You may have heard of the recent ransomware attacks on JBS, a meat packing company or the Colonial Pipeline oil company:
You might be wondering if ransomware can take your website down. It sure can. But it’s more likely to take down your computer rather than a website. Should the server your website is hosted on becomes infected, your site will go down and it will be up to the hosting provider to resolve the issue. Still, there are some basic things we can do to protect against and prevent malware on your website as well as your computer.
What is ransomware?
When malware encrypts a victim’s files, that’s called ransomware. The ransomware perpetrator will contact the victim and demand money to restore the files. Typically, once the victim makes the payment, they will receive a decryption key – although there is no guarantee! The cost can be a few hundred dollars to millions, like JBS & Colonial Pipeline paid last month.
How do you get infected with ransomware?
Typically, ransomware is delivered through a phishing scam – you know, those fake emails that can look really legit – asking you to click a link to verify or unlock an amazon or bank account?
Malware, including ransomware, can also be delivered via email attachments, or it can download automatically to a victim’s computer if they visit a hacked website. Once the download completes, it can take over the victim’s computer and render the device inaccessible unless a payment is made.
How to prevent ransomware
For your computer, CSO online recommends the following steps:
- “Keep your operating system patched and up-to-date to ensure you have fewer vulnerabilities to exploit.
- Don’t install software or give it administrative privileges unless you know exactly what it is and what it does.
- Install antivirus software, which detects malicious programs like ransomware as they arrive, and whitelisting software, which prevents unauthorized applications from executing in the first place.
- And, of course, back up your files, frequently and automatically! That won’t stop a malware attack, but it can make the damage caused by one much less significant.” – From: https://www.csoonline.com/article/3236183/what-is-ransomware-how-it-works-and-how-to-remove-it.html
How to protect your WordPress website from malware
Much like the tips above, you want to make sure to:
- Keep the WordPress core files, plugins and theme files up to date. If you can enable auto-updates, that’s the best way to implement updates quickly. Just be sure to check on your site regularly, or turn on notifications so you know when an update is applied. You’ll want to test that your site is functioning correctly after any major update.
- Only use well known plugins, or plugins form well known developers. You can check the plugin directory for ratings and downloads. Both metrics should have high numbers and positive reviews.
- Create regular or automatic backups. A good WordPress hosting provider will offer automatic backups with your service, if they don’t, it’s worth adding it on. Just be aware that you should ALSO do the next step – especially if automatic backups are only stored for a short duration of time, like 2 weeks. I like the plugin All In One WP Migration for easy backups & restores.
- Store a copy of the website backup locally. If the server goes down due to a widespread malware infection or held hostage through ransomware, you’ll be able to move to a new hosting provider and get back online immediately.
- Install & run malware scanners daily. Again, a good WordPress hosting provider will offer this service as part of the hosting agreement, but if it’s not included, install a plugin like Wordfence – and set it to scan daily. Just be aware that this plugin is a little resource heavy, so be strategic with the settings.
Is your WordPress website hacked?
If you think your WordPress website has malware installed, contact Contento Interactive Group LLC. We carefully asses your situation. In most cases we’ll get your site up and running again in no time.