What is Malware and Why It Matters

What is malware? Malware is an umbrella term used to define malicious software (get it – MALicious softWARE) that’s leveraged to exploit a website’s weaknesses, with the intent of carrying out a number of harmful activities.

When you look at malware as it relates to WordPress websites, it has the ability to negatively impact a site’s overall performance on every possible level. This can include your web server, user experience (UX) and SEO performance.

Malware also has the potential of making you scream at your computer, throw a fit, and cry because all you worked for has dissentigrated before your eyes.

If you’re not paying close attention to the threat of malware now, it might be too late to salvage your WordPress site if it ever comes under attack. Because of this, it’s important to keep tabs on your WordPress site’s performance. You’ll also want to identify unexpected site changes as they occur, which is an important step toward owning a secure WordPress website.

In this guide, we’ll answer the question of, “what is malware?” and why it matters to you. You’ll also learn exactly what you can do to stop it before it becomes a problem. Let’s take a look.

What Is Malware and How Do You Stop It?

In a nutshell, malware is tiny bits of code that can be used to make malicious changes on your website. A lot of hackers attack your website, intending to infect it with malware.

If your site becomes infected with malware, it is important to be alerted as soon as possible. Every minute that malware remains on your website, malware will do more damage to your website. The more damage to your website, the longer it will take you to clean and restore your website. That’s why it’s vital to check your website’s health by regularly scanning for malware.

What Behavior Does All Malware Share?

While the type of damage malware causes on your website varies greatly, what it does can be boiled down to one or a combination of the following three things.

1. Add Files – Malware in the form of spyware could add a malicious file that will record your customer’s keystrokes as they enter their credit card information.
2. Remove Files – Some malware will remove a legitimate file and replace it with a malicious file of the same name.
3. Modify Files – Malware will try to hide its malicious code by hiding it in an existing file that it modifies.

3 Major Website Issues Caused By Malware

A malware attack, which stems from a malicious hack attempt on your WordPress site, can take on many forms. In fact, the ripple effects of a malware attack can negatively affect your site in ways that you may not be aware of.

Before talking about solutions to the problem of malware in WordPress, let’s first discuss the major issues you’ll see when your site is compromised by malware.

1. Server Resource Overuse

If your site server is compromised or hacked, it’s important to know that someone has gained unauthorized access to it and is attempting to use the server’s resources to their advantage.

One of the ways a malware attack will use your server resources is to attack other websites. After all, if a hacker only uses a single server to attack other sites, it can be risky. They can be easily spotted and blacklisted.

However, detection of multiple servers is more difficult. This is why a hacker is always seeking new servers to use for their malicious activities. They’ll even use popular, well-known websites to attack the sites they target so that it won’t be immediately obvious.

Most often, a malware attack will go undetected. This is because the entire purpose of these attacks is to utilize your server’s resources without anyone noticing. But if you notice that your site has suddenly started to slow down and lag, it’s a good sign that a hacker is trying to exploit your server resources.

You may notice that your server isn’t available for your site users because most of its resources are being used to execute malicious, unauthorized activities. 

It’s important to keep a close eye on any sudden changes to the performance of your website, then act immediately if you suspect that it’s due to a hacking attempt or malware. This is best done using a WordPress security plugin that you can trust to keep you alerted to server attacks.

2. Spam Email Sends

Unfortunately, email spam, in general, seems to be completely unavoidable. Did you know that email spam alone accounts for over 60% of all Internet traffic and resources?

A hacker will use compromised websites to fire off thousands of emails for any number of spammy purposes. If you have email accounts, certainly you’ve been on the receiving end of many of these attacks.

However, email servers throughout the world utilize various methods to help cut down on the spam problem. Basically, email servers will track the IP addresses of the servers that send out unwanted spam emails, then blacklist those IPs.

Because of this, hackers need to always find new IP addresses with clean records for exploiting. In other words, they want to find IP addresses that the most widely-used email providers don’t already block.

In many cases, a WordPress site owner may not be aware that their IP is being used for spam emails until their host identifies that something malicious is happening. But by this time, it could already be too late, and your domain may already be blacklisted by one of the watchdog services for spam emails, such as Spamhaus.

