Steps to a Safe and Clean Website
If you are reading this page, then you are on your way to being proactive and taking steps to help reduce the risk of a reinfection. Letโs work together to minimise your risks and ensure that your site remains clean.
1- Enable the Website Firewall โ WAF
There is a growing number of software vulnerabilities, being exploited by attackers. As a website owner, trying to keep up with them can be very challenging. This is where our Sucuri Firewall comes into play. It will stop attacks before they can reach your website. Note, that it will only start protecting your site after you activate it by changing your siteโs DNS settings. If you need help doing this, just open a ticket in our system providing us your domain registrarโs username password and weโll configure it all for you.
2- Update your website!
If you are using WordPress, Joomla (or any other CMS), please update it to the latest version. Why? Because out-of-date software is the leading cause of infections. This also includes your plugins, themes, and any other extension type.
3- Change your passwords
Change all passwords related to your website: FTP/SFTP, cPanel/Plesk, WP-admin, database, etcโฆ These could have been compromised and we do not want you to be reinfected because the attackers can still come back in with authenticated access. The following guides show how to change your password on the most common CMSโs:
Be sure to choose a strong password. A strong password is based around three core components: complexity, length, and uniqueness.
*Password Tip: Start using a password manager like: Peguta or LastPass. Theyโre online and free.
When changing your database password, please be sure to update your configuration file โ Joomla: configuration.php and WordPress: wp-config.php. This is not an automated process so you will need to know how to open those files and edit manually. If youโre not familiar with making changes to your database and configuration files, contact your host.
If you unsure how to change your passwords, contact your hosting company for details or you can Google โYOUR HOSTING COMPANY โ FTP passwordโ for instructions how to do so.
4- Run a virus scan on your computer.
In many of cases, websites are compromised due to desktop malware that steals credentials. For this reason, you will want to take a moment to run an antivirus scan on your computer. We also recommend looking at additional tools to protect your desktop, such as Malwarebytes (Windows and Mac) and CleanBrowsing (DNS-based).
5- Backup your site
After the site is clean and secure, a very good practice is to do daily backups. There are a number of backup solutions out there you can use. If you are a client of ours you can sign up for our Website Backup solution. Itโs a simple configuration that works off FTP / SFTP and stores all your content and database in the cloud.
6- Security WordPress Plugin.
We recommend installing a security plugin – either Sucuri, Wordfence or iThemes Security.
7- Clean your Kitchen.
Too often the issues we see plaguing our clients are caused by โsoup kitchenโ servers. Old installations of their content management systems, themes or plugins. Over time these old installs become forgotten but grow ripe with malware thatโs ready to infest their entire server after each clean. Take a minute to separate those things that belong on a test, staging and production server. Read more here
