7 Tips to Prevent Malware on My Website
Malware on my Website?
How to Prevent a Malware Attack and how my website was infected.
The 7 Tips to Prevent Malware on My Website
1.- Strong Login and Passwords
You need a really strong login and password, to prevent guessing or hacking your credentials. Do not use your birthday, your son’s name or something like ‘123456’ or ‘openit’. Try to use letters, numbers and symbols, all combined.
2.- Log out from your Website
When you are done working on your website, always, always log out. Doesn’t matter if is your computer, there is always a chance for someone to mess with your stuff, even by accident.
3.- Keep your Apps Up to date
By updating all the software used on your website, you can minimize website security risk.
Keep your CMS (WordPress, Magento, Drupal, Joomla) and all the plugins updated. The developers are usually improving their apps for bugs and minimizing security risks.
4.- Get an SSL Certificate
SSL Certificate (Secure Sockets Layer), is a protocol that adds security over the internet.
The HTTPS or SSL Certificate, encrypt the communication between your website and your customer browser. So, when the customer sends you any kind of data, like name, phone number, SSN, credit card number, all the data is protected.
This makes really difficult for hackers to steal data and credentials, through internet communications.
5.- Avoid Users Uploads
When your customers or users have the ability to upload files to your website, the possibility of getting a computer virus increases. This is because a simple image or piece of data can contain a hidden script that can harm your website.
This can be difficult for sometimes because there are businesses that require the customers or users to send information, images, videos, text. Just try to avoid it to keep your website files, databases and server operating systems safely.
6.- Get Website Automatic Backups
Is always better to have a backup of your Website or Online Shop, just in case. There are a lot of providers and service packages, the better ones are the ones with a daily backup or live backup.
In my opinion, the best are the ones that provide one-click restoration, this means that you can go to any Backup Point, and restore your website from that particular date.
7.- Get Website Security
There are a lot of Website Security companies that provide services like Website Scanning, Firewall, DDoS Attack, CDN (Content Delivery Network) and Anti Malware (Malware scanner and Removal).
Usually, they have packages with all included, and different prices. For example, SiteLock offers Web Security, Cloudflare offers CDN and a really good Firewall, usually, your hosting provider has some Website Security Solutions.
There are many options, just choose the right for you and your budget.
Remember, is a more expensive fix than prevent.
I’m under attack, there is malware on my Website.
I was trying to show my website portfolio to a prospective customer, and the first thing the browser showed was a big red screen with white big lettering that reads “The Site ahead contains Malware”, impossible to hide… and very embarrassing.
I was about sold a website to my customer, but very politely invites me to come back in some other time, with no viruses to share. I’m not a mind reader, but that day, I was. The customer told me with just one look, NO Way!
Later on, I went to my computer and tried to solve the problem, but after a few hours and several scans for virus and malware, I didn’t find anything. I’m a Web designer, no a security expert, told to myself.
The Nightmare Continues
So, finally, I made the call. To customer service and tech support to my former hosting company, pretty sure that they could solve the problem since I previously hired a website backup solution plan they offered with daily backups.
They told me they were available to restore everything, ‘once my server is free of malware, viruses, and worms’.
So they connect me with the security guy. Since I have six different domains hosted on my server, the estimation to clean the all thing was very pricey and three to five days to fix it. Usually, don’t take that long, but was Friday evening, sadly I declined the offer, I needed my sites ready the next day.
I do Web Design for living, and I had a website back up on my computer for all six sites. So I deleted all the WordPress installations, but the problem was still there, even the emails were infected with this lovely malware.
Finally, I just canceled the hosting service.
The journey to a Secure Site begins
In my case, wasn’t that bad to delete the websites, were basically a few pages in WordPress, and I have a backup, was just a couple hours of extra work with manual backups. The worst part was to lose the customer and, of course, the shame.
But what if your website with lots of dynamic content or an eCommerce site is hacked? You can lose all the data, a lot of new customers and sales if your website or your online business is offline for more than a week, plus the cost of fixing it.
What I did and advice to you to do, is protect your website from brute force or malware attacks, the question is how?
My Path to a Secure Site
What I did to Secure my Website
I did a little research for website security services, SSL certificates, Website Backup services, CDNs, and a bunch of must-have, to secure my websites, the thing was, all the prices were individuals and per website. Since I have six websites, was really expensive.
So I started to look for a hosting company that includes all these features, and I found a few options, but I just reduce my list to WP Engine, Flywheel and Liquid Web, both are really good and seemingly expensive, but after comparing with the cost of getting everything separately, wasn’t that pricey.
I chose WP Engine, this company offer WordPress dedicated hosting (and only hosting), but I create all my sites with WordPress, so I didn’t have any issue with it.
I need to mention a couple of disadvantages:
- No Registrar Domain. This means you can not buy any domain name from them, so you need to get it from a third-party. But you can go to GoDaddy and get it very cheap.
- No email. They do not offer email with the domain, but you can get a professional and customized from Google, Yahoo or Microsoft, aren’t that expensive. I found a free customizable email from Yandex but takes forever to set it up.
After these two disadvantages, let me tell you what’s included in my hosting service for all my six websites:
- SSL Certificate
- Global CDN
- One click Restore
- Genesis Framework and Child Themes for Free
I got a lot more advantages, like high website load speed and check page performance. But the ones above, are the ones I was looking for.
WP Engine was the right solutions for me.
My advice, get a reliable hosting company that fit all your website performance and security needs. If your hosting does not offer all that you need, check for third-party services, or other hosting companies.
Remember, you can save a lot of money by not spending it on fixes.
Who trust us
Our company is not B2B or B2C, our company is People 2 People, and these are some of our clients.