WordPress Security Part 2: Malware Detection And Defence
Welcome to the second instalment of our 4-part miniseries of blog posts focussing WordPress security. In Part 1, we gave a general overview of the world of WordPress security, identified what the risks are, and then focused our attention specifically on the vulnerability of plugins. In this, Part 2 of our WordPress Security series, we will be taking a close look at malware detection and what you can do to defend against attacks. Part 3 will be an extended step-by-step tutorial explaining how to secure WordPress. And finally in Part 4 we will give you a detailed list of the top 10 security plugins that you can add to the backend of your site. We hope you enjoy this series.WordPress continues to be one of the most popular Content Management Solutions ](CMSs) available to owners of websites. And for good reason – it is one of the fastest, most streamlined and intuitive platforms on the market. But, with its popularity has come a lot of security issues for site owners all around the globe. When something is as widely used as WordPress, it inevitably becomes a common target for spammers, hackers and many other malicious parties.
As such, it is vital that you are taking every possible measure to make sure that your site is secure, and, to do that, you will first need to make sure that you are regularly scanning your site to make sure that there is no malicious code embedded somewhere.
Hackers normally have one goal in mind – to infect your site with malware. There are many common malware threats that you may encounter, these include:
- Phishing Scams – these are used to try and acquire email addresses, usernames, passwords and other types of sensitive information.
- Pharma Hacks – these flood your website database with spam.
- Malicious Redirects – visitors to your site will be automatically redirected to a different site which will be used to try and get people to download an infected file.
- Backdoors – these enable hackers to have access to the backend of your website at any time.
This is not by any means an exhaustive list. Hackers, these days, are very capable individuals often with some very sophisticated malicious software up their sleeves, so it is absolutely vital that you take the following actions to regularly keep your WordPress as secure as possible.
Never overlook the importance of this very simple action. You should make it part of your daily routine as it is one of the most vital actions at your disposal that you must make a regular habit of deploying. Even if you think your WordPress is armed to the teeth with appropriate malware defences, the truth of the matter is that there is simply nothing that you can do to make your site 100% secure – there will always be a weakness somewhere, and that is exactly what hackers are so good at detecting.
Security scanning and malware monitoring is an absolute must if you want to keep winning the continuous fight to keep your website safe. The most vulnerable sites are those that are run using the free WordPress download, which will mean that your site will most likely be on a shared server with lots of others. If this is the case then regular monitoring is even more important, as if any of your bedfellows’ sites become infected, then you are, quite frankly, a sitting duck.
Sucuri Malware Scanning
There are many companies that provide malware detection scanning. The Securi SiteCheck tool, however, is one of the very best, and Securi have an outstanding reputation for providing a top-notch malware scanning solution.
The free version will scan your website for defacements, malware and spam injections, as well as detecting whether or not your server has been blacklisted, as is sometimes the case if a hacker has managed to infiltrate it in the past.
One of the drawbacks of this version is that you will always have to scan your site manually, but if you upgrade to the premium plan for $89.99 a year, everything will happen automatically and you will receive email and Twitter alerts if any threats are detected.
Regular or automatic scanning is the first line of defence for your site – if you don’t know that you’re under attack then there’s nothing that you can do about it. But of course this is only half the battle. From time to time it is not unlikely that you will find your site infected with malware.
If you subscribe to the premium Securi SiteCheck plan, then any malware that is detected will be removed for you, and it will also ensure that your website is removed from any blacklisted servers.
Another pretty good option is CodeGuard. This is essentially a backup service that provides automated backups and restores should your site come under attack. The service also provides monitoring and will alert you if it detects any malware.
Packages for CodeGuard start at $5 a month for a single website, and, it has to be said, that if you are looking for a plan that provides both monitoring and backup, then CodeGuard is one of the very best on the market.
WordPress security is a full-time endeavour. Staying ahead of attacks by regular monitoring will give you early warning if something is about to go awry, but this is just one piece of an enormous security puzzle. Look out next week for Part 3 in this series for our extended step-by-step tutorial for securing WordPress.