How to Prevent Hacking & Malware attacks
Personally, I consider this topic topical and if we take care and follow these important tips, the risk of hacking decreases considerably. This article is aimed primarily at website owners and refers to how to prevent hacking & malware attacks.
As is well known, the security of the data and information stored on your site can be quite complicated and in some cases can cause very serious problems. From the experience gained and from the months documenting me on the internet about this subject of how to prevent hacking & malware attacks I will write to you punctually everything that must be done to avoid hacking.
More in-depth content in which technical data are listed
There is many different types of hacks. The most common one is URL injection that can happen through stolen credentials or updated software. Once kackers gain unauthorized access to the CMS or the hosting service of the website, they can remove, modify or add content, steal user data, or exploit the reputation of the website for their own commercial purposes.
From my point of view I focus on three forms of hacking though injection of URLs, content or code:
For exemple, you may have forgottent about a directory that has open permissions. By exploiting a vulnerability in a software running on your site, such a content management system. For instance, you might be running an older insecure version of your CMS. By hacking third-party applications, such as plugins or widgets on a site.
Hackers usually look for technical signals to assess if a website is well protected or not. If they see that website is running an outdated version, they might exploit a known vulnerability.
Social engineering and other security issues
Social engineering tricks users in to doing sommething dangerous online, such as revealing confidential information or downloading malicious software. Phishing is an example of social engineering. The most used and popular search engine is the one from Google. Google Safe Browsing protects users by warning them before they visit deceptive websites or download harmful files. If Google Safe Browsing detects that your website has decetive content, the Chrome browser may display a “deceptive site ahead” warning when visitors click to acces your site.
Some examples of social engineering are:
- deceptive content – your site tries to trick visitors in to doing something they’d only do for trusted entity. For exemple, sharing a password or a credit card number. Deceptive contents, such as fake dowload buttons, may try trick you to download malware;
- deceptive ads – your site contains ads that falsely claim that device software is out of date, prompting users in to installing unwanted software. Since deceptive content makes you believe that it is the original source, it may try to trick you in to sharing your sensitive data.
In addition to social engineering warnings, there is also report on other security issues
- uncommon download – your site offers a download that Google Safe Browsing hasn’t seen before. Chrome may warn those who download it that it could be dangerous. This warnings are lifted automatically if Google Safe Browsing verifies that the files are safe;
- harmful downloads – your site offers users a download that Google Safe Browsing thinks is either malware or unwanted software. Many browsers such as Google Chrome, Mozilla Firefox and Microsoft Edge may show a warning when a user visits your site. To remove this warning, you must remove the links to harmful sites.
- unclear mobile billing – your site is not sufficiently informing users about mobile charges. There is a display a warning before the user loads a page that incurs in these charges;
- malware – your site has been infected by or is hosting malware from the hacker. This can be software, a mobile application or a script specifically designed to harm a device when a user knowingly or unknowingly installs it.
Usual and recommended text to all site administrators
From my point of view there are 3 things that can cause the vulnetability of a website
1.The number one is a very weak password, more precisely when you choose a password like 1234. It is preferable to choose a password composed of capital letters + symbols and numbers (Security#2022Password) so that the risk of hacking is very low. A well-chosen password must be at least 10-15 characters long. Also, most WordPress site administrators use this authentication path in cPanel: your website / wp-admin. This way of authenticating in your own site is insecure and it is very easy for someone more skilled to log in to cPanel. I personally recommend that you install a plug-in that can change the path to your cPanel account. Such a plug-in that does its job pretty well is called WPS hide and instead of website / wp-admin you can add the following option (/ my old school name + 2022 + name).
The convenient way to hide your WordPress from being visible through the code. A huge improvement over site security since hackers web scanners will not find any WordPress trace on your site. Over 99,99% of sites hacks are focused attacks on specific plugins and themes vulnerabilities. Since no WordPress plugins and themes are found anymore, no hack occur even if the site contains exploitable code. Provides a clean method for removing any WordPress fingerprints including themes and plugins. No negative impact on SEO at all! Used wisely, specific SEO aspects can be improved.
2. The second number is the insecurity of the installed plugins as well as the version of WordPress uploaded to your site. Most people are no longer interested in maintaining the sites and do not make these plugin updates. The idea is that if these plugins are not updated regularly, your site will become vulnerable to hacking attacks. These updates are very important and offer increased protection against hacking. When making several updates, it is preferable to go through the following steps:
- to make a complete backup of the site; Here you need to connect to the hosting server, choose cPanel login, look for the Files section and then select the Full Backup option. (A full backup creates an archive of all of your website’s files and configuration. You can use this file to move your account to another server or to keep a local copy of your files.)
- installing each plugin one by one and immediately checking the site. There is a risk that due to an incompatibility between the plugin and the active theme, your site will not load, block or display texts differently (font and size);
Usually most versions of WordPress used are secure and come with security systems against Hacking & Malware attacks. This does not mean that your site is vulnerable. Additionally, you can add other programs that offer a higher degree of protection, for example an antivirus licensed and developed strictly for WordPress and that solves the problem related to piracy. With such programs you can restrict visitors using the following options:
- IP blocking by country;
- failed login attempts to your admin account;
To benefit from increased protection you can use the cPanal connection using the Two-Factor Authentication function.
3. The third aspect is related to the use of pirated software on your site, i.e., without a license. Here I am referring strictly to plugins and themes that have been downloaded from the internet, from various sites and not from an official source, from the developer of this program. Most of the time you think that through such programs you manage to save some money but in reality, you manage to install key loggers, install credit card skimmers and different hacks to be able to gain access to your website.
What can you do when your site has been hacked?
It is always recommended that at the end of the work on your site to log in to that cPanel and make a full backup of the site. To avoid as much as possible the installation of all kinds of plugins that perform this backup and will not burden the site, I recommend using backup of the hosting company. Usually, a serious hosting company invests in security systems that run on all services and at the slightest suspicious modification of files / information is able to isolate and neutralize the virus with the problem.
If you find that your site will not be able to do so, or was attacked or virused, it is recommended to always restore the cPanel account, then delete that browsing history from the browser used to work the site and the most important thing is to make purge cache. After performing all these operations immediately, you will see if your site is not able to do so, looks ok as it looks before the virus. Most of the time this procedure works, I do so whenever I encounter such problems and each time, I solved it by following these steps announced alternately.
If the previous version did not work in the case prevent hacking there is a last resort!
If the version with full backup of the site did not work and your site remained infected or has not recovered to its original state, there are certain people who offer services for a fee and can fix the problem occurred. Usually, these people promote their services in the online environment or on specialized sites where you can log in by setting up a user account. Also, before using such services of a person I recommend you to read carefully all the reviews. A person who knows the job and is able to perform site viruses certainly has positive comments, comments that will inspire confidence and a solution to your problem.
Do you want to have a clean and efficient site? I always recommend to periodically carry out the website maintenance as well as the most effective use of the Google Search Console platform. As long as your site is hassle-free, the pages are not infected and are properly indexed with sitemaps, etc. the chances of getting the right SERP (Search Engine Results Pages) display in search engines are increased.
Thank you for reading this article to the end, I hope you found useful information on how to prevent hacking & malware attacks on your website.
All the best, Adrian
Share with your friends