Unfortunately, with the increase in websites has come an equal or greater increase in people who think it’s clever to try to hack, damage, and generally misuse those sites.
Malware, viruses, SPAM and phishing have all become a sad part of everyday life in this interconnected world, and no one is immune. I wish there was one, surefire way to protect a website permanently from all hackers, but the nature of the internet means that is simply not possible.
There are a number of solutions to the malware/hacker problem, here are the top five:
- Don’t have a website. No website means no hackers. It’s also boring.
- Back up your site hourly and whenever you discover that you’ve been hacked, wipe everything and restore from the latest backup…. then wipe everything again and restore from the next latest backup and repeat until you find a backup from BEFORE you were hacked.
- Wait until you’ve been hacked, then shout and scream at your web host, blaming them for something that is almost definitely not their fault, and hope and pray that they’re willing to help out.
- When you get hacked, wipe everything you’ve ever done from your website and start all over again, from the beginning. Manually.
- Pay a not-unreasonable sum of money for yearly protection against such things.
My suggestion is that you go with a mixture between numbers 2 and 5 – and here’s why:
There is nothing, absolutely NOTHING that can beat a good backup system. Nothing at all. Even with malware/virus protection and monitoring, there’s always going to be some bright spark somewhere in the world who manages to come up with a totally new way to hack websites who will get around whatever protection you have and cause damage to your site. It’s inevitable, so having a recent backup is always a good idea.
If you only do one thing to protect your site, daily backups need to be it. No question about it.
So why pay for protection then?
“Protection” is an interesting word. Any form of malware “protection” is never going to be a blanket-inoculation, in fact, “protection” is probably the wrong word to use entirely, since most of it is reactive to new threats but a good “protection” system will do four essential things:
- Clean. Are you sure you don’t have a virus right now? How do you know? There could be something lurking on your site like bacteria in a toilet bowl – practically invisible and waiting for the right time to strike! The first thing any service will do is check for current infections and clean them out.
- Harden. There are known weaknesses in all web technologies. Your protection service will will search your site for those weaknesses and tell you what you need to do to protect yourself against them.
- Monitor. Do you check your site every minute of every day? No? I thought not. Thankfully, a Malware protection service will monitor your site frequently (as frequently as you’re willing to pay for) to spot new infections as quickly as possible.
- Alert. As soon as the monitoring portion of the service picks up a new threat, it will alert you to the issue and let you choose what needs to be done.
The process then starts again and continue to revolve as long as you are willing to continue paying for it.
Where to get Protection
There are many protection services out there, including ones from big companies like Symantec but the most straight-forward, understandable and friendly service I’ve ever found is from Sucuri.net.
The guys at Sucuri are friendly and passionate about helping to protect your site from malware. Whether you have one website, many sites or even if you run a web hosting business with hundreds of sites on your servers, Sucuri have a pricing plan that will fit any budget.
The big question is though, can you afford to NOT get protection for your site?