It’s time to check your website for any security issues.
Linux Mint, the third most popular Linux distribution, after Ubuntu and Fedora, had its website hacked over the weekend. Users who visited the website were redirected to malicious download links that contained a “modified” version of the software.
Clement Lefebvre, head of the Linux Mint project, said in a blog post that “Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it”.
Great but what does that mean to me?
What’s alarming is that Clement confirmed the Linux website was hacked through its WordPress installation.
It is estimated that about a quarter of all websites (60 million) use WordPress. No wonder WordPress websites are a common target for hackers, spammers, and other malicious groups. If your website was designed using WordPress, now is a good time to perform a security due diligent.
In my experience, most people think that when a website is hacked, its homepage will look different, or defaced.
In reality, most hackers don’t want you to know they’ve done their damage. This is because as long as you are unaware, they can use your website to send spam emails and infect your visitors. It is important that you scan your website regularly to detect any hidden malware or viruses.
How to scan your WordPress website for malware or viruses
First thing to try is to ask your web developer, hosting provider or IT department scan your website for any potential issues. If you get any help or you’re managing your own website, below are three products that I highly recommend.
Sucuri Malware Scanning
Sucuri is an excellent WordPress security scanner. Its free Sucuri SiteCheck scanner will search for malware, spam injections and whether your website server has been blacklisted by sending out spam email.
Simply type in your website URL and click “Scan Website!” and it’ll let you know what it discovers. You can then take action (e.g. delete malicious files) based on that info. If it fits into your budget, their paid plan will even perform the required actions for you.
Anti-Malware is a free plugin that will scan your website for malware and automatically remove any known threats. This is installed and configured on all of our clients’ websites.
Simply install this plugin and activate it on your WordPress dashboard. Then, enter your basic info on the top right of the screen to register for free. Registration allows you to download any updates before you start the scan.
With one click, Anti-Malware will fix all the problems it finds. There are many benefits to update to their plan which will automate many processes for you.
Wordfence Security is one of the most popular security plugins available for WordPress, and it’s for good reasons. This free plugin can scan your website core files, theme files, and plugin files, against known threats.
On top of that, it gives you real-time blocking of known attackers, login security, firewall and more. It even comes with a cache that will make your website load faster.
We also have this installed and configured on all of our clients’ sites.
Do you have a favorite security tool?
There are many more security tools to safeguard your website. If you have any favorites, please share. If your website was once hacked or injected with malware, please share how you successfully fixed the issue.