Malware affects websites in Hawaii too!
One of the most unfortunate facts of running a website is that there are so many issues to think about. And if you neglect something like website security, your website could easily get hacked into. And although it’s lucky we live in Hawaii, that doesn’t mean malware doesn’t affect us all.
Our company is local, located in Kapolei, Hawaii. And we hear about a site getting hacked practically every week. But we know many more websites have malware and don’t even know it.
A Tale of Hidden Malware
A couple of years ago, I went to register for a seminar online that a local business was hosting. And I found that I was being sent to a porn website. This is a good local company with good knowledgable people running the website. But a malware infection can hit any one of us if we’re not careful.
This particular malware infection was incredibly hard to detect. First, I was only sent to the porn website once. After that, I went to the website normally. A less savvy visitor might have thought it was an honest mistake and not even take note of the incident. Another thing to note was that it only sent me to the porn website because I was on my cell phone. Whenever I visit that website on my laptop, I do not notice the malware.
Are you starting to understand that a website can be infected with malware and not even know it. Some malware only affects certain web browsers like (Internet Explorer and Safari) but when viewed on more popular web browsers (Firefox and Chrome) there is no hint of the malware.
Hackers are extremely smart people, and we have to be diligent to combat them.
What is Malware?
Malware is any unwanted software running on your web server. Many times malware will take your visitors and send them to viagra ads, porn websites, or other unwanted websites. Other times, malware will try to infect your computer.
A recent breed of malware that’s becoming more common is called “Ransomware” this type of malware gets onto your computer and locks all of your files, then asks you to pay a ransom to get the key to unlock your files.
There are many different kinds of malware with different agendas, but there are some security practices that will always help prevent and combat against malware.
Why did they hack my website?
It’s not personal. Most malware attacks are automated. Hackers setup a computer with robots (aka “bots”) who go through the internet looking for common weakpoints they can exploit. Your website was just unluckily found by the bots.
How did they infect my website?
Some research has shown that in the WordPress ecosystem, these are common ways websites get infected.
- 41% get hacked through vulnerabilities in their hosting platform
- 29% by means of an insecure theme
- 22% via a vulnerable plugin
- 8% because of weak passwords
The amazing thing is that almost half of all website infections are because of a vulnerability with the web host. This means that through no fault of yours, your website could be hacked. The most common vulnerability with webhosts is old versions of software that is not updated. We sometimes forget that our websites are complex stacks of software running on a computer server connected to the internet and like your personal computer, website servers need to be constantly updated to remain secure.
I personally refuse to pay less than about $10/mo for a web hosting company. Any cheaper than $10 and I become more suspect that the hosting company can maintain their servers as well as their bottom line. (PS- I also pay $100/mo for some websites and am happy to do it.)
Why are website reinfected so often? How do I avoid a reinfection?
We have already established that hackers are smart people. They will often infect your website in multiple places so even if you find and remove one infection, there can be more hidden places where their malware lies hidden. And if you are hosting multiple websites on one server, BEWARE. Too many businesses have found that when one of their websites gets an infection, chances are ALL of their websites are infected in one way or another.
And one website can infect another so hackers will infect one site and that infection will spread.
What can I do now?
If your website is clean, here’s what you can do:
Just looking at the previous list of ways websites get hacked, you can do a number of simple and easy things to prevent malware from infecting your website.
- Choose a good web hosting company. Three companies we recommend are: Siteground, Flywheel, and Cloudways. (These are shameless affiliate links.) We have client websites on all of these web hosts and have been extremely pleased with their services. If you have a specific questions about your web host, please contact us and we will be more than happy to tell you our experiences. We have used and no longer recommend dozens of hosts.
- Purchase quality themes and keep them updated. You get what you pay for, so don’t cheap out on your website’s theme. We believe in paying for quality WordPress Themes and Plugins.
- Purchase quality plugins and keep them updated. Ditto above.
- Use a Unique Strong Password and Enable Two-Factor Authentication when possible. A strong password has lowercase letters, uppercase letters, numbers, and special symbols. I also highly encourage using a Password Manager App so you can use a different password for each website and service that you use. Recommendations in this camp are: Lastpass, 1Password, Roboform, and Dashlane.
This is a lot to handle and not many people want to invest the time to maintain their website. So we offer an amazing web site hosting and management service.
If your website has malware:
First things first, you need to get your website cleaned up because none of the other actions you take will mean anything until your website is clean.
Our Malware Cleanup Service for Hawaii Customers
This article was intended to be informational and educational. But we would be remiss if we didn’t mention our own service to clean up malware.
Malware cleanup starts at $500 (depending on how complex your website is or if you have multiple websites hosted in one account) with our guarantee that your site will be free of malware. We will also monitor your website for 1 year and protect your website with a website firewall and antivirus solution ($300 value). If you are interested, please use the form on our homepage to contact us about malware removal.