Posts

wordpress website malware

Today we are going to be talking about website security. This includes how to keep your website up-to-date, as well as what to do if you do find that you have malware on your website. We are specifically talking about WordPress websites here, and I will be sharing my screen, so if you are listening to our podcast, please head on over to socialspeaknetwork.com and check out the related blog post or over to YouTube just to watch the video. The first thing that we are going to be talking about is backups and tools to utilize for backing up and why it’s important. Then we are jumping into updating your WordPress files, removing unused themes and plugins, adding a layer of security, and finally, if you’ve been hacked, what to do.

Use GoDaddy Pro, FileZilla, or Your Hosting for WordPress Backups

The first piece of this is, whenever you are talking about updating a WordPress website, you should make sure that you have backups of some sort enabled. So this could be manually going into your hosting account, downloading a copy of the database, as well as taking a copy of everything from the file manager and storing that on your computer, or you could utilize a plugin such as BackupBuddy to take a backup, or you could signup for a backup plan through your hosting account. And this might be included in your hosting, a lot of times hosting providers have backups actually included within their hosting plans, or you can do what we do for all of our websites that we manage, where we have another layer of protection through GoDaddy Pro.

This is a tool that is through GoDaddy, and I know a lot of you listeners and a lot of our clients have chosen not to work with GoDaddy for a variety of issues. There are plenty of other hosting companies out there, and we thoroughly enjoy working with a lot of them. This tool, however, is a free tool and it allows us to easily see all of the websites that we manage in one central location and see which plugins need to be updated, themes that need to be updated, and to do the backups directly through there. So we are going to be talking about GoDaddy Pro a lot. So, let me actually just jump in and I’m going to share my screen.

GoDaddy Pro Dashboard

Here we have the GoDaddy Pro dashboard for our website, for Social Speak, and I do feel kinda bad because I did have 11 updates for our plugins and one theme that I needed to update on our website, but I already recorded this video and realized I did not have any sound turned on. [chuckle] So you’re not going to be able to see me actually update our website here, but that’s okay. We all make mistakes, right? At least it’s all up-to-date now. But directly within the GoDaddy Pro dashboard, there is this backup link here, so if you were looking to update your website head on over to GoDaddy Pro and link it up to your website, your WordPress website. Now, if you do have a GoDaddy account for your hosting, you can do daily backups for free. If you do not, then you can do monthly backups for free and then upgrade if you do need to clone your website or restore a backup or download the backup or anything like that. But typically for a small website that isn’t really being updated frequently, a monthly backup is fine, and updating the plugins and theme files monthly is fine.

Daily and Monthly Backups for WordPress

Here though, I did just want to show you that we have the option for daily backups. We have some clients who are posting multiple blog posts, or updating multiple pages, adding new resources every single day, and so for them, it’s really important to have this daily backup. For those websites, we also do recommend having a backup plan in place directly through your hosting account as well, and that’s just because sometimes if the website has completely broken, it’s easier to update directly from the source rather than from a third party tool. Those plans though, can cost, I don’t know, $5 to $15 to $25 really, depending on what service and what hosting company you are working with.

The first step, again, of making sure that your website is secure and up-to-date is adding these backups. The next step is making sure that all of your WordPress files and theme files are up-to-date. The issue here is that if something hasn’t been updated recently, it opens the doors for hackers to go in and install malware. You want to make sure you have the most up-to-date PHP, and that also causes old themes and old plugins that haven’t been updated not to be compatible anymore. So this can be bad for a lot of different things, including for search engine optimization, and user experience on your website, something might just break. So you want to make sure everything is up-to-date.

I’m going to quickly jump to another website here. This is just another website that we have here, and as you can see, there are two plugins, one theme, and then the WordPress that all need to be updated. So, I’m going to just do a safe update, takes a backup, does the update and then turn, does another snapshot, another backup with the most up-to-date files that are there. So this is kind of that easy way of doing that.

Keep WordPress Plugins and Theme Files Up To Date

Now, when I did that, you noticed that there was just one, two, two different plugins that needed to be updated. Now, if a plugin is really old or a theme is really old, it might not be supported anymore and the theme developers or plugin developers might not be updating it anymore. So a plugin that we recommend in selling on your website is this plugin condition. And so, what this will do, and I’ll zoom in on the screenshot here, is it will actually have a notice for the last time something was updated. And so, this one here, this numbers plugin, for example, was updated a year ago. So most likely this might not be as compatible with WordPress as a newer version of some sort of user enrollment management plugin. This might be a plugin that they are not keeping up with anymore.

