UPDATE: This online virus scan post was originally published on 18 March 2020 and updated on 14 September 2020.
You know what a virus does to your computer if you click on a bad link? Some will deface your website for all the world to see … or even allow a hacker to take control of it until you pay a ransom! Destructive code can also be embedded in your website, leaving your customers at risk of becoming infected too. The good news is that by understanding the basics of cybersecurity — starting with a free online virus scan — you can turn away threats, safeguard your online data and protect your site visitors.
Think you're too small to be hacked? Small businesses are targeted more because hackers know that startups don’t have the same resources that big businesses do to protect their websites.
What does an infected website look like?
You may have malware or viruses if you notice:
- Pop-up ads
- Performance problems like slow-loading pages
- Administrative pages that are responding oddly
Every website is vulnerable to damage by hackers. Hackers can erase data, steal private information like customer details and credit card numbers or shut down your site altogether.
So what can you do?
The first step is to use an online virus scan like Norton Power Eraser to see if your website has been infected.
Editor’s note: Already in full-on I’ve-been-hacked mode? With Express Malware Removal, our experts are on the job within 30 minutes. And they don’t quit until your site is 100% clean.
These 5 steps will keep your site clean
Website clean and virus-free? Congrats! Now here are a few things you can do to keep it that way:
- Use strong passwords.
- Install an SSL certificate.
- Know who’s hosting your site.
- Back up your site.
- Keep software updated.
A few of these are set-and-forget steps, while others require constant mindfulness.
1. Use strong passwords
Since passwords using a unique combination of letters, numbers and special characters are hard to remember, many of us are guilty of using weak passwords.
Hackers use computer programs that can make numerous login attempts per minute until they “guess” your password.
The answer? Use strong passwords. Changing your passwords every three months, and not using the same password for multiple sites is necessary, even if it’s not convenient. Just get into the habit.
Pro tip: Consider a password manager like LastPass to simplify it all. These tools even tell you when you’ve used a password more than once and propose new, stronger passwords.
2. Install an SSL certificate
When you do a Google search, have you noticed the green badge with a tick mark next to the list of websites? The green tick tells you which websites are safe to click on. You can also look at the URL, and if it starts with ‘https’ instead of ‘http,’ you know the site is safe to browse.
What that extra “s” tells you is that the site is protected by an SSL Certificate. What is an SSL? It encrypts information flowing to and from your website so thieves can’t steal passwords and credit card numbers.
If you’re collecting customer data like email addresses and payment details, you need to protect them with an SSL certificate.
If you don’t have an SSL for your website, Google may mark it as ‘Not secure’ and warn potential customers. A ‘not secure’ warning isn’t a good first impression — in fact, most people will quickly click away.
3. Know who’s hosting your site
Every website must be hosted in order to be visible on the internet. Hosting is invisible, so most of us don’t think about who is hosting our site and how secure they are.
Take time to find where your website is hosted and what services they offer to keep you safe. Ask about:
- Their firewalls
- DDoS protection
- Remote backups
- Security monitoring
Hackers can gain access to your site through your hosting service, so make sure you’re with someone you can trust.
4. Back up your site
Just like you back up photos or computer files, getting into the habit of backing up your website is a good decision.
A backup is a copy that can be used to restore your website to a clean state.
Not only will backing up help you if there’s a breach of security, but it also protects you if a non-malicious activity happens. You’ll be thankful for having a backup if:
- Someone accidentally deletes a file
- The system crashes
- An update fails to install properly
You’ll want to back up all the pages, including documents, multimedia content, databases and email accounts. You can either do the backup yourself or hire a backup service to keep you safe.
Editor’s note: Defeat hackers with automated daily backups — restore your website to a clean state with one click!
5. Keep software updated
Keeping your anti-virus software up to date is a good start, but there’s more you can do.
Wordpress is a frequent target for malware. With 30% of all websites built using WordPress, hackers like to go where they can cause the most trouble. Check regularly to make sure your Wordpress themes and plugins have the latest security patches and delete old themes and plugins.
Common cybersecurity terms defined
We’d like to close with a few terms related to digital security that most people aren’t familiar with.
This is a broad term that stands for malicious software. You may have heard of the terms like virus, worm, adware, spyware, Trojan and ransomware. These are all types of malware that can affect both your computer and your website.
Malware is software or code written to:
- Cause damage
- Steal data
- Gain access to private information for financial gain
Your computer is vulnerable when you click on a malicious email link, run an infected program or use a bad plugin.
Pro tip: Never click on links or download attachments in emails from unfamiliar senders.
A blacklist is a list of IP addresses suspected of distributing spam or malicious emails. If your website is blacklisted, your emails may be blocked by the receiver’s spam filter.
Also known as Web Application Firewall (WAF), a firewall stops malware before it reaches your website. It protects your site by removing bad code before it causes damage.
An SSL Certificate encrypts data flowing to and from your website so customers can safely share sensitive information with you online. Google now labels website without SSL certificates as ‘Not secure.’
You’re now ready to protect your website
Understanding the basics of cybersecurity is the first step to protecting your business from a security breach.
By following these five best practices, you’re in control of preventing an attack and will know when to seek help from experts if and when you need it. For further reading, check out the GoDaddy Guide: Website security and backups.