As your website becomes more popular, it becomes a higher priority target for hackers. You might not have too much to lose at the beginning of a business’s lifecycle, but when it starts generating revenue, the costs of being hacked increase dramatically. There are several ways in which your website can be compromised like:
- Unauthorized logins
- Exploits allowing users to access higher level permissions
- Someone injecting code into your frontend and making money off affiliate links
- Using your site’s resources as part of a botnet
And many more…
The dangerous exploits are ones that keep you in the dark about their operations. You might not even be aware that your users are seeing content that you never intended them to see. Obviously, this hurts not just your users, but your reputation, your revenue, and your standing with search engines. So here are two ways you can keep your site clean of malware proactively.
1. Scanning from your Web Host
This is when your web hosting has services that automatically scans your site including checking for suspicious scripts and monitoring executing patterns. Naturally, this depends on your web host – some provide it for free, and others don’t.
NameHero for example has tied up with Imunify360 to provide round the clock security to all its hosting plans for free! This is quite a big deal as all the other major web hosts charge additional fees for this kind of service. It’s hard to overstate the convenience of this. For perspective, purchasing the Imunify360 separately will cost you $12/month for a single server. In most cases, that’s comparable to the price of web hosting itself!
Because it’s a server-based scanning system, it doesn’t use up resources from your plan. Which means the extra security doesn’t slow down your site.
The other advantage is that since the scanning system is protecting other sites on your server, you get the spillover benefits as well. If you can manage to obtain this kind of service from your hosting provider, that’s the number 1 option.
With NameHero, you can click the Imunify360 icon in cPanel as shown here:
And once inside, you can configure the level of protection you want. For example, you can set it to automatically kill, quarantine, or merely log the warning like this:
So much for server based scanning systems. But what if your web host doesn’t offer this kind of service for free, or if their existing plan is too expensive?
2. Plugin Based Protection
The second (less ideal) solution is to use a WordPress plugin for scanning your site. Here too you have paid and premium options. But of the lot, my vote goes to WordFence. Even though they have a premium tier, their free service scans your site every hour and comes up with a list of warnings/recommendations.
For example, running it on my test site for the first time, I get a warning that three of my plugins are out of date:
Remember that WordFence is a scanning software and doesn’t offer to “harden” your site compared to other plugins. For example, I’d previously written about changing your login page using the iThemes plugin. WordFence won’t be able to do that for you, but its bot blocker options are far superior to iThemes, since it’s a dedicated plugin for that purpose.
Try and activate server-based malware scanning for your site if it’s available. NameHero is one of the only web hosts that provides it for free. But in the absence of a server-based scanner, you’d do well to install a plugin to do the job for you.
I’m a NameHero team member, and an expert on WordPress and web hosting. I’ve been in this industry since 2008. I’ve also developed apps on Android and have written extensive tutorials on managing Linux servers. You can contact me on my website WP-Tweaks.com!