Are you unintentionally helping cyber criminals distribute malicious code to your customers, friends and family through your website? Read on to find out, and how to prevent it.
As scary as the thought may be, more and more WordPress websites are being found silently distributing malicious code because they’ve become infected with website malware (malicious software) under the radar of the site owners and administrators. It’s true, 30,000 new websites are identified EVERY DAY distributing malicious code to their visitors! (according to Sophos Labs) The majority of these 30,000 sites belong to ordinary small businesses.
It’s not that the cybercriminals are targeting each specific small business they infect. Instead they have created automated tools that crawl the web for vulnerable sites. If a vulnerable site is found, these programs will automatically infect the host site and begin sending out more copies of itself to any passers by. Thus these automated programs, or “bots” can spread and infect many sites secretly before they are detected.
Just 5 years ago, these malicious bots played a much smaller role on the web so malware infections on WordPress websites were a less common problem. But over these last few years, malicious bot traffic has increased to a whopping 30% of all web traffic! (According to Incapsula)
Here at HogTheWeb.com our security team has noticed this increasing trend as well. When looking at the statistics from one of our clients websites that is protected by our Firewall, we can see that almost HALF of the traffic coming to this site had to be blocked because it was detected to be malicious.
That client was very happy that she had our firewall in place, otherwise her site would have almost certainly become infected.
Here are the top 5 basic steps you can take to ensure your WordPress website is protected from such intrusions.
1. Keep Your WordPress, Plugins, and Themes All Up to Date
One of primary reasons that developers come out with updated versions of their software is because security vulnerabilities are detected and must be patched and closed to prevent intrusions. If you don’t keep your site software up to date, then you aren’t closing these security holes that will inevitably be entry points for malware.
Did you ever notice that after you do a lot of site updates some of the things on your site get out of whack? This is a common grievance of WordPress users. This is due to the fact that every plugin and theme, and WordPress itself is developed by a totally different team of developers, and each configuration of the hundreds of plugins and themes has never been tested with the updated code before they take it live. So your site ends up being the test site for your particular configuration of plugins and themes.
Unfortunately this ongoing maintenance just goes with the territory of using Open-Source, free software. But at least this is better than having your website become infected and begin sending malicious files to any and everyone that visits your site.
Here at HogTheWeb, Our UpKeep Maintenance and Security Plan Customers don’t have to worry about any of these problems because we keep their sites up to date, and free of bugs, glitches, and malware 24/7.
2. Don’t use Admin as Your Administrator Username
Many bots are programmed to specifically exploit the username Admin because it’s the default username of the administrator account on WordPress. A very simple security measure to take is to create an Administrator account with a different, unique username and delete the Admin user account.
3. Add Captcha to All Logins, and Forms on Your Site
Captcha is that familiar part of a web form where you have to prove you’re a human and not a bot. Believe it or not, these little tricks are quite effective at keeping out many malicious bots who would otherwise attempt to gain access through those login forms.
There are many types of Captcha but the security team at HogTheWeb prefers the Google reCAPTCHA plugin offered for free by BestWebSoft.
4. Change FTP, Cpanel, Hosting, and WP Admin Passwords Regularly
This tip is sure to elicit a collective *Groan* from the readers. But please, hear me out!
Many malicious bots gain access to your website through Brute Force attacks, which means that they systematically test every possible combination of characters for your passwords until they happen to find the right one and gain access. Yes this takes time, but the bots have all the patience in the world. However, if you’re changing your passwords routinely then this approach wont be nearly as effective.
Not to mention, if you happen to use the same password or some similar password for any of your other many logins on the web, it’s more likely there has been a data leak amongst the many companies you might have given a password to, and so your precious password of choice might already be in the hands of the cybercriminals. (Check if your information has already been accessed illegally Here.)
5. Install a Firewall, and Regularly Scan Your Website for Malware
Even though this is tip #5 because you’ll usually have to pay for this service, it really should be #1 because it is THE MOST EFFECTIVE step you can take to protect your site against intrusions and infections.
This one is best left to the professionals and that’s exactly what we do best at HogTheWeb.com. Our affordable UpKeep Maintenance and Security packages not only ensure your site is protected, and well maintained, but we also do daily off-site backups of your website. In the unfortunate even that some disaster takes out your entire hosting server, we can quickly recover your site from the backups and get it back online ASAP.
Considering that more and more of website traffic is due to these malicious bots attempting to gain access to your site, website security is no longer an optional measure for any business website. How important is it to you, to keep your customers protected from attack? If it’s not priority number 1, then it should at least be a top contender.
Not to mention, If Google detects your website sending malicious code, then Your Site can get BLACKLISTED from Google, and no longer show up in search results. Now THAT can really affect business and traffic to your website..
We are currently offering a FREE security scan of your website/s which includes a malware/virus scan, checking for existing firewall and open vulnerabilities, testing for out-dated software that may be exploited, and a manual check over your site for general bugs, glitches, and malfunctions.
Simply fill out the form above to get your site tested for infections and vulnerabilities.
Thank you for taking the time to read this article. We hope you enjoy a safe and secure New Year.
-Levi @ HogTheWeb.com