Website Security

Note: Blacklist removal can take longer than malware removal, due to processing time. Google, for example, can take up to 24 hrs to review and delist a domain.

• Starts scanning your site immediately after setup
• Most sites are cleaned within 2-4 hours
• No website size limitations
• Email notification upon scan completion
• Provides you with all the benefits of Website Security Deluxe throughout the following year

Let’s check for warnings

If you’ve seen “This site contains malware” or “The site ahead contains harmful programs” in connection with your site, there’s definitely a problem. To check further, go to https://sitecheck.sucuri.net and enter your domain name.

• If your website’s been hacked, you’ll see a warning here.
• No warning? It’s less likely (but still possible) that your website has been compromised.

Change your passwords

If your site’s been hacked, you need to immediately change all your passwords.

Restore from backup

If you have a backup of your website (and database) that you know wasn’t corrupted, you should re-upload it to your hosting account.

Remove the hack

It’s nearly impossible for anyone to reliably remove malware from a website by hand. To remove the compromise from your files, we recommend using an application like Express Malware Removal. Using its automatic malware scan technology, it will not only find any compromises in your files, it also removes them.

Identify & fix the weakness

To prevent your site from getting hacked again, you should identify how your site was compromised. There are two types of weaknesses: passwords and structural problems.

Passwords

Most hacks happen because the attacker was able to guess your account’s password by brute force. By simply changing your password (and using a stronger one this time), you can prevent these attacks from succeeding in the future.

Structural

These types of weaknesses require thorough testing to identify. There’s a lot of security software that can perform these types of scans but, again, we recommend Express Malware Scanner. It can identify a number of different issues, as well as help you fix them.

• Go to your product page.
• Under Website Security and Backups, select Manage next to the Website Security account you want to clean up.
• Select Cleanup Now.
• Select your domain name, the issue you’re having, and then select Submit Request.
• The request form may ask you to add your Connection Type. The Website Security team uses this information to access your files and clean them. Since most hosts use FTP, enter your FTP information including FTP host, port, username, and password.
  • cPanel customers: Find my FTP username for Linux Hosting
  • Plesk customers: Find your FTP login or username for Plesk hosting
  • Managed WordPress/ Professional Web Services (PWS) customers: use SFTP instead. See Upload files with SFTP and use steps 1-5 to find your SFTP information.
• Select Submit Request. The Website Security team may contact you for additional information if needed.

You’ll be emailed when the malware removal is complete.

Note: If your site is hosted with us, an FTP user is created within your hosting beginning with “SEC_”. Don’t remove this user as it’s how Website Security accesses your files to clean them. Once the malware removal is complete, the user is automatically deleted.

Website security is essential because it protects sensitive data, including customer information, payment details, and personal credentials, from hackers. A secure website builds trust with users, ensures compliance with data protection laws (such as GDPR), and prevents business disruptions caused by hacking attempts or malware. A compromised website can lead to loss of reputation, revenue, and legal consequences.

The most common website security threats include:

• Malware: Malicious software designed to harm, steal, or gain unauthorized access.
• SQL Injection: Attackers insert malicious code into your database via form fields, leading to data breaches.
• Cross-Site Scripting (XSS): Attackers inject scripts into web pages viewed by other users.
• DDoS Attacks: Distributed Denial-of-Service attacks flood a website with traffic to make it unavailable.
• Phishing: Fraudulent attempts to obtain sensitive information through fake websites or emails.
• Brute Force Attacks: Repeated attempts to guess passwords to gain access to the website.

SSL (Secure Sockets Layer) is a protocol that encrypts the data exchanged between a website and its visitors. Websites using SSL display a padlock symbol in the browser’s address bar and use “HTTPS” instead of “HTTP.” SSL is essential because it protects sensitive information, such as passwords and credit card details, from being intercepted by hackers during transmission. It also improves search engine rankings and builds trust with visitors.

Signs that your website has been hacked may include:

• Unexplained changes in your website content or layout.
• Redirects to unknown or malicious sites.
• Unusual spikes in traffic or resource usage.
• Alerts from search engines or hosting providers about security issues.
• Complaints from users about suspicious activities.
• Website downtime or slow performance. Regular monitoring and the use of security plugins can help detect these issues early.

