Malicious Malware! What the heck?
There is a saying – update, update, update – what does this mean? ! That means website, computer and electronics! Even though we are the little guy, I have found that many people who choose to take over their website and do their blogging – (which is absolutely fine) do not listen to the advice given – which is “(Update your plugins, your themes and make sure your WordPress Software is the latest and greatest!)”
What you may not realize:
- BOTS – what the heck is a BOT? There are good Bots and Bad Bots – I am only interested in discussing the Bad Malicious bots! These Bots are blended threats that come as part virus/worm, part bot and are used in a identity theft or to launch denial of service attacks – these are automated and instructed to infiltrate a website.
- Every website has a login to their dashboard page – the behind the scenes work that goes into creating what you see (the outcome) It doesn’t matter if you are using Joomla, Droopal or any other type of internet language to create your great internet website.
- Every site is hosted by someone! Website hosts are diligent – they work at keeping their servers secure – but that doesn’t mean that you are safe! Think banks, think credit card companies, think stores! Think anything that collects and uses data – your data! Any and everything can be hacked!
- For you website owners – keep up with the news – be pro-active not reactive!
Some Tips for you!
- Make sure that all of your logins have very strong passwords! If you are using WordPress, use a computer generated password – or any program that will randomly generate strong passwords.
- DO NOT CREATE USERNAMES with “admin” as the source! Some programs will default a username to “Admin” – be observant and change that username.
- Protect your site against “brute force attacks” – if you are using WordPress – look it up and see what is highly recommended to use – if you are using a different web format – seek out that information as well.
- Update all software! For the website – update all plugins, themes, and CMS software – be diligent here!
- Make sure your own computer system is virus free – so many people just assume their antivirus is working – and it may be – but if it isn’t updating to the latest version – your system is vulnerable.
- Make sure that your software on your computer is updated! EVEN IF YOU DON’T USE THE SOFTWARE! If you don’t update – your entire system is susceptible to a virus, trojan and or malware!
Judy’s recommendations for WordPress Sites:
- Quttera – a great malware and security software – not only does Quttera scan your external website files, but they also scan the internal ones too!
- Login No Captcha Recaptcha – Adds a Google No Captcha ReCaptcha checkbox to your WordPress login screen. Denies access to automated scripts while making it easy on humans to log in by checking a box. As Google says, it is “Tough on bots, easy on humans.”
- Block Bad Queries – a simple, super-fast plugin that protects your site against malicious URL requests. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like
base64_, and excessively long request-strings.
- Delete all unused plugins and update the ones you are using
- Delete extra themes in your dashboard and update themes that you have in your dashboard – the only requirement is to make sure you have the latest WordPress Twenty (something) theme – you do not need to have them all!
- Username – Make your Username unique DO NOT USE – ADMIN
- Password – Use a password generated program to create a very strong password
- Change out your Passwords every couple of months or once a quarter
- Last but not least – make sure that WordPress is updated to it’s most recent version
Malicious files can create havoc you cannot imagine – being due diligent and on the upper side of this (pro-active) will only help keep your website safer.