Malware attacks on your website can occur and continue without you ever knowing you have been hit. Until your site is blacklisted and people complain that they are not getting your emails.
Once your domain is blacklisted the effectiveness of all your Internet activities falls away to zero. Worse that that your reputation is badly damaged and customers will be reluctant to continue contacting you.
So what can be done to avoid the damage to your business from malware?
- The risk of malware attacks can be minimised.
- Site sanitation can be monitored.
- When malware (or any other infection) is detected remedial action can be taken BEFORE your domain/website/emails are blacklisted and site security strengthened to guard against further attack.
[opmIf current_user_can(access_optimizemember_level1)]
Risk Minimization
- Use very strong passwords for your control panel and CMS admin access.
- Change passwords frequently.
- Keep your CMS up to date.
- Keep your supporting add-ons/plugins up to date.
- If you installed WordPress using Softaculous, you can configure the installation to automatically update WordPress, plugins and themes.
- Monitor your sites behaviour and activity.
- Respond to alerts promptly.
- Get help if a problem seems beyond your capacity.
Download the Infosheet on Website Maintenance in the Business Builder subscribers area for a step-by-step guide to minimizing the risk of any sort of attack on your website.
Monitoring
Site monitoring at its most basic checks that your site is online and accessible to the public. A site monitor can also check that other systems or specific pages are working as well. You can monitor your site in several different ways…
- Visit your site regularly and check that the pages are appearing properly and links are working. Check that your pages load completely and accurately. Check that links are not broken and lead to the correct locations.
- Visit the management interfaces of your website and hosting control panel and check for correct operation and suspicious use. Download the Infosheet on Website Maintenance in the Business Builder subscribers area for tips on monitoring your website.
- Check that your site is not listed on any of the blacklist monitoring sites such as MX Toolbox, Quterra, Sucuri, Web Inspector, (Google blacklist monitor). Also check your Google Webmasters report which will advise on whether or not your domain has problems with Google.
- Outsource site performance and/or security monitoring. Check out the clickonIT.com.au monitoring service and SiteLock security monitoring.
Cleaning up
Here’s a great article that gives a step-by-step overview of a manual malware clean-up process…
http://blog.sucuri.net/2011/02/cleaning-up-an-infected-web-site-part-i-wordpress-and-the-pharma-hack.html
Security plugins can help you monitor, detect and cleanup all kinds of different attacks on your WordPress site. Try plugins like WordFence, WP Security, Look-see.
[/opmIf]
Prefer to get this done for you?
Guarding against website malware infection is a highly specialised and tedious task. It is a prime candidate for outsourcing, but who can look after this for you?
After repeated attacks on one of our own magazine websites we decided to engage Sucuri.net and the results have been spectacular. Sucuri was able to remove residual and concealed malware backdoor infections that would otherwise have remained invisible and constant sources of reinfection. Thereafter, a combination of daily software updates (WP-Guardian) , Sucuri’s firewall protection and ongoing monitoring has delivered a fault-free, reliable and secure service. Well worth the investment in lost traffic through downtime and restoration work. Sucuri.net should be a high priority for all business websites.
