Every day across the internet, hackers, malicious users, and cybercriminals, for whatever motive they may have, compromise thousands of websites. Their hacks are even sometimes invisible to users, but can remain harmful to visitors viewing the page, including the site owner. Unbeknownst to webmasters for some amount of time, their site has become infected with various forms of harmful code; some have shown able to record keystrokes on visitor’s computers, and even steal login credentials for financial account or online banking.
You may ask: Is it my web host’s responsibility to protect my website? The answer is: both yes & no. Your web host, like 4GoodHosting, has implemented strong network security mechanisms and various other security measures to ensure your website works optimally. However, keeping each website secure is also the responsibility of the webmaster. Shared hosting is also by nature an “unmanaged” environment. This implies that each customer is responsible for updating their applications, website code and implementing security precautions to protect their website files and CMS (Content Management Service – such as WordPress/Drupal/Joomla). Over the years we have seen various and some recent vulnerabilities with popular applications such as WordPress. Sometimes these breaches through WordPress have impacted customer websites; because the site owners’ did not keep their applications up to date – even after receiving notifications that their installation needs to be patched due to vulnerabilities that have been identified. Some examples of these attacks are: SQL injections, Code injections, template holes and many more.
If your site gets hacked what should you do? Here is where you should ask yourself: “Do I want to handle it myself? Or get help?” Here at 4GoodHosting we follow a well thought out and rigid methodology that enables us to automatically scan for and identify malware/hacks on our customers’ sites. We have built a rigorous process to resolve and fix the attack, “hack” as soon as possible.
We employ the following steps:
1) 24/7 Monitoring
2) Scanning of the site
3) Assessing the damage (hacked with spam or malware)
4) Identify the vulnerability
5) If necessary, Quarantining the site
6) Validating backup files
7) Clean and maintain the website
However, if you are up to it – some simple steps can go a long way in the event that a hack has occurred. If you are using a CMS such as WordPress, check your user accounts and make sure you have unique passwords that follow secure password principles. Next update your web applications to the latest release and whenever a patch is released. We offer Sucuri’s service which offers basic month-to-month, or yearly fee, that monitors your site and notifies both you and us in real time whenever an issue occurs.
Meanwhile, we actively scan all pages of customers’ websites for possible malware threats and virus’s. Additionally, our Sucuri service continually monitors for new versions of malware so it protects your business from any emerging threats. Our 4GoodHosting security experts take a proactive approach, and work with our customers to actively manage any malware notifications.
This last point has been a key benefit for 4GoodHosting customers as we avoid common issues that we have seen with “automated” malware removal – where the such systems just carves out the code without the recognition of scenarios that could cause a site to produce other errors or to crash.
In the event that an issue is identified, 4GoodHosting’s security experts take all necessary actions to rectify the situation including validation of clean backups and files, while continuously keeping in communication with the client via a support ticket opened for the respective site owner.
Here are some of the features of Sucuri:
* Standard & Advanced Malware Detection including .htaccess
* Hack Detection
* Webpage Defacement Detection
* Phishing Page Detection
* Malware Cleanup
* Blacklist and Reputation Monitoring
* Speed Monitoring & Up-time Monitoring
* WordPress Plugin Scans
4GoodHosting’s Defense Network layer approach;
-Your website will be protected from botnets and malware, and your website’s IP reputation will be protected as well.