What is Malware?
Malware is malicious software. Very similar to virusses on laptops and PCs. It is developed by hackers to ‘infiltrate’ your website by means of robots, generally known as ‘bots’. These bots are surfing the web 24/7, in search of vulnerable websites. These are websites not protected against malware infections.
What is the purpose of Malware?
The purpose of malware is one or more of the following: –
- To steal sensitive information. This may be private information like your clients’ login details, their personal details (address, contact details, banking details) or any other details that may be of value to hackers or businesses like advertising agencies
- To be a nuisance (slows down your website, let the website misbehave, breaks WordPress or some of your legit programs, shows popup screens / ads / false information)
- Email damaging information or spam on your behalf, to your clients
- Get access to – and cause havoc on – your website’s hosting servers
- Corrupt or delete some of your useful data from your database
- And more
What is the consequences of Malware?
- Reputational damge, as your website viewers are confronted with broken pages / replacement pages / unrelated popups or ads
- Website down time
- Expenses to pay for the removal of malware / recovery of website
- Reduced website ranking by Google, implying that your website will apear low in Google Search results
- Shutdown of your website by Google, including replacement of your home page with a red page and a message ‘This site is unsafe’
- And more negative consequences
How does malware end up on my website?
- New websites should be protected from malware from day one of development – or at least from the day that the website goes live. Your website is visible to the ‘world out there’ – and thus to bots – from that moment on. These bots will try to penetrate your website from day to day
- Outdated themes, plugins and WordPress versions carry security risks. These have to be kept up to date to avoid vulnerability to malware infections
How can I remove malware from my website?
WordPress has plugins that may be used to scan your website for existing malware. Wordfence is a good example of this. You may set it to scan your website once a day and let it warn you if malware was found. Most of the times Wordfence is able to fix broken files and/or remove malware from your website but on rare occasions fixes have to be done manually, by a software developer or by companies specialising in the removal of malware.
Why and how does the malware manage to return to my website?
Some hackers start off by placing a program on your website that has only one purpose: it grants access to malware to your website. Almost like a trojan horse. Malware ‘fixers’ appear to be quite successfull in removing malware from infected websites / fixing broken files, but they seem to be battling to detect these ‘trojan-horselike’ programs. You may thus clean your website today, just to find that the problem (or part thereof or a different version) is back on the next day.
What to do if the malware keeps returning
- One solution is to check your malware scanner results on a daily basis and clean the website if an infection is reported.
- The second – and more expensive – solution is to rewrite the website with malware protection in place from day one.
- Subscribe to professional malware protection services like Sucuri. These services monitor your website 24/7 for possible attempts to penetrate your website and block such attempts. These services are usually very expensive, though.
Want protection against malware / need assistance to fix an infected website?
We offer malware protection services as part of our Peace of Mind Website Maintenance & Support subscription. Interested? Let us know by filling in & submitting the form below!
Very few new WordPress Website owners realise that regular maintenance on their website is not an DO or DON’T option. Neglecting to do so may cost you dearly!
What type of regular maintenance is needed on WordPress websites?
The main regular required updates are: –
- WordPress (the core of your website)
- Plugins (pre-built components, added to your website to fulfil special roles)
- PHP (the programming language that WordPress is written in)
- Your website’s Theme (which controls the overall look & feel of your website)
- Check for, clean and block spammers and hackers (malware / phishing)
Why are regular updates and spam / malware blocking tasks needed?
- Security. There are constant website attacks from hackers and spammers. As these attacks change or are becoming known for the first time, protection is built into the above items to counter these attacks.
- New features. Some of the above items are sometimes enhanced to provide more / extended features.
- Bug fixes. The above items may have bug fixes that are addressed in newer versions.
- Performance enhancements. These are an ongoing process and released in newer versions of the above items. Fast performing websites are ranked higher by Google than sluggish websites (see ‘Google rankings’ below).
- Google rankings. Google crawls websites all over the globe 24/7. Websites with outdated themes, WordPress versions and plugins are perceived as security risks and ranked lower than up-to-date websites. When prospective clients do website searches to find products or services, low ranking websites’ search results are displayed much lower than those of high ranking websites. That means that your website’s search result will never be seen. Clients find what they’re looking for long before they reach your website’s search result.
- Google shutdown of your website. If Google picks up a lot of spam / malware on your website (access gained via outdated components), they replace your home page with an ugly bright red screen that states ‘Deceptive site ahead‘. You then have to clean your website from malware first (sometimes very difficult to impossible) after which you send them a review request. Only after a successful review will they make your website’s home page available again. This can take weeks and repeated reviews to conclude, with massive cost and reputational damage as result.
"But can't these tasks be automated?"
Updates can be automated, but not malware fixes. The danger of automatic updates though, is that sometimes newer versions of a theme / plugins / PHP / WordPress clash with older versions of existing components. By the time you realise that your website is down because of such a clash, you may have suffered a huge loss of income and reputational damage.
The safe option is to back up the website and database first, place your website in temporary maintenance mode, perform the updates and test. In the event of clashes, back out the offending component. Once testing is successful, you make the website available again. In other words automated updates carry a degree of risk.
