Steps to Stay Clean
From our partner in web security: Sucuri
THIS IS IMPORTANT, please read.
If you are reading this page then you are on your way to being proactive and actively taking steps to help reduce the risk of reinfection. While no-one can promise you the risk will ever be zero, we can work together to ensure that its as low as possible.
Website Firewall - WAF
There are a growing number of software vulnerabilities; being exploited by attacks and trying to keep up with them can be very challenging to you as a website owner. This is where our Firewall, CloudProxy comes into play. It will stop attacks before they even happen, keeping your site secure. Note, though, that it will only start protecting your site after you activate it by changing your site's DNS settings. If you don't know how to do this, just open a ticket in our system providing us your hosting cpanel user/pass and we'll configure it all for you.
Update your website(s)!
If you are using WordPress, Joomla (or any other CMS), and it is not already using the stable current version, take a minute to update please. Why? Because out-of-date software is the leading cause of infections. This includes your CMS version, plugins, themes, and any other extension type.
Change your password for all access points. This includes FTP, SFTP (or SSH), CPANEL, etc… .
Choose a good and strong password. What often defines a good password is built around three core components – Complex, Long and Unique. The argument most made when it comes to passwords is that it’s too difficult to remember multiple passwords. This is true. It’s also why Password Managers were created.
Password Tip: Start using a password manager: Peguta and LastPass are good ones to use (online and free).
We cannot stress the importance of changing all passwords to include those not related to your CMS. Your website has various access points, attackers understand this and because of this they will often exploit multiple points of entry. At a minimum, be sure to update the password for all administrator accounts. We say all because often users will create more administrators than they require and will often update one, but forget about the rest. There really is no better time to clean than after a compromise, take advantage of this time.
Joomla users WordPress users Drupal users
Change your database password.
If you are using a CMS (WordPress, Joomla, etc…) change your database password. Please be sure to update your configuration file – Joomla: configuration.php and WordPress: wp-config.php. This is not an automated process so you will need to know how to open those files and edit manually. If you’re not familiar with handling changes in your database and configuration files, contact your host.
*If you don’t know how to change your passwords (specified above), contact your hosting company for details. You can also Google for “YOUR HOSTING COMPANY – FTP password” for instructions how to do so.
Run a virus scan on your personal desktop/laptop.
In a lot of cases we see that websites are compromised via local environments (notebooks, desktops, etc..). Its why we always ask you take a minute to run an Anti-Virus product. If you’re OK with spending a little money, BitDefender is leading the pack in malware detection on MAC’s and PC’s. Other alternatives includes Kaspersky for Windows and MAC, and Sophos and F-Secure for Windows. You can also try Avast, MSE, Spybot that are free alternatives and very good. Here is the bottom-line, it doesn’t matter how many times your site gets cleared, if your desktop is not clean, your site can get reinfected quite easily.
Start doing backups of your site
After the site is clean and secure, a very good practice is to do daily backups at a minimum. There are number of backup solutions out there you can use, if you are a client of ours you can sign up for our Website Backup solution. It’s a simple configuration that works off FTP / SFTP and stores all your content, including the database, in the cloud.
Sucuri Security WordPress Plugin.
Whether you’re a Sucuri client or not, it doesn’t matter, we recommend leveraging our Free WordPress Security plugin. We provide detailed instructions on how to install and provide a more in depth discussion on WordPress Security Monitoring.
Clean your Kitchen.
Too often the issues we see plaguing our clients are caused by “soup kitchen” servers. Old installations of their content management systems, themes or plugins. Over time these old installs become forgotten but grow ripe with malware that’s ready to infest their entire server after each clean. Take a minute to separate those things that belong on a test, staging and production server. Read more here