Protecting Your Website from Malware
Malware can compromise your website, steal visitor data, and damage your reputation. This guide covers how to protect your site from malware and what steps to take if your site becomes infected.
How to Prevent Malware
- Keep everything up to date — Ensure your CMS (WordPress, Joomla, Drupal), plugins, themes, and PHP version are always running the latest versions
- Use strong passwords — Set strong, unique passwords for your hosting account, Plesk, CMS admin, FTP, and database users
- Remove unused software — Delete any plugins, themes, or applications you're no longer using
- Only install trusted software — Only download plugins and themes from official sources. Avoid free or pirated versions of premium software, as they often contain malicious code
- Use FTPS for file transfers — Always connect using FTP-SSL to keep your login credentials encrypted during file transfers
- Restrict file permissions — Set appropriate file and folder permissions to prevent unauthorised modification
- Enable spam filtering — Use SpamAssassin to filter out malicious emails that could be used in phishing attacks
- Back up regularly — Keep regular backups of your website so you can quickly restore a clean version if needed
What to Do If Your Site is Infected
- Run a malware scan — Use ImunifyAV in Plesk to scan your website for malicious files
- Review scan results — Check the results and identify any infected files
- Restore from a clean backup — If you have a recent backup from before the infection, restore it using the WP Toolkit or Plesk backup tools
- Change all passwords — Update passwords for your Zeniar Portal, Plesk, CMS admin, FTP accounts, and database users
- Update all software — Ensure your CMS, plugins, and themes are fully up to date
- Contact support — If you need help cleaning up your site, reach out to our team at [email protected]