As a computer user, you know that getting malware in your computer can be a big pain. It disrupts your computer use. Worse, it may also be used to access your private information and gather sensitive information from your computer.
Now, imagine that your website has malware and anyone visiting your site could be infected with malware. That is enough to make anyone who wants to go to your site hit the back button so fast and never to return again.
Malware is a serious problem on the Web — and key players on the Web ecosystem such as search engines and browsers actively take steps to prevent the spread of malware. While you may initially think that malware is not a problem that will affect your website, think again. Vulnerabilities in your server and software you use for your website could be exploited by bad elements and inject malicious code into your website to help spread the malware to other Web users.
You may just wake up one day to find that your own site has malware. Imagine that you are trying to go to your website in Google Chrome, typing its URL in the browser address bar; or you are on Google and searched for a keyword to check on your site’s results. But instead of seeing the familiar look of your website, you get this huge warning from your browser:
Effectively, Chrome (or any other browser) will block access to your website. Even though Chrome gives the option to continue going to the site at the user’s peril, do you think users will actually go to your site? No! They will click the “Go Back” button and go to your competitors instead.
Getting blocked by browsers due to malware on your site is a kiss of death. Your traffic plummets, income disappears, and your reputation damaged. Not only are you going to lose traffic that day (assuming you cleaned up your site in only a day), but many of those visitors will be scared of going near website again even if the malware is gone. Unless you’ve got a high trust factor with your audiences or a strong brand, it is not easy to recover from being labeled as a malware carrier. And the longer your site is blocked by the browsers and the search engine, the more painful it becomes for you and your business.
People may also start spreading the word in social media that your website has malware. Take for example the malware infection that occurred with Moscow Times, the largest English publication in Russia. While they initially downplayed the malware alerts as false positives and tried to soothe the nerves of their Facebook fans by telling them that it is ok to visit the site, their fans still said that they won’t visit the site until after the malware problem is resolved.
The browsers such as Chrome, Internet Explorer or Firefox are simply protecting their users as best as they can. When your site is hacked and malicious code has been injected, you have no choice but to clean up your site as fast as you can.
To make sure that your site has no malware, here are steps you need to take including what to do to fix your malware problem if you have it:
1. To the extent possible, check and visit all your websites every day.
This is especially true if you are operating several websites, and some of them are inactive. Visual inspection and actually going to the site is the best way to check whether your site is being blocked or not due to malware.
2. Set up an email alert in Google Analytics (or whatever your web analytics software is).
Set the alert to be triggered and send you a notification when traffic to a site decreases by anywhere from 50-75%. If your website’s traffic is down by 75%, you know that something is seriously wrong and you need to check what happened to the site — and one of the reasons could be that the browsers and search engines are warning people about the malware on your site.
3. Bookmark the tools you need to use:
- Check your website using the Google Safe Browsing diagnostic http://www.google.com/safebrowsing/diagnostic?site=www.example.com (replace www.example.com with your website URL)
- Scan your website using tools such as Sucuri SiteCheck (if you are on WordPress, they also have a plugin that you can install) http://sitecheck.sucuri.net/scanner/
4. Clean up the malware.
- If you can login to your site, be sure to install anti-malware and malware removal plugins or software. If you cannot login to your site, check with your web host if they can help you find the malware and remove it from your website.
- Go to Google Webmaster Tools (click Health → Malware) and it will list sample URLs from your website identified as containing malware code. Use the list as your starting point. Go to those pages and remove the suspicious code.
- If you have a backup copy on your computer of your website files, compare the file you have on your computer with the version of the live website to see what codes have been changed or added. That will give you an idea of what code you need to look for and remove.
- If you have FTP (file transfer protocol) access to your website, go to each folder directory and inspect suspicious files. If the folder only has .html files and you suddenly find an archive.php file where it shouldn’t be, then that could be one of the malicious files injected into your website. Check the date when the file has been uploaded; chances are high that these files will be present in several directories. They will not always have the same filename, but they will have the same upload date and same file size.
- If you cannot remove the malware, ask your web host to upload an old backup of your website — back to the day when you are 100% sure that your site is fully functioning without any malware injected. Once the back up is up, be sure to run the malware removal software or application in the event that the malware has already been injected into your system previously.
- Once you have removed the malware, go to Google Webmaster Tools and request a malware review. Google will scan your website to check if there are still malware. If no malware is found, Google will remove the warning on the site. If there are still malware, Google will give you a sample list of compromised URLs where the problem still exist.
Malware is a serious issue on the Web, and could cause a huge blow to your business. Having malware on your website can slow down your site performance, and any downtime can have a severe impact on your sales and revenue. You may also lose any chance to bring back new visitors who were planning to go to your site, but scared off by the malware warning.