Understanding the importance of website security, malware removal, and how to properly scan a website for malware is critical for the performance of every internet site.
Challenges of Running of WordPress Site without the proper Knowledge.
One of the biggest challenges in running your WordPress website or any website is the fact that it might be compromised by hackers.
The first time I recovered a hacked website
I remember the first time I had a website taken down; I was creating a website for my Daughter that was more of a journal. We were so excited to have a central place where we could share our journey without having it to be on a social platform like Facebook.
I shared the website with a colleague in the Information Security field, and he mentioned the website had been hacked and he was being redirected elsewhere. I quickly checked, and yes they had inserted some malicious files to my daughter's website. It was the first time in 13+ years that one of my websites had been compromised.
At that time we were using Drupal for creating websites; they are very slow when it comes to maintenance. Since my daughter's project was a personal one, we did not update it as we do with our other client's site.
Great Learning Opportunity for my team and me
I recovered the website and then made sure to learn as much as possible, so it did not happen again.
Over the years I have been able to land a few clients who have had malware on their website, and they don't even know it. With the tools we use at the agency or by looking at a website, we already know if there might be issues with the site being compromised.
One of the questions I often get is how do I know if my site has been compromised.
Scan site for malware
The most precise way is to scan the website for malware. There are many tools that detect most malware issues, and some of these tools are connected to websites that can take care of the removal of the malware.
How does a website malware scanner work?
According to Quttera:
a Website Malware Scanner is a cloud based application that scans websites and generates site scan web security reports. This online URL scanner investigates URLs and checks for suspicious scripts, malicious media and other web security threats hidden into legitimate content and located on web sites.
Internally, we use a series of more advanced tools we have created and some others that we have purchased over the years and customized to offer our Site Health Check. Since we wanted to make sure we included many tools, here are a few we have used over time.
Free Website Malware and Security Scanners:
Google Malware Checker - Google Safe Browsing checks site and verifies if it contains malware or phishing content. Google Safe Browsing is the fastest way to find out whether a website is dangerous to visit from a company we all use daily.
Sucuri SiteCheck - the Sucuri SiteCheck scanner will check the website for known malware, blacklisting status, website errors, and out-of-date software.
Quttera - check your site for malware and vulnerability exploits online.
VirusTotal - Analyze suspicious files and URLs to detect types of malware including viruses, worms, and Trojans.
SiteGuarding - Scan your website for malware and security issues free.
Norton's Safe Web by Symantec - Norton Safe Web is a new reputation service from Symantec. Their servers analyze Web sites to see how they will affect you and your computer.
Web Inspector - offers a free scan to quickly check if the internet page is malicious or not and shows you the threat report of:
- Malware Downloads
- Suspicious iframes
- Heuristic Viruses
- Suspicious Code/Connections/Activity
Metascan - helps scan an IP address or file for malware. The file is scanned with 43 anti-malware engines and IP with following 12 sources.
- Alien Vault
- Brute Force Blocker
- Chaos Reigns
- Clean MX
- Dragon Research Group
- Feodo Tracker
- Malware Domain List
- Phish Tank
- The Spamhaus Project
- Zeus Tracker
How to remove malware from website
If you identified malware on your site, many services could clean up the malware. Having an IT Security background myself, I prefer to have my team clean it up for our new clients. It also helps us stay up to date on the different ways a website can be hacked or defaced.
A site can get hacked or infected with malware in the following manner:
- SEO Spam
- Vulnerable code
- Vulnerable plugin/extension
- Brute Force
The most common way I see is malware being inserted because of vulnerable code and those who hire a so called "developer" who used too many plugins and tools that were supposedly "free" off the internet but came with a high price. That hefty price is an easy way for an outsider or bot to compromise the website.
If you have never removed malware from a website, are not a developer, or a security professional, your best bet is to call a professional to help you with the removal of the software. I would say 75% of our new clients come in because their website has been hacked or not working properly. Most of the time the performance issues are related to the site having malware and security issues on servers that are not being maintained or secured correctly.
Here are a few companies that can help you with malware removal.
- Web Malware Removal
WordPress Malware Removal
We have been working exclusively with WordPress since 2011, and our WordPress Site health check makes sure your website is Search Engine Optimized, Malware Free, Loads Quickly, has no broken parts, software is up to date, and it’s under a secure configuration and setup.
WordPress malware removal service
Our service has all the security checks of other companies, but we also make recommendations to ensure your site will perform better and will bring you the much-desired results.
The are many ways to recover a compromised website but more importantly, make sure those working on establishing the website are a team of people that are committed to the well being of your company and have something where they all win.
I will write a few more posts on WordPress security. I'll share more tools and ways we can help you understand the best to keep our websites safe and working like a well-oiled machine.
For now, the main question I want you to ask yourself is:
Is your website free of malware?