If you have a hacked site and malware has been introduced, it could be using your server to send out thousands of emails in your name. There’s a good chance that this could trigger your host to suspend your account until it’s cleaned and all malware is removed.

Any WordPress site owner who has been through this process knows that it’s one of the absolute worst things that can happen to your website.

3. Excess Disk Space Use

A hacker may have many different ideas in mind when they attempt to gain unauthorized access to your WordPress site. One of the things some hackers may attempt to do is use your site’s resources to store millions of unknown files.

If they succeed at this, the files will take up a huge amount of your website’s disk space. The burden that this puts on your server will most often bog down the performance of your site.

If you weren’t already aware, it’s important to know that even “unlimited” hosting plans do, in fact, have a limit. Because of this, you may end up in a situation where you can’t add any additional content to your site if a hacker has used all of your disk space.

Beyond that, the process of site maintenance will become a nightmare as you’re burdened with the challenge of finding and removing all of the unwanted files that have littered your site. Additionally, your server may ban your account or suspect you due to the malicious activities being recorded on your website.

3 Ways Malware Slows Down Your WordPress Site

When visitors to your site seek to load one of your site pages, a hacker may attempt to fetch files from another server and load it to the user along with the site page they requested. This process dramatically impacts the performance of your site because the process is too heavy on resource use.

This deteriorates UX and overall performance of a user’s browser. In fact, WordPress malware can completely change the way your site visitors see your site.

As a WordPress site owner, you know that user experience is incredibly important for the success of your business and website. If users don’t like your site’s performance, they probably aren’t going to buy anything or spend any time exploring your content.

Even worse, when a user doesn’t approve of the performance of a website, there’s very little chance that they’ll return.

Professional studies throughout the last two decades have shown that in the year 2000, the average human being had an attention span of around 12 seconds. However, in today’s digital age, that attention span has shrunk down to a mere eight seconds.

Because of this simple fact, having a slow-to-load website is extremely bad for your business.

As discussed, the overuse of your server resources from malicious attacks will slow down your site’s performance. And if your site takes more than a couple of seconds to load, the vast majority of users are going to hit the back button and seek another source of information. [pullquote]When a user doesn’t approve of the performance speed of your website, there’s little chance they’ll return.[/pullquote]

When this happens, you lose a new user before they ever had a chance to learn what your site is about. This can have horrible effects on online businesses and eCommerce stores.

Did you know that Amazon has reported that they will lose up to $1.6 billion in revenue due to only a one-second delay in site load time? Back in 2013, Amazon lost over $66,000 every minute during a period of 30 minutes when their site was down.

As you can see, the speed of your WordPress site is extremely important, and malware is one of your biggest enemies in the battle for fast-loading WordPress sites.

1. Malware Causes WordPress Sites To Load Malicious External Javascript/iFrame Resources

Almost all of us have stumbled across sites that have strange and shady pop-ups. These almost always cover most of the page and try to direct you to a third-party website to buy something, provide your email address, or ask that you take some type of action.

When we see these pop-ups, it’s always a bit confusing because they’re normally unrelated to the content of the site. What’s really happening is that someone has gained unauthorized access to that website and has put malicious Javascript/iFrame code on it.

When this occurs, every site visitor that attempts to access a page has the malware loaded onto their browser as well. This increases the time it takes for a page to fully render, makes the site slower, and dupes visitors into clicking on links that the site owner has never authorized or intended users to see.

Overall, hackers that load malicious Javascript/iFrame malware on your WordPress site are using the credibility of your site to drive your users to places you never authorized.

2. Malware Degrades a WordPress Site’s SEO Performance

If your site is doing well in the realm of SEO, expect that it is a highly sought-after site for hackers. In fact, hackers seek out sites with the best SEO to target their malicious malware attacks.

Even Google has recognized that SEO is a primary motivating factor for hackers. A hacker’s goal is to use the highest-traffic websites to redirect users to their own malicious sites.

If you aren’t familiar with SEO spamming, it’s most commonly done as what’s known as the “pharma hack.” They use the lure of pharmaceuticals as the bait to catch you.

Hackers do it all of the time.

Certain restrictions and codes exist regarding advertising drugs such as Cialis and Viagra on the Internet to control what (and what quality) are sold. As such, shady pharmaceutical retail sites will resort to the process of SEO spamming to bring buyers to their sites to purchase those products.

