We all dread hearing these words, “Your website is infected with a virus and Google has marked your url as containing malware”.
This basically means you have to sit back and watch as Google puts an alert on your website which says “The Website Ahead Contains Malware! Google has blocked access to www.example.com for now. Even if you have visited this website safely in the past, visiting it now is very likely to infect your computer with malware. Malware is malicious software that causes things like identity theft, financial loss and permanent file deletion.”
For everyone, especially your business, this is just awful!
The first reaction by most people is what did I even do, how did I get infected in the first place, and more importantly, how much is this going to frigging cost me to fix? Ugh, I hate this…
One of the most common reasons as to why this occurs is in-adequate security, such as weak passwords, weak plugins, or not performing regular updates or routine maintenance.
Recently, hackers preferred method of attack has been to focus on WordPress powered websites. Why is this so you ask? The answer is simple, more than 72 million websites around the world use the WordPress platform to operate their websites; therefore, WordPress is just a popular target due to their size.
Unfortunately, even though you didn’t cause the problem, your site will eventually get banned by Google if nothing is done, and all your pain staking search engine optimization efforts will be lost. It’s even possible that you could face legal problems if someone’s computer gets infected through your website.
Your WordPress website or blog can be comprised in a number of ways:
Please Note: That you could take all the precautions in the world, and this could still happen – so don’t blame yourself.
So Now You Know – What Should You Do?
If you believe that WordPress has caused the issue, follow this recommended guide by WordPress.org – click here to view the guide.
Additionally, we would recommend changing all user passwords, deleting any spam comments, installing the Better WP Security plugin, updating to the latest version of WordPress, having a good anti-virus program installed on your personal computer, such as Norton 360, only using verified plugins, and to secure your .htaccess file.
Also important to note, never use “admin” as your username, as it is the most common username, and once hackers have this they just need your password.
Make sure your websites or website is signed up and verified in Google Webmaster Tools, as this will allow you to “request a review” of your site once your virus has been purged. If certified clean by Google, the malware warning will be removed from your url.
There are also many other benefits to using Google Webmaster Tools, as it not only helps to maintain the health of your website, it will also help you with your search engine optimization efforts, and let you know about html improvements to help your site run faster.
Next, if you have the technical know-how to remove the offending files, you can purge the virus, and then follow the steps above to submit your site for reconsideration. Google’s reconsideration process is actually pretty fast; therefore, you can be up and running again in less than 48 hours.
If multiple sites have been infected, or you simply do not have the ability or time to affect the changes manually, you can use Securi Site Check, which is the best company to remove and clean up your infected files. While there are many other companies out there that will do this for you, Securi Site Check is the best one in our opinion – as it will clean up to five sites for you, for less than $200 dollars per year, and it will continually monitor the health of your websites.
But before you sign up and start using Securi Site Check, you should try to stop the bleeding by using the before mentioned WordPress fixes. Because if you don’t, the attacks will just keep coming, and you will keep getting infected over and over, which basically means you will be cleaning your site and re-submitting to Google every week.
In the case of Fitness Industry Council of Canada, the English version of their WordPress website was infected with malware, which we believe spread to several of their other websites through code injection.
Following the steps outlined above we secured their WordPress installation and removed all of the offending files. It is now safe to visit any of FIC’s websites.
Toll Free: 1.888.920.6537
Mill Pond Publishing Inc.
30 Mill Pond Drive
Georgetown, ON L7G 4S6