navigate to an infected website. However, even if you haven’t noticed a warning, you can usually spot the signs on your website itself (such as with a pharma hack, if you check for malware once in awhile). In the worst-case scenario, your website visitors might even notify you directly.
At this point, you’ll first want to scan your site to confirm the malware exists.
Once you’ve finished your check for malware and understand the diagnosis within your files, it’s time to fix your site. We’ve actually touched on how to recover from a malware attack previously.
Although this advice is Google-specific, it’s still a solid general process for banishing malware. That said, this method does rely on you having a clean backup to work from. If you don’t, your job will be a little harder, but there are still ways to fix a hacked WordPress website without a backup.
How to protect your website from future malware attacks
While we’ve covered how to keep your website safe in the past, the following advice is focused more specifically on protecting yourself from future malware attacks. These four tips will help you shore up your site going forward:
- Back your site up regularly. If you don’t already do so, make sure you back up your site often. The Site Backup feature for sites hosting via GoDaddy is a smart option, while UpdraftPlus is also a popular and free solution that’s easy to use.
- Choose a suitable host. Quality hosting can offer an extra layer of protection. While shared hosting is sometimes seen as less secure due to the number of sites on each server, dedicated managed WordPress solutions work around that problem.
- Update your account passwords. This should be a standard step after any attack, as your login credentials might have been compromised. Choosing a strong password is pretty simple, and while WordPress does include a dedicated password generator, there are plenty of other useful tools online.
- Install a quality security plugin. This is another no-brainer, as these plugins can cover a variety of security bases. There are many solutions available, although Wordfence Security is a leading contender that will check for malware.
Finally, be selective when it comes to what you install on your website.
You should only install plugins and themes from their official directories (the Theme Directory and Plugin Directory respectively), or reputable theme developers, such as StudioPress and Elegant Themes.
Malware can ravage an otherwise healthy site – and often the cause is completely under your control. Taking the necessary steps to protect your site and swipe away malware for good is well within your grasp.
This post has offered a primer on hacker attacks, and explained what is malware and how to keep your site safe. At this point, you should be well on your way to keeping the “baddies” at arm’s length – although be prepared for a constant battle on that front!
Also published on Medium.