This is often done by inserting spammy keywords into a hacked site’s pages and posts, then cloaking them from the site’s regular users. They use your site to do their dirty work.

SEO spam is visible only to web crawlers such as Google’s bots. But there are a few different WordPress security plugins, such as iThemes Security, that can help you identify these pharma hacks in their most hidden forms.

It’s important to understand that when your site’s SEO structure is modified, it has a tremendous impact on your site. You’ll probably lose a good percentage of site visitors, along with some of your credibility and online reputation, as your SEO rankings fall and users notice a major slowdown in the speed and performance of your site.

3. Malware Leads To Google Blacklisting

Of course, Google is the Internet’s largest and most widely used search engine. They aim to provide all of their users with the best possible user experience when it comes to searching for relevant and authoritative material.

Every day, thousands of sites get blacklisted by Google because of malware issues. A high percentage of these blacklisted sites are completely legitimate blogs and businesses just like yours.

Even if you’ve been doing everything in your power to keep your WordPress site in line with all of Google’s guidelines, you can be blacklisted in an instant if your site is infected with malicious malware,

Most often, blacklisting will occur when malicious code is injected into your site without your knowledge or permission. Once your site gets blacklisted, visitors won’t even be able to gain access to your site. Google takes measures that prevent users from accessing a compromised site to protect the user’s phone, tablet, or computer from being compromised.

If your site ends up blacklisted by Google, it’ll be unreachable to users for at least several days. This will have an extremely negative impact on your site SEO, and you’ll lose your search rankings. And as you know, lower search rankings will mean far less organic site traffic.

Blacklisting also does a lot of damage to the reputation you’ve worked on building for your WordPress site and brand.

How is Malware Related to Mining Cryptocurrency?

Unless you’ve been hiding from society, you’ve probably at least heard the word Bitcoin: Far and away the most popular of the up-and-coming cryptocurrencies.

Many people don’t know (even those that invest in cryptocurrency for profit) because Bitcoin and other cryptos are generated through a process called mining.

Throughout the last several years, the popularity of cryptocurrencies has been gaining momentum on a massive scale, with more and more people learning about them and getting involved.

And because the price of Bitcoin and recently skyrocketed to an all-time high number in value, it’s become quite popular with malicious hackers who are always looking for ways to make as much money as quickly as possible.

Hackers that use Bitcoin mining as part of a malware attack will use your site visitors’ browser to mine Bitcoin or other cryptocurrencies every time your site is opened. If your site has been targeted, you’ll experience a sudden downturn in your site’s performance. This is because the hacker is using malware to harness the power of your site’s server for cryptocurrency mining.

How to Protect Your WordPress Site From Malware

Taking on malware is not something you need to do on your own. In fact, if you did, it would turn into its own full-time job. It also won’t take thousands of dollars or require hiring skilled developers or I.T. specialists.

Many issues of your WordPress website can be solved by using the proper plugin. The ease of use factors into the value of relying on the WordPress platform.

Solving the WordPress malware problem is no different.

Solving malware on your WordPress site is really as simple as using a WordPress security plugin like iThemes Security that will scan your site for existing malware, give you options and direction for how to get it removed, then keep your site safe from any new attacks by using a wide array of robust tools that were developed by malware experts.

Time to Detect a Security Breach: A Key Factor in Cleaning an Infected Website

Did you know that the average time it takes to discover a website breach is 200 days? Unfortunately, the longer it takes you to notice a breach, the more damage a hacker can do to your website, your customers, and you. A piece of malware can cause a staggering amount of damage in 200 days. That’s why it’s so important to reduce the time it takes to spot a security breach.

Why? The cleanup and downtime you will need to clean your website after 200 days worth of damage are also staggering. The time to investigate everything the malware touched and which customer’s data was stolen only increases while the breach remains undetected. Not to mention the time you will have to spend informing customers that they need to cancel their credit cards because a hacker logged all of their keystrokes while they visited your website.

The cost of getting hacked is great. You have to pay someone to investigate the breach and clean your website. The hack repair specialist will have to take your website down while they work, and people won’t be able to make new purchases while your website is down. After losing your customer’s trust, you will likely lose any future purchases they would have given you.