To prevent your website from being hacked:

• Use strong passwords: Ensure that all admin and user accounts have complex, unique passwords.
• Keep software up to date: Regularly update your CMS, plugins, and themes to fix security vulnerabilities.
• Install security plugins: Use plugins that offer firewalls, malware scanning, and login protection.
• Enable two-factor authentication (2FA): Add an extra layer of security for user logins.
• Use a web application firewall (WAF): A WAF filters and blocks malicious traffic before it reaches your site.
• Limit user permissions: Only grant necessary access to users and restrict admin rights.

Malware (malicious software) is any software intentionally designed to cause harm to a website, steal data, or gain unauthorized access. Malware can affect a website by:

• Slowing down or crashing the site.
• Redirecting visitors to malicious or fraudulent sites.
• Stealing sensitive information like passwords, credit card numbers, or personal data.
• Damaging your website’s reputation, leading to search engine blacklisting. Regular malware scans and firewalls can help prevent and detect malware infections.

SQL injection attacks occur when an attacker inserts malicious SQL code into a web form or URL query to manipulate or steal data from your database. To prevent SQL injections:

• Use parameterized queries (prepared statements) in your database interactions.
• Validate and sanitize all user inputs to ensure they conform to expected formats.
• Implement a web application firewall (WAF) to block malicious SQL queries.

Cross-site scripting (XSS) is an attack where an attacker injects malicious scripts into a web page that other users view. These scripts can be used to steal session cookies, impersonate users, or redirect to malicious sites. To protect against XSS:

• Sanitize and validate all user input.
• Use Content Security Policy (CSP) to limit the types of content that can be executed on your site.
• Encode special characters in user inputs to prevent script execution.

Brute force attacks involve trying different username-password combinations repeatedly until the correct one is found. To prevent brute force attacks:

• Use strong, complex passwords.
• Limit login attempts so that users are locked out after a certain number of failed attempts.
• Enable two-factor authentication (2FA).
• Use CAPTCHA or other mechanisms to detect and block bots.

A Distributed Denial-of-Service (DDoS) attack occurs when a website is overwhelmed by an excessive amount of traffic from multiple sources, causing it to slow down or become unavailable. To protect against DDoS attacks:

• Use a Content Delivery Network (CDN) with built-in DDoS protection.
• Implement a web application firewall (WAF) to filter out malicious traffic.
• Monitor traffic patterns and set up alerts for unusual spikes.

If you accept payments on your website, you need to comply with the Payment Card Industry Data Security Standard (PCI-DSS). To ensure compliance:

• Use SSL encryption for all payment-related pages.
• Never store sensitive payment information like credit card numbers unless necessary and encrypted.
• Work with PCI-DSS compliant payment processors.
• Regularly monitor and test your website’s security.

• Go to your product page.
• Under Website Security and Backups, select Manage next to the Website Security account you want to manage.
• Select Settings.
• Select Trust Seals.
• Select the Enable Trust Seals check box.
• Choose your preferred color and style, and then select Generate Code.
  • Choose a Color: Select black background with white text or white background with black text.
  • Choose a Style: Select where on the page you want the seal to appear. Relative will be centered.

You can now copy the code to add it in your website’s source code for all pages where you want the Trust Seal displayed. It’s recommended that you add the code before the closing body tag in your footer template file.

To monitor your website for security issues:

• Use security plugins that scan for malware, vulnerabilities, and suspicious activities.
• Set up alerts for unusual traffic or server usage patterns.
• Regularly review access logs for unauthorized access attempts.
• Use third-party services like Google Search Console or website monitoring tools to detect security warnings and blacklisting.

• Go to your product page.
• Under Website Security and Backups, select Manage next to the Website Security account you want to manage.
• Select Settings.
• Select Trust Seals.
• Select the Enable Trust Seals check box.
• Choose your preferred color and style, and then select Generate Code.
  • Choose a Color: Select black background with white text or white background with black text.
  • Choose a Style: Select where on the page you want the seal to appear. Relative will be centered.

You can now copy the code to add it in your website’s source code for all pages where you want the Trust Seal displayed. It’s recommended that you add the code before the closing body tag in your footer template file.