Let’s talk about a topic not so often discussed.
Very little do you hear about the possibility of a web hosting having security issues or the potential security threat your business can incour from acquiring a web hosting.
Whether your business or personal data is hosted locally or on a remote server, there’s one thing that can always turn the daylight to a very scary dark cloud, and that’s Malware.
So, what’s Malware ?
Malware is short for Malicious Software, and is an umbrella on your term that covers a number of different types of attack: spyware, ransomware, viruses, trojans, etc.
You’re probably familiar with the concept of malware and viruses on your computer, and might even have programs that automatically scan for them to keep you safe… but did you know websites can get infected, too?
The program that keeps your computer safe can’t do anything to help your website. Just like animals are susceptible to different viruses than people, the kind and way in which a website gets malware is different from a local computer infection.
Website malware typically tries to take advantage of a visitor’s trust in your website to invisibly capture data about them (their visit, their computer, their network) or mislead them to share personal details with an untrusted and often unaffiliated party.
Whether on your computer or your website, all malware requires a vector to gain a foothold.
What’s a malware vector?
Simply put, a vector is how the malware enters your site. Some common vectors are:
- Outdated WordPress installations
- Vulnerable or malicious WordPress add-ons and themes
- Custom PHP forms without input validation.
These are just a few, and there are many other ways to hack more complex websites. WordPress and PHP are very popular ways of creating websites.
When updates are released to fix vulnerabilities in specific vectors, hackers will search for websites that have not yet been updated.
They can then use the newly exposed vulnerabilities to infect the website with malware.
What do I do if I get infected?
- Update or delete WordPress and other software
Update the software you use on the site and remove the software you don’t use. If you installed an older version of WordPress four years ago and haven’t touched it since then, you should probably remove it.
Is your entire website built on WordPress? Check the outdated plugins and themes, you can remove or upgrade and update the WordPress core software.
The same goes for any other PHP-based tools you may use, like phpMyAdmin, Joomla, etc. Delete what your site doesn’t use, update what it does.
- Find and delete compromised files
Look for files with suspicious names or ones that you don’t recognize. There are also directories where a PHP file would be out-of-place, like tmp, logs, or images.
In the case of WordPress, you also have the option of completely deleting your blog, then installing the latest software. Before you do that, though, you should probably make a WordPress backup.
How can I prevent future malware infection?
- Keep WordPress updated.
- Remove add-ons/themes/code you aren’t using.
- Updated install trusted code.
- If you hire a developer, make sure development follows security best practices.
- Periodically review your site files, either manually or with a third party tool.
If coding for yourself, remember to build securely by design for your visitors. Keep WordPress and other software updated.
You might also consider working with a security professional to review your code for vulnerabilities.
That’s pretty much basically, all you have to know to keep your sites or business details online safe.
If you think you might need a consultation service about what steps to take to keep your business profile safe online, contact us at Walex Biz Nigeria today.
Interested in a safe hosting service, visit our hosting page @ Walex Biz Host .