If your website has ever been hacked or riddled with malware, you know the damage it can cause to you and your website visitors. The cost and time it takes to recover from a malware attack is greater than preventative maintenance to avoid it in the first place. The following anti-malware practices can keep your website in good health and safe for its visitors.
Update your antivirus regularly
Good practice would dictate that you ensure you are running all the latest antivirus definitions and software versions. It’s critical that your antivirus and software patches are updated as soon as they become available. Many hacking techniques are automated, with bots constantly scanning each site, affording them the ability to discover ways they can exploit them.
Update your passwords
Changing passwords on a regular basis is a strongly recommended security practice. Users (even if they are customers or clients) need to ensure they use strong passwords. You do not want anyone to use any of the most common passwords out there. A strong password should consist of at least 10 characters including 2 upper case letters, 2 lower case letters, 2 numbers, and 2 special characters. Keep them hard to guess: passwords should not contain words or names – letters and numbers you use should be random.
Protect and maintain your site
If you are the site owner, regularly run malware scans and request a malware review in the event of the site becoming blacklisted by search engines. Unlike a typical network where a gateway, router, and firewall all serve as endpoint protection, a public website is exposed to the vulnerabilities that exist on the internet. If your site were not public, nobody would be able to access it, but since the internet is always on, you need to protect your site 24/7. You can assure that your host server is secure and your data integrity is protected by maintaining and analyzing a log of suspicious activity for malicious intent from every part of the world.
If your site was blacklisted, you must submit a malware review to remove it from Google’s blacklist. The request takes a few hours to complete and remove any warnings if your site is clean. The request notifies Google that you are aware of the problem and have removed all malicious content.
Keep in mind that your website is vulnerable to multiple malicious malware attacks. As a website owner, you need to establish your own monitoring and prevention practices. In addition to antivirus and software updates, you can update plugins if you use WordPress. For WordPress sites, you could try WP Updates Notifier, which sends an email to notify you of a new plugin, or WordPress update.
User access restrictions
This tip applies to sites with multiple logins. It is critical that every user on your site has the appropriate access level if they have a username and login such as returning customers who have a customer account on your site. If users are customers, they should only have one login and strong password. If some users are employees or administrators, they will have access to different areas to your site.
You may have a WordPress site where you allow a freelance writer to write a guest blog post for your site. You don’t want to grant them full access but they need to get into the site to edit and post to the blog. Having this level of clearly defined access will limit errors, reduce the risk of compromised attacks on accounts, and protect your website against damage by careless or rogue users. To protect your website in this scenario, you can deny access immediately after the external freelancer posts a blog and grant access as needed for future blog posts.
Use malware removal tools
Spybot Search & Destroy is a great tool and one of the highest ranked freeware tools. This tool scans websites for malware, includes a botnet scanner, file modification, and more. This tool is compatible with all versions of Windows.
SUPERAntiSpyware Professional Edition is another Windows-friendly anti-malware tool available in a freeware and premium edition. The free version has limitations of basic scanning and malware removal. The premium version comes with real-time scanning, registry protection, auto-scan, and more diagnostics to prevent malware from infecting your website.
Malwarebytes Anti-Malware is a cost effective tool for malware removal with free and premium versions available. This tool is one of a few that could detect and remove the Antivirus XP 2008 which was a spyware app disguised as an antivirus app. When you download Anti-Malware from Malwarebytes, you also get FileASSASSIN, which is helpful to delete files that were locked by Windows.
Watch for malware indicators
Clients may complain that your website was flagged by an antivirus. Typically, a user will receive a warning about visiting the site due to a compromise and will be advised to avoid visiting the site. This cripples your site and business until the malware is removed so it is best to be vigilant at all times to monitor, capture, and remove malware from your website.
If strange activity occurs, your website may be infected. Users may complain that they are redirected to another site on their mobile devices, strange activity or slow loading of the page may occur as well. These issues need resolution immediately so nothing harms your users, blocks visitors from going to your site, or slows your business.