Whether you have a website for a personal blog, a professional blog, or are using it to run a business, few things are quite as frustrating as learning that website has become plagued with malware. The scary truth is, the number of malware infections continues to be on a steady rise with 38.5 million cases detected between January and April 2020 alone! The question for some website owners is – How do I know my website has malware on it?
In this post, we’ll address how to check for and prevent malware on your website. Some of the warning signs you should be looking out for might surprise you. Before we get to that though, you might be wondering – what exactly is malware?
What Is Malware?
Malware is short for malicious software. Effectively, this software was designed with the sole purpose of disrupting or damaging a computer system/network, and/or to gain unauthorized access to the system/network. The word malware has also been used as a blanket term for things like:
- And other malicious computer programs
The number one reason hackers use malware is for financial gain. In obtaining access to one’s computer system or network, bad actors can view such data as:
- Banking information (i.e. credit card numbers and bank accounts)
- Passport numbers
- Street addresses
- Phone numbers
- First and last names
- And even social security numbers
This data can be sold to the highest bidder for a hefty fee. What is done with the data from that point can include anything from identity theft to making fraudulent purchases, gaining access to medical treatments/prescriptions, and more. Bottom line – data is big business, and pilfering for this data can mean huge financial rewards for those clever enough to gain access to it by any means necessary.
Hopefully, this gives you a clear understanding why cybercriminals are so anxious to attack websites. Now, let’s explore how to determine if your website needs malware removal.
Detecting Malware on Your Website
Although the signs below don’t guarantee there is malware on your website, they are indicators that it could be present and should be reviewed carefully. Here are the red flags to look out for, and if several are present, your site could in fact have a malware infection:
1. The appearance of your website has been altered
If images that were crystal clear recently are suddenly broken and/or pixelated, something could be off. Logo discoloration, theme changes you didn’t authorize or implement, changes in font, and other changes to your website appearance that weren’t a result of your own actions might mean someone has been tampering with your settings.
Check with your website administrator/developer, if applicable, to see if they are responsible for the changes. If not, continue investigating.
2. Entering your web address redirects elsewhere
Unless you set up a redirect, entering your website domain into the address bar should take you to your own website. If it doesn’t, something could be wrong. Check your DNS settings, and if there are no recognizable changes, keep looking for additional clues.
3. There are pop-ups present on your site
This is also only a problem if the pop-ups are not your doing. Some web administrators create pop-ups to prevent people from leaving their website, invite them to sign up for a newsletter, and/or warning the visitor they are abandoning their shopping cart. Any other pop-ups, particularly malicious ones, are cause for concern.
4. Your website is loaded with spam, and not just in the comments section
It’s not abnormal to have spam in your comments. Of course, this is why you should moderate your comments to ensure nothing malicious is approved to go on your page. However, spam ads and malicious links, and malicious embedded images are a pretty good indicator your website has been infected.
5. New admins or users appear in your WordPress dashboard
If you suddenly have one, two, or several new administrative users, or even new users that simply shouldn’t be there, your website may be compromised.
6. Your login credentials have been changed
If you didn’t authorize your username and/or password to be changed, someone else may be pulling the strings.
Other Signs of Malware Infection on A Website:
- The website home page, blog, or other pages aren’t loading properly
- Website crashes frequently
- There are new pages on your website, modified files, and/or files that have been deleted entirely without your authorization
- Google has flagged your website for removal from search engine result pages (SERPs)
- Sudden spike or massive decrease in website traffic
Again, by themselves, these warning signs might not mean your website has an infection. For example, forgetting to update a plugin or a theme can result in your website crashing or your pages not appearing the way they should. If you are concerned, you might want to use a URL Scanner like VirusTotal to continue your investigation. This particular scanner is free at the time of this writing, and will utilize more than 60 URL/domain blacklisting services as well as antivirus scanners to test your website and see if its URL is flagged for potential malware infections.
What else can you do to prevent malware from occurring in the first place?
Measures for Preventing Malware
1. Use a reputable, and security-conscious web hosting provider.
In the post shared on this blog recently, web hosting vulnerabilities were explored. That is why it’s so important to choose a website host that keeps their or your security top of mind.
However, it’s important to note that it is NOT the responsibility of your website hosting provider to keep your website free of malware. Though they may even be the one you choose to purchase malware scanning and removal tools from, you will find your website hosting provider will not 100% guarantee that your website will be protected. Ultimately, that burden will lie with you – the website owner. Therefore, you must not rely on any single tool or measure listed here (or elsewhere) as your sole method of preventing malware.
2. Keep everything updated and backed up
Your website’s themes and plugins must be regularly updated. Failing to take this simple and free step, is asking for bad actors to invade your digital property and throw malware all over the place. Think of it like a hole in the wall of a building. Your website’s theme and plugin updates patch these holes to prevent anything from getting in. But, if you allow the hole to stay in the wall, critters (cybercriminals and their viruses) can get in, and make it bigger and then let all kinds of bad things into the building (your website) as well. Before you know it, your digital place is filled with nasty bugs and you need an exterminator.
It’s also a good idea to always keep a backup copy of your website. The reason for this is if those evildoers do get in and cause your website to go offline/crash/get compromised, you’ll have a clean copy of the site ready to load so you can get back online quickly.
Finally, while you’re updating and backing things up – update your login credentials. You need an ironclad password featuring an unguessable string of characters, uppercase and lowercase letters, and numbers. And, be sure to add multi factor authentication to make it that much more difficult for unauthorized users to get in. This way, if they do manage to guess your complicated password, they will still need additional means to prove they are allowed in.
3. Get an SSL if you don’t already have one
This is covered extensively in the post “The A-to-Z Guide to Secure Sockets Layer (SSL) for Online Businesses.” For now however, what you need to know is that an SSL can encrypt your data and keep your website more secure. It’s akin to adding one more lock your digital doors in an effort to keep bad actors at bay.
4. Encrypt all file uploads/don’t allow them at all
Hackers are hoping you will allow file uploads from authorized users because this enables them to create fake accounts and load malicious files disguised as legitimate ones. They will often upload executable files that have the ability to run commands that could wreak havoc on your site. If you do decide to let your users upload files, do the following:
- First, don’t allow executable files – stick to .png and .jpg for images, and .pdf and .doc/.docx for documents
- Second, encrypt any uploaded images so bad actors won’t be able to find them later and use their upload to break into your website
5. Use automated malware scanning and removal tools
This is not only a great way to check for and remove malware, it’s a fabulous way to prevent a full-blown attack because it catches it when it’s just a small issue on your website. Though these tools are not free, the best tools will be automated to consistently monitor your website for malware, and in the event it is found eradicate it immediately.
Cybercriminals are working night and day trying to break into websites and cause as much destruction as possible. If you take nothing else from this post, at least understand how real the threat of malware is. And, take precautions to prevent an attack for your sake as well as the sake of your visitors.
- Simple tricks to protect your website from hackers
- Cybersecurity guide for small business
- Dark Web links you can't find on Google
- The evolution of Cybersecurity
- How to protect your privacy online?
- Does Incognito Mode make you anonymous?
About the Author:
Ron Doss is a Senior Web Security Analyst and content contributor at SiteLock, a global cybersecurity company, based in Scottsdale, Arizona. With over 10 years’ experience in web design and hosting, as well as 5 years focused on web security, Ron specializes in finding and removing malware along with dispelling other website security issues that harm websites.