It's important to to be proactive and take steps to help reduce the risk of reinfection. While no one can promise you the risk will ever be zero, there are many things that you can do to protect your website.
There are a growing number of software vulnerabilities being exploited by attacks. Trying to keep up with them can be very challenging to you as a website owner. This is where our Web Application Firewall (WAF) comes into play. It will stop attacks before they even happen, keeping your site secure. Note, that it will only start protecting your site after you activate it. If your DNS is hosted with us, we will take care of the necessary changes. Otherwise, you will need to activate it by changing your site's DNS settings.
If you are using WordPress, Joomla, or any other website platform, and it is not already using the stable, current version, take a minute to update your website. Why? Because out-of-date software is the leading cause of infections. This includes your CMS version, plugins, themes, and any other extension type.
Choose a good and strong password. A good password is built around three core components - complex, long, and unique. Your website has various access points such as FTP, SFTP, SSH, cPanel. Attackers understand this and will often exploit multiple points of entry. At a minimum, be sure to update the password for all administrator accounts. Often users will create more administrators than they require and only update one, but forget about the rest. There is no better time to clean up than after a compromise.
If you are using a CMS (WordPress, Joomla, etc…) change your database password. Please be sure to update your configuration file - Joomla: configuration.php and WordPress: wp-config.php. This is not an automated process so you will need to know how to open those files and edit manually. If you’re not familiar with handling changes in your database and configuration files, and your website is hosted with ITEGY, contact customer support.
*If you don’t know how to change your passwords (specified above), and your website is not hosted with ITEGY, contact your host to update your passwords.
In a lot of cases we see that websites are compromised via local environments (notebooks, desktops, etc.). It's why we always ask you to take a minute to run an antivirus product. The bottom line is, it doesn't matter how many times your site gets cleared, if your computer is not clean, your site can be easily reinfected.
After the site is clean and secure, a good practice is to do regular backups. There are a number of backup solutions out there you can use. If you are hosting your website with ITEGY you can sign up for Website Backup. Website Backup has automatic integration with your hosting account, and is very simple to set up.
Many times, we see that customers have “kitchen sink” servers, full of old installations of their content management systems, themes or plugins. Over time these old installs become forgotten but grow ripe with malware that’s ready to infest their entire server after each clean. Take a minute to separate those things that belong on a test, staging and production server.