What is Malware?
Malware is malicious software. Very similar to virusses on laptops and PCs. It is developed by hackers to ‘infiltrate’ your website by means of robots, generally known as ‘bots’. These bots are surfing the web 24/7, in search of vulnerable websites. These are websites not protected against malware infections.
What is the purpose of Malware?
The purpose of malware is one or more of the following: –
- To steal sensitive information. This may be private information like your clients’ login details, their personal details (address, contact details, banking details) or any other details that may be of value to hackers or businesses like advertising agencies
- To be a nuisance (slows down your website, let the website misbehave, breaks WordPress or some of your legit programs, shows popup screens / ads / false information)
- Email damaging information or spam on your behalf, to your clients
- Get access to – and cause havoc on – your website’s hosting servers
- Corrupt or delete some of your useful data from your database
- And more
What is the consequences of Malware?
- Reputational damge, as your website viewers are confronted with broken pages / replacement pages / unrelated popups or ads
- Website down time
- Expenses to pay for the removal of malware / recovery of website
- Reduced website ranking by Google, implying that your website will apear low in Google Search results
- Shutdown of your website by Google, including replacement of your home page with a red page and a message ‘This site is unsafe’
- And more negative consequences
How does malware end up on my website?
- New websites should be protected from malware from day one of development – or at least from the day that the website goes live. Your website is visible to the ‘world out there’ – and thus to bots – from that moment on. These bots will try to penetrate your website from day to day
- Outdated themes, plugins and WordPress versions carry security risks. These have to be kept up to date to avoid vulnerability to malware infections
How can I remove malware from my website?
WordPress has plugins that may be used to scan your website for existing malware. Wordfence is a good example of this. You may set it to scan your website once a day and let it warn you if malware was found. Most of the times Wordfence is able to fix broken files and/or remove malware from your website but on rare occasions fixes have to be done manually, by a software developer or by companies specialising in the removal of malware.
Why and how does the malware manage to return to my website?
Some hackers start off by placing a program on your website that has only one purpose: it grants access to malware to your website. Almost like a trojan horse. Malware ‘fixers’ appear to be quite successfull in removing malware from infected websites / fixing broken files, but they seem to be battling to detect these ‘trojan-horselike’ programs. You may thus clean your website today, just to find that the problem (or part thereof or a different version) is back on the next day.
What to do if the malware keeps returning
- One solution is to check your malware scanner results on a daily basis and clean the website if an infection is reported.
- The second – and more expensive – solution is to rewrite the website with malware protection in place from day one.
- Subscribe to professional malware protection services like Sucuri. These services monitor your website 24/7 for possible attempts to penetrate your website and block such attempts. These services are usually very expensive, though.
Want protection against malware / need assistance to fix an infected website?
We offer malware protection services as part of our Peace of Mind Website Maintenance & Support subscription. Interested? Let us know by filling in & submitting the form below!
