How to Keep Your Websites Safe from Hackers and Rogue Malware

by on 13/07/12 at 2:10 pm

If there’s one other thing that webmasters hate the most besides being pushed down the SERPs ranking, that’s having their websites hacked or penetrated by rogue malware. This is why ensuring the security of your website should be high up in your priority list. All the SEO work would be useless if your website gets hacked or infected.

There have been cases where the attacked site ranked for terms they wouldn’t want to (i.e. payday loans) and that could negatively affect the site’s reputation. When we perform competitive backlinking analysis as part of our SEO services, we sometimes identify hacked sites (usually high PR site, organization or even university sites) that have been compromised with the purpose of gaming the search engines. You don’t want your site to be in the same position.

There are so many ways to secure a website. If you have no personal knowledge about this, you should hire an expert or a that can help install safety nets into your website. Google itself has recognized the danger that hackers and viruses pose for websites, and have given some tips on how webmasters can keep their websites safe.

Here are some things you should keep in mind:

1. Be selective of the third-party content you put in your website. It is common for webmasters to post widgets, social media buttons, embed videos and counters for added visual appeal, or supplementary information. The problem is, these third-party content can also be windows through which hackers and viruses can enter your site.

Google recommends that you only use the ones created by reputable and reliable sources. Check if other websites are using them as well and try to ask for the opinions of their webmasters.

2. Use the more secure SSH and SFTP protocols for data transfer. These two encrypt data, which makes transfers more secure.

3. The following are examples of malicious data that you should purge from your website. Learn to identify them and get rid of them:

  • .htaccess redirects – Although there is a web server that uses this server file as a command central of sorts (i.e. make a collective configuration changes in website directories), hackers are also known to use the same file to redirect your visitors to another website. Even worse, visitors may think badly of your own website for redirecting them somewhere else where rampant product sales talk is going on, even though it’s not your fault.

 

  • hidden or misspelled scripts- These are another form of sneaky redirects that hackers often embed directly in websites, the third-party content posted there, images, or files embedded in the page. The least they can do is redirect visitors to another site; the worst is they can transmit badware into visitors’ computers.Be wary of malicious scripts with misspelled words (example: www.google-anaitycs.com) suddenly turning up in your websites. Very long scripts that are gibberish jumbles of letters and digits—which you had nothing to do with—should be regarded as suspicious.

 

  • Illegal iframes - These are separate frames in a website that are forcibly inserted by hackers into other websites. The contents of iframes are entirely up to the hackers, and they can fill it with all sorts of badware.Check your website’s source code once in a while so that you can spot iframes you’ve never installed yourself; but since they can also be hidden from visitors (hackers will just load them for the sake of ruining your standing with Google), look for suspicious scripts with <iframe> and remove them. (If you’re not confident about removing scripts though, you could hire the services of more tech-savvy individuals to do the cleanup for you.)Spotting iframes can be tricky, since hackers can hide them using scripts or other means. So you’ll also want to make yourself familiar with your web site’s source code so that you can tell if something’s fishy.

4. Keep your website’s security configuration updated at all times. These security measures may either be installed by you (ex: firewalls, passwords, malware alerts) or your hosting provider. Another thing: if you use passwords, make sure that they have high-strength ratings (random combinations of digits, letters in caps and lowercase, and special characters) and change them regularly.

Updates are especially important for CMS engines like Joomla and WordPress, since they are magnets for hackers and need to be frequently kept up-to-date.

Lastly, keep a backup of all your website files. This is just a precaution if ever things truly get ugly. Your backup should be kept separately too, and on a different server if you’re storing them online.

For more information, you may also want to check out the following links:

 

 

About The Author: Brian Nixon is a search engine optimizer who writes for Pitstop Media Inc, a Vancouver SEO company that provides top rated services to businesses across North America. Brian has more than 10 years experience in professional SEO, as well as strong knowledge conversion rate optimization experience and Google Analytics.

Related posts:

  1. 12 Ways Hackers Can Break Into Your Web Site, SaaS App or Customer-Facing Online Systems
  2. Underground Hackers Have Trouble Reaching The Cloud
  3. Most Common Ways Hackers Exploit Using Social Engineering
  4. What Processes Do Hackers Follow?
  5. Why Corporate Targets Are Especially Attractive to Hackers and Cybercriminals

Leave a Reply