Beware of Badware
What is badware?
Badware is exactly what it sounds like, software that is bad for your computer and website. It basically over-rides the decisions a user makes about how they use their computer and their site.
One very dangerous type of badware is called "malware"
, which includes viruses, spambots, trojans, and other destructive software. Malware is typically used in criminal acts like stealing financial information, passwords and usernames from web servers and poorly protected websites.
The three most common types of malware we see on hacked WordPress sites are malicious scripts, .htaccess redirects, and hidden frames.
There are three major steps when it comes to malware and your website:
- Preventing infections in the first place.
- Identifying malware behavior.
- Removing malware from your files and database.
If you do the first item correctly, you won't have to deal with the last two.
Effectively protecting your WordPress site requires much more than just one or two plugins and the garden variety advice you may find on the web. Why? Because the hackers have already read that same stuff and are constantly devising clever new ways around it.
One particulary sneaky malware hack reproduces itself in about a week... if some very hard to find scripting isn't removed in the intital clean-up. We've gotten many calls from irate WordPress users who've paid someone else to clean up their site, only to have it re-infected with the same hack 10-12 days later.
Keeping your mouth shut is some the best security there is.
We advise all our clients not to go around telling people what we've done to protect their sites. Some of our work can be noticed only by somone with a well-trained eye, but we ask clients not to blab all over the place about the work they can see.
That's like telling a house burglar where all the motion detectors, floor switches, and door sensors are. It really doesn't take much skill to break into a home when you already know how and where the alarm system is wired.
There's an old WWII saying that's even more true about today's Internet security than it was back then...
"Loose lips, sink ships... and they will take down WordPress sites too!"