Why some websites keep getting malware & how it can be prevented

Unfortunately almost every website can be comprised with enough resources and time dedicated to doing it. But fortunately, the majority of us will never have a website that attracts enough attention for this to be an issue. Instead, security risks normally come from automated or ‘bot’ hacks targeting websites at random. These hacking bots target websites and compromise them using already known security exploits. This is an approach that only works on websites that have outdated or flawed components.

When considering if a website is compromised, it’s important to note that the majority of hacks have clandestine objectives rather than outright malicious intent. So if a search engine marks your website as infected with malware, for example, it doesn’t necessarily mean that the user experience is adversely altered. For example, a compromised site may have Ads added to it or it may have hidden content added to it for the purpose of improving another site’s Search Engine Optimisation. But this clandestine nature also means that just because your site doesn’t appear to be compromised that it is actually safe.

It’s, therefore, vital to maintain a site with all of its key components kept up to date to address known vulnerabilities, otherwise a site with outdated components may be hacked at random on a regular basis.

Common vulnerabilities & how to protect your website

Being hacked or having malware injected into a website is a frustrating issue that some website owners experience on a regular basis. A key consideration for businesses that are experiencing this issue is that it’s not necessarily in the interest of your website developer to fix the underlying issues. This is because of the financial benefit that they can sometimes enjoy fixing the site every time it is hacked rather than addressing the root cause of the hacking.

So what makes a website susceptible to being hacked? Assuming that your website is hosted be a reputable hosting company, all automated hacks exploit flaws in your website’s code, components and user behavior to compromise it. But for simplicity sake, I am going to list the normal causes below:

  • Your Content Managment System (CMS) is not being kept up to date
  • Weak or easily guessable login details, this includes using usernames like “admin”
  • Incorrectly configured forms such as those found on your Contact Us page
  • Outdated plugins or extensions

Source all plugins or extensions from reputable sources when in doubt and consider installing a security plugin such as WordFence which will help identify the majority of vulnerabilities with your site.

People always find the concept of avoiding usernames like admin an odd concept because it is so commonplace. But it is a concept that is no different from Windows computers having virus issues while Apple computers have avoided them. In our case, the use of usernames like admin is so prevalent that some automated malware bots appear to not even consider that a set of login details would have any other username other than admin, therefore making the threat null.

If you’re not responsible for managing your business’s website, and have a developer, correcting these vulnerabilities is typically a very straight forward process unless the site is incompatible with the latest CMS version, this is very rare and would normally only be an issue with sites that are 5 or more years old for example. In which case, a new website is probably in order anyway.

Noninvasive ways to beat malware & security threats

Beyond securing your actual website, using a free service like CloudFlare allows potential hackers to be detected and prevented from accessing your website altogether. This is an excellent and noninvasive method for helping to increase the level of security that your website has without having to alter the site itself. In addition to attempting to prevent attacks, another noninvasive method for helping to mitigate the threat is malware and security scanning services that scan your website every day for security breaches and vulnerabilities. This is excellent for helping to maintain the integrity of your website but it also helps to detect any malware or security issues before Google and other search engines are able to detect them and potentially impact your website’s search engine performance.

Finally, consider increasing the level of security that your email service has, particularly if you have staff with minimal IT skills. This is because a common method for gaining access to another wise secure website is through phishing. In simple turns, this means tricking somebody into providing information or performing an action by sending emails that imitate legitimate emails in their appearance.

Closing thoughts

In conclusion, mitigating the risk of having your website listed as compromised by browsers and search engines is a straight forward process. However, it is also an ongoing process where the security of your website degrades over time because new methods of compromising it also evolve over time to exploit newfound vulnerabilities in the components of your website. In order to keep in front, keep all these components up to date when it comes to their security patches. Last but not least, remember to sign up to Google Webmaster to receive alerts whenever your site is flagged for being compromised.

Share Post

Subscribe To Our Newsletter

Get updates and learn from the best

More content to Explore:

Service Improvements

Improvements to our gift voucher feature on all websites

A negative customer experience is never good. For those purchasing gift vouchers for a loved one, this is doubly so. To help improve the experience that your end customers have in edge-case situations we’ve made the following changes: FAQ

Dozens of emails circling in a person's hand with a dark blue background
Email Hosting

What is dedicated spam protection? and how does it work?

Spam emails have always been a constant threat to all businesses. But in recent times we have noticed an increasing sophistication to spam emails, regardless of the email solution used. Definition of Spam: Irrelevant or unsolicited messages sent over the

Website Advice

Understanding our basic and standard hosting plans

A common client question is what is the difference between our basic and standard hosting plans given the small price variation between them. The answer to this question is an increase in overall performance. This is also the reason