When people think about malware, they generally focus on the need to protect their desktop computers. Shorthand for “malicious software,” malware actually encompasses any software placed on your computer, mobile devices or system without your consent. It can work its way into your website and from there, harm your business customers. Remember, trust is hard to earn. Once it's lost, you might never win it back, especially if Google blacklists your site from search results. But there is hope. Read on to learn how to spot the warning signs and all about malware removal.
Express Malware Removal from GoDaddy can start cleaning up your infected site in as little as 30 minutes.
For many companies — whether multinational giants or sole operators — their websites are the lifeblood of their business. Anything that knocks their site offline, drives people away or damages their reputation is a serious threat.
What does malware do?
Falling prey to website malware is a fast way to lose your customers' trust. While your website might seem fine to the naked eye, a wide range of threats can lurk below the surface.
For starters, malware infections can severely slow down your website. While you risk losing customers over this (the average customer will wait only three three seconds for a web page to load), it's the least of your worries.
Here’s what you should really worry about:
Loss of private data
Malware can grant hackers access to your database — exposing customer details such as login credentials, financial details and other sensitive data. If stolen, this could hurt your customers and your reputation.
You can't sweep such incidents under the carpet, with Australia's new mandatory data breach reporting laws forcing businesses with annual turnovers of $3 million or more to come clean or risk penalties. As Australians become more privacy-aware, a major security breach can be seen as a breach of trust that your customers might never forgive.
Passing malware on to others
If your website is infected, hackers might be able to monitor the real-time activities of those who visit your site, in order to steal their data or even steal their identities. Meanwhile, your website might be delivering drive-by downloads to infect visitors’ computers with malware.
Compromised websites can also serve up infected ads, exposing visitors to scams or further malware.
Enslavement by a botnet
Then there's crypto-mining malware, whereby hackers harness your processing power to quietly mine cryptocurrencies like Bitcoin in the background, even as people visit your site.
All this can be happening silently behind the scenes, putting your business and its customers at risk.
Part of Google's efforts to make the web a safer place include scanning for infected websites and blocking access to them. If Google finds malware on your website — whether or not you’re aware of it — your site will be blacklisted. Depending on their browser, visitors trying to visit your website could receive one of these messages:
- The Website Ahead Contains Malware!
- Danger: Malware Ahead!
- Reported Attack Page!
- Suspected Malware Site
- This website has been reported as unsafe
You'll certainly feel the short-term pain if your website is blacklisted, but there are also long-term consequences when it comes to your reputation.
How is your website vulnerable?
These days, even the smallest businesses can build interactive and engaging websites — but the more complex your site, the more vulnerable you are to attack.
Hackers and malware rely on exploiting weaknesses in your website. It could be as simple as cracking a weak password you've used to secure one of your backend systems, a password that is easy to guess or crack by brute force.
They also target known vulnerabilities in popular applications used to build websites, such as WordPress, Joomla and Drupal. Alternatively, they might break in via one of your website plug-ins such as your image gallery, contact form, shopping cart or customer support portal.
Another attack directly targets your database using tricks like SQL injection and other exploits. These can trick the database into giving up sensitive information or even act as a back door to grant hackers full control over your website.
What you can do to protect yourself
Firstly, use strong passwords and ensure that you don't reuse passwords between different systems.
Those update reminders you’re always getting are an easy opportunity to keep site security strong, since they often close gaps that criminals have been using to break into users’ systems. Accept updates right away.
Simply updating the main application that runs your website, like WordPress, isn't enough. It's important to check for updates on any themes or plug-ins too. You should install third-party plug-ins sparingly and with care, as each one adds another potential entry point for hackers.
Also, keep in mind that some website plug-ins are actually designed to steal your data and help hackers break into your site. Do your research and only install plug-ins from reputable developers and sources such as WordPress.org.
If you use Google's Webmaster Tools, you'll be notified if your website is blacklisted due to a malware infection. If not and you notice incoming traffic to your website suddenly drops, you can check to see if your site’s been blacklisted manually. But at this point, the damage is already done.
Malware removal is just a click away
If your website is infected with malware, Express Malware Removal can begin cleanup in as little as 30 minutes. This comprehensive service manually removes any threats and repairs your site as many times as needed until its 100 percent clean and safe.
The Express and Deluxe plans of GoDaddy’s malware scanner come with a web application firewall (WAF) to help keep out hackers and other suspicious traffic, while allowing legitimate customers through.
Website malware is big business for hackers, so you need to remain vigilant to ensure that your site remains safe and secure. Malicious software can lurk behind the scenes, invisible to you until the damage is done.
Always use strong, unique passwords known only to you. Use only reputable software and plug-ins from reliable sources. Master the security settings in your applications, services and plug-ins and update everything as soon as you’re notified.
By installing a WAF and malware scanner, with malware cleanup tools and backups at the ready in case of an attack, you can keep your site clean and humming along.