What is Malware and How Do You Get It?
Malware is a type of malicious software. It can infect websites with all sorts of nasty side-effects, ranging from poor site performance to defacement to infecting site visitors.
So keeping your website free of malware is the goal. But how do you get malware in the first place? No one is voluntarily installing malware on their websites. So why is it that around 18 million websites are infected with malware at any given time?
Malware can infect your website through a number of ways. It can sneak in through compromised software. It can hop from your personal device onto your hosting account. It can be downloaded by accident.
The trouble with malware is that it’s sneaky. You won’t necessarily know your site has malware unless you know what to look for or have additional security measures in place to sniff it out (like one of our malware packages).
Signs of Malware
Which leads us into what malware looks like on a site. Unfortunately, malware can sometimes be just as stealthy when on a site as it is when first infecting it. Sometimes it’s easy to see – like when it defaces your homepage – but other times, the signs can be dismissed as just strange occurrences. However, if you know what to look for, you’re less likely to fall into this trap.
A Browser Warning
If you visit your site and your browser displays a security warning, you may have malware.
While not all browsers will display warnings for malware-infected websites, some do. Google in particular will show messages that say things like, “This site may harm your computer” or “This site may be hacked.”
If you see anything like this, your visitors are likely seeing it too. So be sure to double-check your website if you receive any of these site errors.
Note: A security warning may also trigger if you do not have an SSL certificate. See this blog for more information about SSL certificates and how to obtain one.
Some malware will create conditional redirects that transport users to a different location. If you notice random redirects popping up on your site, be on your guard. Malware can use a variety of methods (server-side scripting, .htaccess editing, etc) to create these redirects.
The redirects sometimes lead to another website, which are often phishing sites or infested with malware.
Your CMS Login Changes Unexpectedly
If you use a CMS and login credentials change unexpectedly, then malware might be the cause. Once malware gains access to a site, it may be able to make changes, such as locking you out of your CMS. If you suddenly find your credentials changed without your knowledge, we recommend taking an in-depth look at your CMS and its files in case malware is at work.
Your Site Files Are Disappearing or Changing
Just your CMS credentials, so, too, can malware alter your site files. If you notice your site is suddenly missing pages, assets, or styling elements, you should take a peek at your files to make sure everything is still where it’s supposed to be.
Malware can sometimes affect your site performance. Site crashes or freezing can be symptoms of a malware infection.
Now, keep in mind that there are a number of reasons a site’s performance can change. Sudden spikes in traffic or a particularly asset-heavy website design can tank your site performance. You may just have outgrown your hosting package.
However, if your website normally runs smoothly and hasn’t seen any recent changes that could explain a dip in performance, then malware could be behind it.
Some malware creates pop-ups on your websites. That may seem strange, but have you ever navigated to a website that displayed pop-up, after pop-up, after pop-up? It’s annoying. Plus, those pop-ups can sometimes contain more malware if you accidentally click on one. This is one of the more obvious malware symptoms, since it only takes visiting your website to notice.
Determining if it’s Actually Malware
So your site has the symptoms. How do you tell if it’s really malware?
That’s where our malware scanning tools come in. Pair offers malware scanning tools with our hosting packages. They’re designed to identify suspicious items in your hosting account, and give you a heads up that malware might be present.
Our malware scanning tool scans 10,000 files per week. If any suspicious items are found, you’ll be alerted via email.
If you opt for one of our malware packages, all of your site files will be scanned daily. If any suspicious items are found, we will not only alert you, but also take care of all the clean-up involved.
Cleaning Up Malware
Cleaning up malware requires you to diagnose, find, and root out the malware from your website. It may be hiding in one of your WordPress plugins or perhaps hitched a ride in through a software security vulnerability. If you’re confident in your troubleshooting skills and have the time, you can find and remove the troublesome malware.
However, if you’re short on time or know-how, we offer malware packages that include full-site cleanup. Check them out here: https://www.pair.com/solutions/malware-and-security/
Preventing Malware in the Future
If you want to stay ahead of malware, you should turn on our free malware scanning tool (or opt for one of our malware packages). Not only does it keep tabs on your files, but it also alerts you if anything suspicious appears.
We also highly recommend keeping your software, CMS, and add-ons up-to-date. Malware can easily slip in through software that’s not being maintained, so you should also keep tabs on the software you use. If the developers aren’t patching up the software’s security, it’s only a matter of time before the software becomes vulnerable.
We’ve written about protecting your websites in the past. Check out our security blogs here.