I read a really interesting (and frightening) article this morning on the rise of self-aware malware. You can read it for yourself but basically it describes how new malware attacks on websites are becoming so advanced now that security experts are essentially giving up trying to stop the attacks and now focus much of their attention on cleaning up after the event.

What ever security systems you put in place you can’t 100% guarantee that your website won’t get hacked eventually and if you think that your website is so insignificant that it won’t be effected then think again. Most hacking effects small websites – not the massive corporations that you might expect.

A good hosting company will have systems in place to try and stop their servers being effected but they can only do so much. The nature of shared hosting is such that all servers are essentially exposed to constant attacks and it only takes one vulnerable website on that server to be infected to have a cascading effect across the whole server.

How can you protect your website?

While you can’t do anything about other websites that are hosted on the same server as yours there are some steps you can take to protect your site against hacking.

  1. Choose a good hosting company. We recommend Heart Internet and Fasthosts to clients looking for hosting providers but there are many out there. In my experience they all have different approaches to security so you need to ask them how they protect their servers from attack and what back-up options you can implement in case the worst happens.
  2. Have a daily back-up. This is where hosting companies vary. Some provide an optional daily backup service whilst others offer nothing. Choose one that does as it will give you a lot of peace of mind. Even if you or your web designer have your own off-line backup available it’s always useful to have a daily backup done.
  3. Keep your content management system up to date. This is especially true if you use one of the more popular content management systems such as WordPress. The organisations behind these CMS’s are constantly updating their software to secure them against new threats so keep the versions updated. This goes for any plugins that you use too.
  4. Implement a malware scanner. There’s a growing number of third-party companies (such as Sucuri.net) that will scan your website for any threats and infections. You might think this is the duty of your hosting company, and you’re right – it is but they’ll be scanning thousands of sites and often won’t scan your site for a few days so having a daily scan is very useful and can help you avoid any penalties from an over zealous hosting company (such as deactivating your site until you clean up the mess).
  5. Add a firewall. An additional level of protection can be provided by a firewall. Again, there are a number of companies that can provide this service but we recommend Sucuri.net. Simply put, they add an additional server in between the visitor and your site and keep a record of blacklisted I.P. addresses so can block access from any of these locations.

At the end of the day, whether you want to protect your site against the threat of attack comes down to how important your site is to your business. You might decide that you can live with an amount of interruption because it’s not a big part of your marketing or sales process. However, having an infected site can be a massive turn off to potential customers, it can have a negative effect on how Google ranks your site, and cost you money to put right so it’s well worth spending a little to protect your site – especially with the rise in attacks that we’re seeing at the moment.