Protecting Your Site from Spam and Malware
With 140,000 websites created daily, protecting your site brings necessary comfort to you and your users. But how do you go about protecting your site from spam and malware? With these six steps, you can secure your website in no time at all.
Six Steps Towards Protecting Your Website From Malicious Threats
If any of these steps seem complicated or confusing, our TechTe.am professionals are ready to help you through the process of protecting your site.
Tip #1: Encrypt your site with SSL
A Secure Sockets Layer Certificate, also known as an SSL Certificate, secures millions of websites with encrypted end-to-end connections. SSL certificates use what are known as key pairs, or public and private keys, to establish the encrypted connection. They also include an identifier that confirms the identity of the site to your visitors.
To get a certificate, you must first create a public and private key for your server along with a Certificate Signing Request (CSR). You will provide the CSR to the SSL certificate issuer, who will then create a structure to match your private key. The issuer should never see your private key.
SSL protected sites are more likely to be trusted by general users, and less likely to be visited by spammers. If you’re conducing any kind of ecommerce on your site, you will have to have an SSL certificate.
Tip #2: Update regularly and use a firewall
There is nothing worse for a website owner than getting blacklisted from search engines. Detected malware can get your website removed quickly, which is why you should take preemptive steps towards protecting your site.
The most important thing is keeping every part of your website up to date. Everything from the CMS you use to plugins and themes must be updated to prevent backdoor access, and make you less susceptible to spam and malware attacks.
Website firewalls detect where traffic is coming from and what it requests. With this information, the firewall allows legitimate connections and blocks malicious ones, leaving your website free from spam and malware attacks.
Close to 1 million new strains of malware are created each week. Without taking the proper steps to protect your site, it can be more susceptible to attack. The good news is taking simple precautions like updating your site and using a firewall dramatically reduce your chance of being affected.
Tip #3: Use SSH instead of FTP
If you’re starting your website from scratch or are in the early stages with a platform, you’re probably using the traditional File Transfer Protocol (FTP) to transfer files. Simple and easy to use, FTP is popular among users. However, it’s not the safest way of handling your data. A Secure Socket Shell (SSH) is a common and secure alternative to FTP.
SSH uses a public key encryption similar to the method used by SSL. It also has a speed advantage over FTP, being much quicker to upload and transfer files. If you use a firewall, SSH will continue work well, whereas some problems may occur with traditional FTP.
SSH is available for all major operating systems, including UNIX distributions, but does come with a fair bit of complexity in its use. If the technical complexity of SSH is too high, consider using Secure FTP (SFTP) as a fall back. Alternatively, get in touch with us and a TechTe.am member will be happy to set up the best file security protocol for your site’s needs.
Tip #4: Scanning your website
What’s worse than being blacklisted? Having web browsers block your website due to malware. Scanning your website, or having your web host scan your site for you to make sure successful attacks are noted and fixed, allows you to stay ahead of the game with potential attackers. Making regular scanning part of your web maintenance routine means you’ll be a step ahead of protecting your site, and have the chance to combat any infestation before it affects your site’s reputation.
Common forms of attack range from pharma hacks, also known as spam attacks, to phishing, malicious redirects, drive-by downloads, and injections. These form of attacks are hidden and are not meant to be noticed. Attackers want your website to be available for as long as possible, to gather data, infect users, and send out spam.
Sites can be scanned to find any unusual changes or defacement. Remember that an attacker will be less likely to deface your website than to use it as a host.
Tip #5: Backing up your files
If all else fails, you may have to revert to a backup. Having a backup is the best, last ditch way to defend against an attack found late. In some cases this can be done at a click of a button. Backups may also come with the ability to monitor and scan for attacks. When it comes to site protection, it’s always good to have a backup. Try to have multiple backup solutions and test the backups regularly.
Tip #6: Use secure passwords
If there’s anything that can destroy all your hard work, it’s a lack of security. Make sure your passwords are strong and secure. Do not use the same password more than once, and make sure you include symbols, capitals, and avoid dictionary words.
If security concerns overwhelm you, or you find these measures for protecting your site difficult to employ, do not fear. Our TechTe.am professionals are ready to help you take that next step towards protecting your site.