Additionally, in this screenshot right here, you see that this plugin is not even being used. It’s not active on the website. So, as you’re going through your plugins and your themes and updating them, take note if there are any that you’re not actively using. So here, I would actually recommend selecting all of these plugins that are deactivated and deleting them. These are very clearly plugins that you are not utilizing on your website, you do not need that functionality, so get rid of them. Make sure that the website files remain clean and concise so that it removes any opportunity for the hackers to get in and for malware to get on your site.

The same thing goes with themes as well. So here, let’s see if I can jump over here, I probably can. So here we only have the Enfold Theme on this website, however, when you are installing a WordPress website, oftentimes it also installs the 2020 theme, the 2019 theme, the 2016 theme, and WordPress will install a lot of themes on that initial installation. You want to make sure that you delete all of those extra themes. So in GoDaddy Pro, again, you don’t need FTP access or anything like that, you can just go to themes, you select the theme, and then you delete it. This will keep those theme files nice and clean and remove more of a chance of malware being able to get on to your site.

Remove Unused and Risky Plugins

A lot of times we see a plugin like this one, file manager plugin. Basically, this creates an FTP connection directly through your WordPress dashboard. And so, it allows any administrative user who has access to your WordPress dashboard to have access to the actual file manager on your website. And we’ve seen that this plugin in particular, but other plugins like it, have opened the doors for hackers and for malware to be installed on your website. So we highly, highly, highly recommend that you remove this sort of plugin from your website. So, I mean, even just looking at the reviews of it, hacked, hacked, hacked, hacked. Highly unsafe, avoid, malware.

Consider a Security Package from Your Hosting Company

We actually had this problem with this plugin in particular before as well. Would be a great thing to do if you’re just building the website, but remove it immediately if you can. So if you are looking to add a layer of security and protection onto your website, we recommend registering for a website security package through your hosting account, and again, depending on what hosting plan you have, this might already be included, but GoDaddy, for example, has one where it includes a firewall, so any site visitor has to go through the firewall and then they can view the site. And so, this just allows it to make sure that no files are being adjusted by folks who shouldn’t have access to the website in the first place.

If your site has been hacked, they also have this great plan… Well, I guess all of these plans do this, but the security plan, this Express plan, basically puts your site at the top of the line to have an engineer go file by file and remove all of the malware and then keep you up-to-date on the progress. If you’re just kind of worried about it and you don’t really know that you have malware on the site, the deluxe version is a great choice, and this is kind of a reactive sort of plan. The Express plan is more of a proactive plan, where it has all the bells and whistles, and again, puts you at the top of the list.

Monitor Website for Malware with Google Search Console

You can also monitor your site through the Search Console, as well as through, on pro sites, there’s the security plan as well. And so, whenever you want to add a new thing to the site, a screen like that will come up and a monthly check is free, and then if you want to do the premium one, it costs less than a dollar a month. So, very, very worthwhile. Some hosting plans, this website, I believe, is hosted on Bluehost, but some hosting plans, such as all the ones on GoDaddy, the security check is free. So you don’t actually have to even pay for the essential plan per month, you can just add to GoDaddy Pro and activate it for free.

One thing that we have found, however, is that malware is getting more and more advanced, so you’re not necessarily going to be able to even tell that you have malware through these scans. The scans might show everything correct, but if you click a link from Facebook on a mobile phone and it’s your first time visiting the site in a month, you might be redirected to another site, for example. Or if you click from Chrome versus Safari, versus Firefox, you might experience the malware. So it’s important just to make sure that everything is staying up-to-date and as secure as possible, so that there’s less of a chance of even having to deal with malware to begin with.

This time of year is a great time to really make sure that your site is protected and as up-to-date as possible as you’re moving into 2021. We do, however, recommend for next year, going into your website at least monthly and making sure all the plugins and theme files and WordPress files are up-to-date. Again, you can utilize GoDaddy Pro as an option, as a tool, to make sure that you also have the backups running and the security monitoring going on, but you can do it manually as well.

Contact Our Team For WordPress Website Help

If you have questions about how to do website maintenance, please don’t hesitate to reach out, or if you’re looking for support and someone to help with this website maintenance, we are here for you. We have very affordable plans for a website maintenance to help you keep your site up-to-date and clean, as well as working its best so that you’re putting your best foot forward. Please head on over to the socialspeaknetwork.com, click that free consultation button and we’ll schedule a 30-minute call just to get to know you and your needs, and then we can figure out if we are a good fit for you. Of course, if this has been helpful, we’d love for you to subscribe down below and follow us on iTunes, as well as YouTube and check out our blog. Alright, thank you so much and I’ll see you next time.