What is malware?

Malware is an abbreviation of malicious software and is an umbrella term that covers a number of different types of attacks: spyware, ransomware, viruses, trojans, etc.

You're probably familiar with the concept of malware and viruses on your computer, and might even have programs that automatically scan for them to keep you safe... but did you know websites can get infected, too?

The program that keeps your computer safe can't do anything to help your website. Just like animals are more susceptible to different viruses than people, the kind and way in which a website gets malware is different than a local computer infection. Website malware typically tries to take advantage of a visitor’s trust in your website to invisibly capture data about them (their visit, their computer, their network) or mislead them to share personal details with an untrusted and often unaffiliated party.

Whether on your computer or your website, all malware requires a vector to gain a foothold.

What’s a malware vector?

Simply put, a vector is how the malware enters your site. Some common vectors we see:

• Outdated WordPress installations
• Vulnerable or malicious WordPress add-ons and themes
• Custom PHP forms without input validation

These are just a few--there are any number of other, more complex ways a site can be compromised. WordPress and PHP are incredibly popular ways to build a website. When updates are released to fix vulnerabilities to specific vectors, hackers will look for websites that haven't been updated yet. They can then use the newly exposed vulnerability to infect the site with malware.

What do I do if I get infected?

Most importantly, don't panic. There are only two steps to resolving a malware infection:

1. Update or delete WordPress and other software.
2. Find and delete compromised files.

Update or delete WordPress and other software

Update the software that you use on your site and delete what you don't. Suppose you installed an old version of WordPress four years ago and haven't touched it since you should probably delete it. Is your whole site built on WordPress? Check for outdated plugins and themes that you can delete or update--and update the WordPress core software as well.

The same goes for any other PHP-based tools you may use, like phpMyAdmin, Joomla, etc. Delete what your site doesn’t use, and update what it does.

Find and delete compromised files

First, review if there are any malicious items found in the Imunify360 malware scan in cPanel. Then in the File Manager, look for files with suspicious names or ones that you don't recognize. There are also directories where a PHP file would be out-of-place, like tmp, logs, or images. Third-party tools* like Google Webmasters and WordFence can help identify compromised files too.

In the case of WordPress, you also have the option of completely deleting your blog, then installing the latest software. Before you do that, though, you should probably make a WordPress backup.

There are also a number of developers who are familiar with malware infections and can help you resolve the issue. Here are some developers who have helped our customers with issues like this*:

• Ventura Web Design & Marketing
• Your Store Wizards
• Y-Times

*Inclusion of this information does not constitute an endorsement by Turbify.

How can I prevent future malware infection?

Whether or not you've suffered from malicious code on your site, here are a few best practices to keep hackers at bay:

• Keep WordPress updated.
• Remove add-ons/themes/code you aren’t using.
• Update add-ons/themes/code you are using.
• Only install trusted code.
• If you hire a developer, make sure development follows security best practices.
• Periodically review your site files, either manually or with a third-party tool.

If coding for yourself, remember to build securely by design for your visitors. Keep WordPress and other software updated. You might also consider working with a security professional to review your code for vulnerabilities.

Merchant Solutions ecommerce subscribers: Did you know that RTML templates provide PHP-like dynamic page generation functionality without the same vulnerabilities? These templates generate static HTML pages when published, which are often faster and easier to secure for visitors than PHP pages offered by other platforms. Learn more about RTML.

Security is a top priority for our team at Turbify, and we hope it is for you too.