In a little over a month, over 100,000 WordPress websites have been hit by malware infections due to outdated versions of the Revolution Slider plugin according to SC Magazine. With the rapid spread of this threat, it is more important than ever to make sure you website is hardened against these attacks. If you fail to do so, you are at risk of having your website taken down by your web hosting company, being black listed by Google, and unwittingly spreading malware to your customers.
Unfortunately, over the past couple weeks we have spent a fair amount of time helping people who have been hit by attacks like this. One particular case involved a company with 22 websites hosted on one web server that got hit by a malware infestation that moved through every single website and infected 705 files. As a result, the hosting company immediately turned off all 22 websites! While we were able to help fix the problem, the company would have had a much better couple of days if they had spent a few pennies on prevention instead of many dollars on the cure.
In today’s post, I’m providing 3 major tips that you can use right now to help you stay safe and prevent a potential catastrophe from happening to your online presence.
1. Keep Your Server Tidy
Unfortunately, companies of all sizes are guilty of letting their servers get messy. They add new website projects and files over time, but don’t remove them when they are no longer using them. Often times the thought is, “Why spend a ton of time removing the files? We have unlimited space and have more important things we need to focus on!” Unfortunately, in this day and age that kind of thinking can be dangerous to your online health. By removing old files and projects, you remove the ability for hackers to exploit old software filled with security holes. It is pretty hard for a hacker to attack something which no longer exists.
2. Keep Your Current Web Apps and Software Up To Date
It can be a real pain to update websites that are working perfectly to a new version of the core software. You’ve probably experienced a similar scenario – your app tells you to update, so you run the automatic update, and then you go back to check the web app on the public facing website and to your dismay everything is messed up! What a pain in the butt. But if you look at the bigger picture, it is a small pain to fix incompatibilities compared to having your website hacked to bits by some nasty piece of malware that was able to exploit your 2 versions old copy of WordPress, a plugin, or theme.
3. Harden Your WordPress Installation
This is by the easiest tip to implement thanks to a wonderful plugin available for WordPress. I cannot recommend it enough. It does everything I need in one package versus in the past where I had to download several plugins to accomplish the same thing. It is called the Sucuri Security WordPress plugin. It helps you audit, scan, and harden your WordPress website from one centralized tool. On the plugin website, it lists the major categories it helps you with. I’ve gone one step further to explain a little more about each major component.
- Security Activity Auditing
This component acts like a system monitor that keeps track of every change that happens in your WordPress installation. You can see when files, users, the database, etc. are added, edited, or deleted. You can think of this like the heart beat of your website and you’ll always know what is going on.
- File Integrity Monitoring
If a file gets changed on your website, you’ll be alerted and if it is malicious there is an easy to use tool for restoring the file to its previous version.
- Remote Malware Scanning
Think of this like your computer’s anti-virus software but built for your website instead. The tool is able to scan your website files and alert you to any problems.
- Blacklist Monitoring
A malware infection can get you blacklisted from Google. Not a good thing if you’re relying on the search engines for traffic. Users will see a huge red warning screen steering them away from your website. This tool will help you keep tabs on this so that if it does happen you can get it removed as quickly as possible.
- Effective Security Hardening
The tool implements a ton of technical best practices on your WordPress installation. You also have to option to enable or disable each of the individual options.
- Post-Hack Security Actions
This tool helps you quickly reset security tokens, user names, plugin files, etc. in the event you are hacked.
- Security Notifications
Pretty self explanatory – if something bad happens you get a message about it.
- Website Firewall (add on)
This is a part of a paid add-on service, but definitely something to think about. Traffic to your website gets routed through a secure proxy essentially so that I can be checked for malicious intent before actually hitting your server.
At the end of the day, prevention is often the best security. Using the three tips above will go a long way for helping you stay safe in 2015 and beyond. Don’t be a victim of these rising malware attacks and implement your security strategy today!
Feature photo credit: Ivan Arce