How to get virus protection for your website

No one wants this disease

Almost every day there is news about websites getting hacked, organisations getting infected by ransomware or malware, and businesses suffering massive losses due to stolen data. In fact, Google blacklists thousands of malicious websites daily. These websites are created by hackers and are identical copies of legitimate sites. The idea is to trick users into revealing their login details and sensitive information like credit card numbers and bank account details. In this environment, you’re smart to be thinking about virus protection.

If your website is already infected, check out GoDaddy’s Express Malware Removal. It can start cleaning up in as little as 30 minutes.

In this article, we touch upon the key things that you need to know about malware and virus protection.

5 things you can do now to protect against viruses

Viruses and malware can bring a business website crashing down. If you haven’t been infected yet, use these virus protection tips to minimise your risks.

  1. Invest in a malware removal tool.

  2. Add SSL encryption.

  3. Make regular back ups.

  4. Keep everything updated.

  5. Review your PCI compliance.

Before I list the preventive strategies, let us first discuss the scope of the problem and how it could endanger your business.

Viruses, malware and other threats

Virus Protection Menacing Figure
Hackers typically steal data to make money on the darknet.
Photo: Katy Levinson on  CC BY-SA

Malware or ‘malicious software’ is a broad term for all the different types of threats including viruses, Trojan Horses, adware and spyware.

Essentially, malware is a piece of software written by a hacker with a specific intention. The intention could be various things, and the motive is usually financial gain. A hacker might write a malware to:

  • Steal sensitive data such as login names and passwords.
  • Inject malicious code that allows them to take over a website.
  • Deface the website.
  • Use the site for phishing.

They could also be looking for information relating to your business, to sell it to your competitors.

How does a website get infected?

Every website is hosted, or stored, on a server on the internet. This is what makes it possible for people anywhere to view the site whenever they like.

Servers are powerful computers that run 24×7 and host multiple websites. A hacker will try to infect the web server that hosts your website. On finding the software code for your website, the hacker will make modifications and insert his damaging code. That could infect one of your web pages or your entire website.

This malicious code is then copied to the computers of anyone who visits your website. And that’s how it spreads.

What are the risks to your business?

If your business website gets infected by malware, your customers are in grave danger. If they learn about the infection, they will most likely not transact on your site or simply avoid visiting it.

Your business’ reputation would take a beating. Customers would lose confidence and trust.

Hackers who steal login credentials of your customers could make fraudulent purchases using stolen credit card numbers. They can then plant malware on your customers’ computers and use these as ‘zombies’ to access other web servers.

A large group of zombie requests to a web server will result in unnecessary traffic to that website — and deny access to legitimate visitors. This is called a distributed denial of service (DDoS) attack.

Apart from that, hackers could steal confidential business information from your databases on the web server — and sell it to competitors. They could potentially study the techniques you use on your website to get better search rankings on Google — so that your competitors’ website would always appear before yours in search listings.

The Google blacklist

If Google finds that your website is infected, it will add it to its blacklist and your website will not appear in search results. Clients who try to go directly to it will receive a big, bold warning.

People who try to open a website that’s been blacklisted receive a warning like this.
Virus Protection Red Malware Warning

Any business that depends on its website to carry out day-to-day operations will suffer if its website suddenly goes offline. The consequences include:

  • Huge inconvenience until the site has been restored to a clean state.
  • Loss of credibility and goodwill.
  • A decline in business and clients.
  • Financial hardship due to what it costs to fix the infection.

Hackers could also do horrible things like defacing your website pages and replacing these with their own pages. That would be embarrassing.

So, there is a loss of reputation, loss of trust and loss of business opportunity.

What you can do to prevent future infections

Hackers will always come up with new, ingenious ways to attack websites. And the more sophisticated the website, the more likely it is to be targeted. (By sophisticated, I mean more features — like shopping carts, analytics, online payment options, etc.)

Even if you use the best security defences, there is no guarantee that your website will not be attacked in the future. But here are some virus protection strategies that can minimise the likelihood of that happening.

1. Invest in a malware removal tool

Removing malware from an infected website requires expertise. This task is often done manually by security experts.

You can avoid this scenario by installing one of the malware removal tools that are available online. They are both effective and reasonably priced.

GoDaddy offers one such tool. Website Security scans your entire website and automatically removes any malware it finds. The Express and Deluxe plans include a web application firewall (WAF) that proactively prevents malware from reinfecting your website.

Virus Protection Infographic

2. Add SSL encryption

Secondly, I recommend you get SSL protection from a reputable Certificate Authority (CA). One such CA is GoDaddy, and you can view all their plans here. The SSL certificate is a digital certificate and it does the job of encrypting anything entered by customers on your website. This encryption keeps hackers from stealing sensitive details in transit.

3. Make regular backups

Thirdly, always run daily back ups of your website. That way if your website does become infected, recovery is much easier because you’ll have a clean copy to revert to.

Website Backup from GoDaddy includes automatic daily backups, built-in daily malware scanning and one-click restore.

There are basic manual backup tools offered with WordPress and other content management systems (CMS). However, if you want automatic, set-and-forget daily backup and advanced restore capabilities, you can get a premium Website Backup. If the worst should happen, it will take only a single click to restore your website to a clean state.

4. Keep everything updated

Next, ensure that your CMS is updated. A CMS is an application — WordPress, Joomla or Magento, for example — that’s used to create a website. You should also ensure that plugins, operating systems and all software on your web server are regularly updated.

Software updates often include patches for recently-discovered malware and viruses. By updating your software as soon as you receive notification, you minimise your risk of infection.

5. Review your PCI compliance

Finally, if you are accepting payments on your website, then you must ensure that it is PCI- compliant. The Payment Card Industry (PCI) Data Security Standard is a set of requirements that businesses must satisfy if they accept major credit cards. In some cases, businesses are required to pass a quarterly vulnerability scan.

Virus protection takes vigilance

There is no silver bullet to prevent your website from being infected by malware. But you can try the various approaches described in this article to minimise the chance of that happening.

And do remember, an infected or hacked website means loss of reputation, loss of trust and reduced business opportunity. So it would be worthwhile to make the investments needed to secure your business website.

Image by: Michael Amadeus on Unsplash

Brian Pereira
Brian Pereira has been writing on consumer and business technology for 25 years. He is the former editor of InformationWeek and CHIP magazines in India. He has written thousands of articles and blogs and has travelled around the world to report on technology events. Brian is currently a content specialist at a startup in India, developing content for Fortune 500 companies. He is also an aviation enthusiast and likes all things from the 1980s. He continues his journalism work on his own platform Digital Creed.