One of the most important features of a website is its security. A website infected by malware can never be considered a secure site. But of course it’s not always easy to find out how that malware ended up infecting your domain.
There’s a lot of ways that someone can use to get your site infected. This is what lead us to the following question:
How did my site got infected with malware?
First off, we’re going to make a list of the main reasons why a website gets infected with malware, and then we’re going to check each one of them in detail.
- Running outdated software
- Excessive permissions for files and folders
- Weak cPanel/FTP passwords
- Local computer infected with virus or keyloggers
Running outdated software:
An unbelievable the amount of users that don’t run updates on their sites often. It’s one of the most important tasks to make sure your site is secure. Running outdated software such as WordPress will only get you problems, because you won’t get the latest security patches and bug fixes, so any hacker will be able to exploit an old vulnerability to infect your site.
Try to update your sites often, even more if you’re running popular software like WordPress, Joomla, Drupal, Magento and so on.
Excessive permissions for files and folders:
Using 777 permissions on your folders is very dangerous. With this kind of configuration, you allow anybody to write content to your folders, so it would be pretty easy to upload malware into it. We suggest using 755 permissions as maximum for folders, while you shouldn’t use permissions higher than 644 for files.
Weak cPanel/FTP passwords:
Having a password like “password” is like not having a password at all. The same applies to “123456, “yourname” and passwords like that. It’s like asking to be hacked.
A strong passwords always must contain at least 8 characters length, including at least :
- A lower case letter
- A upper case letter
- A numeric character
- A special character
You can find a lot of online tools that help you create strong passwords.
Local computer infected with virus or keyloggers:
Of course there’s no point in having a strong password if your computer is full or virus or keyloggers. If your local computer (the one you use to work/connect to your sites through FTP) is infected then you passwords will fall into the hands of the bad guys.
Lots of keyloggers and virus can steal your passwords and send them to malicious third parties. If possible, always try to use Linux or macOS, they are a lot more secure than Windows.
Those are the main reasons why your site may get infected with malware or malicious content, so always remember to update your site often, check for high permissions, use strong passwords and scan your local PC every week.
Do you have any tip you would like to share? Is there anything about this article that you don’t understand? Please let me know in the comments below.