It’s important to to be proactive and take steps to help reduce the risk of reinfection. While no one can promise you the risk will ever be zero, there are many things that you can do to protect your website.
Web Application Firewall (WAF)
There are a growing number of software vulnerabilities being exploited by attacks. Trying to keep up with them can be very challenging. Hence, it is recommended to install a Web Application Firewall (WAF). This can help stop attacks before they even happen and keep your site secure.
Website Updation
If you are using WordPress, Joomla, or any other website platform, and it is not already using the stable, current version, take a minute to update your website. Why? Because out-of-date software is the leading cause of infections. This includes your CMS version, plugins, themes, and any other extension type.
Changing Passwords
Choose a good and strong password. A good password is built around three core components – complex, long, and unique. Your website has various access points such as FTP, SFTP, SSH, cPanel. Attackers understand this and will often exploit multiple points of entry. At a minimum, be sure to update the password for all administrator accounts. Often users will create more administrators than they require and only update one, but forget about the rest. There is no better time to clean up than after a compromise.
Further, to know more about strong passwords, read the Hosting Column’s previous post How to Create Strong Passwords.
Changing Database Passwords
If you are using a CMS (WordPress, Joomla, etc…) change your database password. Please be sure to update your configuration file – Joomla: configuration.php and WordPress: wp-config.php. This is not an automated process so you will need to know how to open those files and edit manually.
If you don’t know how to change your passwords (specified above), contact your host to update your passwords.
Run a Virus Scan on Personal Computer
In a lot of cases we see that websites are compromised via local environments (notebooks, desktops, etc.). It’s why we always ask you to take a minute to run an antivirus product. The bottom line is, it doesn’t matter how many times your site gets cleared, if your computer is not clean, your site can be easily reinfected.
Website Backups
After the site is clean and secure, a good practice is to do regular backups. There are a number of backup solutions out there you can use. These days, website backup software is automatically integrated with your hosting account, and is very simple to set up.
Deleting Downloads
Many times, it is seen that website owners have “kitchen sink” servers, full of old installations of their content management systems, themes or plugins. Over time these old installs become forgotten but grow ripe with malware that’s ready to infest their entire server after each clean. Take a minute to separate those things that belong on a test, staging and production server.
Thanks for visiting. For queries and suggestions, emails are welcome at learnweb@hostingcolumn.com.
Subscribe to Hosting Column for latest updates and posts.