Malware can not be ‘fixed’ automatically. It involves the removal of malicious code inserted into your WordPress files by hackers. Even though the cleaning process may be done by anti-malware programs, no-one is brave enough to do that without first giving you the opportunity to back up your website. Some infections can not be cleaned by anti-malware programs – it needs to be done by hand.
"What to do then?"
The first thing to do is to determine what the status of your website is in terms of outdated files and the presence of malware, which may have been hidden themselves in your website for months – if not years, without your knowledge. Only then can one decide which actions are required, if any at all.
Smart Web Designs offer an affordable Peace of Mind Website Maintenance & Support monthly subscription for WordPress website owners. This is not only a type of ‘Insurance’ that your website is kept up to date and backed up regularly, but it also offers other features such as:
- Twice a month
- Website backup
- Update of outdated plugins, WordPress, PHP, the website theme
- A website status report
- Monthly Google Analytics report which includes
- Website status summary
- Firewall statistics
- Overall SEO score for the website
- Google analytics (who visited which pages how many times)
- Ad-hoc problem fixing if and when they pop up
- Prevention of spam & virus-like malware and fixing the website after a possible infection
- SEO on up to 10 new products loaded
- Upload of up to 3 blog articles (content provided by you)
- Update of a review column, should you implement the same
- Ongoing performance testing & improvement
Would you like to know more? Send us your details below and we’ll get back to you.
Background
Never before had there been such a need to have a fast and efficient website as now. A relatively laidback attitude towards website speeds and usage in general got smashed by a rude awakening overnight. The reason was the sudden appearance of something so small, we can’t even see it with the naked eye. The result was dramatic – a changed world, forever!
5 months after the discovery of this tiny little ‘thing’ the CEO of Cloudflare announced a 50% increase in web traffic. Suddenly your website has changed from a ‘nice-to-have’ to your clients’ preferred way of doing business with you. Your customers now much rather order your services / products online than walk across your doorstep.
Combine this with the fact that research has shown that should your website not pop up within a second or two when accessed, the average buyer will move on to your competition’s site.
‘How can I speed up my website?’
You’re probably wondering ‘But what can I do to speed up my website? Can I get it to run faster? Is it going to cost me a fortune?’. The answers are ‘Quite a bit, yes and no’.
I was recently asking these same questions after moving my clients’ websites to a different host in order to save on hosting costs. My savings in hosting fees were fantastic but I grossly misjudged the loss in my clients’ website speeds.
The result was panic! Real panic! For a moment I saw myself moving all of the sites back (redfaced) to the original host – or spending lots of money to speed up the sites, which defeats the whole objective for the move. Typical yuppy that I am, I immediately started mining Mr. Google’s wealth of info.
Using a CDN
My research dug up a lot of suggestions and theories but the one sentence caught my attention: “A CDN can have a tremendous effect on your website speed’. That was for me! Relief resulted in action and let me state it categorically: it’s the best thing since sliced bread!
What is a CDN or ‘Content Delivery Network’? Cloudflare describes it best: it refers to a geographically distributed group of servers that work together to provide fast delivery of internet content.
How does it achieve this? Basically the most ‘static’ parts of your website pages get stored on servers closer to you than your website host. These can be scripts, images, partial pages or even whole pages. This static content is known as ‘cache’ and the process is known as ‘cacheing’ – you probably have been instructed to ‘Clear your cache’ before, right? That will clear cache in your browser but there are ways of clearing the cache right across the CDN.
When anyone enters your website’s url in your browser’s address bar, all of the site’s content does not have to be imported from your hosting server (tens of) thousands of kilometres away from you. Only the dynamic parts get transported all the way. The other parts are brought in from the CDN server closest to you. All the pieces of the puzzle get assembled together in your browser and wha-la! A beautiful web page gets displayed to you within a second or two – or even within split seconds! In the event of blogs which are static in content, the whole blog can get ‘cached’ at a CDN server close to you.
Cloudflare is probably the most popular company providing CDN services – for free! The cherry on the cake is that it implies increased security as well! You can get (paid) CDN services however, combined with other network services.
Optimizing your CDN
Just like anything else in the website world, CDN services can be managed and optimized (and combined with browser cacheing) but that’s a topic for another blog. Bottom line: if you are not using CDN services to speed up your website then you have room for improvement.
Maybe you’re already running your website on super-fast, expensive web servers so it’s not that relevant to you. For most of us hosting our websites on ‘shared’ servers (i.e. sharing the server with up to millions of other website owners) it is immensely relevant and important. A matter of life and death. Well, almost…
If your website speed is not impressive, use a CDN. It’s your first line of attack on a slow website speed. If you need some help with that then the contact form below is for you.
About The Author
I am Tobie Schalkwyk. I have been in IT Development from the days of XT and AT PC’s and I’ve spent the last 23 years of my corporate career in the building of an online banking website for one of SA’s major banks – a website that was rewarded numerous international awards as the best online banking system on the globe.
I now spend most of my effort in online digital marketing and WordPress website development. If you would like to follow my blogs – or you need to optimize your website / you need any other website services, kindly leave your contact details below and I will get in touch with you.
Hope to chat to you soon!