Computer viruses have been around almost as long as computers have. These nasty programs can infect your system with all manner of problems and even allow a hacker to access in remotely. Your website can also be infected with a virus, which means you need to always keep it up to date.
Website malware is usually created to bring down a website, upload malicious code, or steal information from the administrator. Regardless of what it is for, it is an unavoidable part of owning and running a website.
Malware that attacks WordPress and Joomla
WordPress is arguably the most popular content management system (CMS) software to run a website, with one of its competitors Joomla trailing behind. One of the latest threats uses injection of the IndoXploit Shell, which enables the malicious user to grab the website’s config files, which house all of the required passwords, as reported by Sitelock. These important files are stored in the root of your website as well as the admin folder and gives the site access detail to the database and more.
The malware appears to attack websites running older version of WordPress, Joomla, and ecommerce software Magento, and utilises flaws in those systems.
Websites being attacked isn’t anything new and it can happen to corporate companies and bloggers alike. Sometimes it’s possible to see when a website has been hacked — such as the hackers replacing the front page of the website with something they’ve created — and others not, such as injecting files into your system.
It is recommended you make sure the software running on your website is always up to date. These new updates will not only contain new features, but a range of fixes for any vulnerability that may occur. A large portion of websites that are hacked are running outdated software.
Watch out for plugins
Be caution of the plugins you install on your website. One of the latest instances of plugin malware is WP-Base-SEO, which masquerades as a program that improves the SEO of your website. The software is able to infect websites running an outdated version of RevSlider, the same plugin that was blamed for the Panama Papers leak.
Before installing a plugin make sure that it is not only compatible with the latest version of your CMS, but that there has been work done on it in the past few months, and what reviewers are saying about it.
Keeping your website secure
Having your website hacked will always be a possibility, but there are a few steps you can take in order to make sure it’s harder for hackers and malicious software.
- Periodically change passwords for your administrators every few months.
- Change the passwords for your database at least every six months and make them as strong as possible.
- Clean out or revoke access for any website user/employee/admin that no longer works for or with you.
- If you are sending or using sensitive information, make sure you have an SSL certificate installed.
- Delete any plugin or theme you are no longer using in order to avoid outdated software on your website.
- Familiarise yourself with the plugins and themes you use not only in the CMS, but their file structures as well.
- If your website host offers a malware scanner, use it often.
- Alert your website host if your site has been attacked.
With these measures in place, your site should be a bit more secure. Also make sure to always be up to date with the latest news about whatever programs you’re using in order to detect early infections.