Another Big Reason To Watch Out for Malware and Your Site Being Hacked
No one wants their website to be hacked. I’m sure you don’t want malware and malicious code inserted into your web pages. It causes all kinds of headaches trying to find the entry point, secure it, and then the painstaking process of cleaning it up.
Up until recently, people searching Google for your website would have no idea your site was compromised unless their security software alerted them when they visited your site. Google’s latest update to their search results will no longer hide this fact…
Google tells the world you’re compromised
Just last month, Google posted to their webmaster blog that searchers will now see a notice for sites that are hacked. Here is how it looks in Google when a site is compromised:
This makes it even more important to quickly detect and clean up any problems with your site.
How to detect if your site is compromised
Fortunately, as fast as Google will tell the world your site is compromised, they are just as fast to tell you when your site has malware. But a few things you must do to ensure you get alerted:
- 1. Set up a Google Webmaster Tools account
I assume you already have one for your site, but if not, get one right away!
- 2. Make sure your email address is up to date with Google
Make sure the email address registered with Google Webmaster Tools is up to date, and one you check regularly.
- 3. Set up Webmaster Tools to forward you email of any issues detected.
Right on the home page of Google Webmaster Tools once logged in is a dropdown. Make sure it does *NOT* say “Don’t forward messages”:
If you’re looking for something besides Google to alert you to issues on your site, you could purchase a VeriSign SSL Certificate which comes standard with daily malware scanning.
How to avoid Malware on your website
A few simple steps to keep your site free of bad code:
- 1. Keep all site software up to date! (like WordPress, phpBB, etc…)
This is the most common point of entry for hackers. I spent a good amount of time yesterday helping a client clean up compromised files from a hacked old version of WordPress. Keep up with these updates. You’ll thank me later.
- 2. Install multiple scanners on *EVERY* computer you use
The second most common entry point is a compromised computer/laptop that has your site’s FTP password on it. Viruses and malware search for these passwords, then use them to distribute their malware on your website. Besides a standard anti-virus package like Norton, McAfee, or Trend Micro, run a dedicated malware scanner such as Malwarebytes.
- 3. Control your FTP password, and change it when appropriate
Only give out your FTP password to those people you trust and actually require it to work on your site. I’m not going to preach changing your password all the time, but *DO* change it after a designer / developer / programmer is done working on your site. Their computers may become infected down the road, and you don’t want them being the point of entry for hackers.
What to do when your site is hacked
The important thing is to act swiftly, clean up the site, plug the security holes, and make sure Google is notified that your site is clean. Failure to take action these days may result in people never visiting your site.