The cost of a hack is why it is crucial to notice a breach as soon as possible. The faster you discover the breach, the quicker you can stop any further damage being done, and the faster you can get your website and business back online.

Are Malware Scanners Enough?

Malware scanners provide a way to scan your WordPress website for known malicious files and scripts. But are malware scanners enough to spot a security breach?

In a word, no. Don’t think that you can rely solely on a malware scanner to check if your website is infected. No malware scanner can identify every piece of malware that exists. If you come across a malware scanner that claims it is 100% accurate, you should run because scans that make claims like this are often the least accurate out there.

Signature vs. Behavioral Malware Detection

The majority of malware scans and antivirus software use malware signatures to detect malware. More advanced malware scans will use a combination of signature detection and behavioral analysis.

Malware Signatures

A malware signature is a series of bytes that are used to identify known pieces of malware. Some malware scanners are powered by a database filled with the malware signatures of millions of known viruses.

Signature-based malware scanning is fast, simple, and will detect 100% known and well-understood malware pieces. All of that is great and will catch malware added by low-level hackers.

However, skilled hackers know that malware scanners check for signatures of known malware. These hackers have the ability to obfuscate malware signatures to remain undetected by your average scanner.

New malware is released at a rate that malware scanners can’t keep their database updated with all of the latest signatures. So a signature-based scanner won’t be able to tell the difference between a new bit of malware and a plugin’s readme.txt file.

Behavioral Analysis

Behavioral analysis checks a software’s actions to determine if it is malicious. There is a ton of different types of behaviors that can be deemed suspicious or malicious. For example, the iThemes Security Pro Site Scan leverages the Google Safe Browsing API to help keep websites safe. Google Safe Browsing will check to see if a piece of software is redirecting traffic to a known malicious site.

Again, there is no foolproof method of malware detection. But a combination of behavioral and signature checks will significantly increase your chances of being alerted to evidence of a security breach.

Using the iThemes Security Pro Plugin to Prevent Malware: How to Use the iThemes Security Pro Site Scan

We know how crucial it is to detect a security breach as soon as possible and that relying solely on malware detection isn’t enough. So how does iThemes Security Pro reduce the time it takes for people to detect security breaches on their websites? It does the work even when you aren’t looking.

Wouldn’t it be nice to be alerted to unexpected changes to your website so you can inspect them for signs of a security breach? The improved WordPress Security Site Scan powered by iThemes performs automatic checks for known vulnerabilities installed on your site. And if a patch is available, iThemes Security Pro will now automatically apply the fix for you.

The iThemes Security Pro Site Scanner is our way to secure and protect your WordPress website from the number one cause of all software hacks.  The Site Scanner checks your site for known vulnerabilities and automatically apply a patch if one is available, including:

1. WordPress Vulnerabilities
2. Plugin Vulnerabilities
3. Theme Vulnerabilities

Using the Google Safe Browsing API, the Site Scan also checks your Google’s blocklist status and will alert you if Google has found any malware on your website. I get so excited about how the iThemes Security Pro Site Scan will save people from spending unnecessary time and money cleaning up hacked websites.

Getting Started

To enable the Site Scan on new installs, navigate to the iThemes Security Pro settings and click the Enable button on the Site Scan settings module.

How to Perform a Manual Site Scan

To trigger a manual Site Scan, click the Scan Now button on the Site Scan Widget located on the right sidebar of the security settings.

The Site Scan results will display in the widget.

If the Site Scan detects a vulnerability, click the vulnerability link to view the details page.

On the Site Scan vulnerability page, you will see if there is a fix available for the vulnerability. If a patch is available, you can click the Update Plugin button to apply the fix on your website.

There can be a delay between when a patch is available and the iThemes Security Vulnerability Database getting updated to reflect the fix. In this case, you can mute the notification to not receive any more alerts related to the vulnerability.

How to Enable Automatic Vulnerability Patching

The Site Scanner integrates with the iThemes Security Pro Version Management feature to automatically update vulnerable software when a patch is available.

To enable automatic vulnerability patching, navigate to the iThemes Security Pro settings and click the Configure Settings button on the Version Management module.

Next, click the checkbox next to Auto Update If Fixes Vulnerability option in the Version Management settings.

Once enabled, iThemes Security Pro will automatically update a plugin or theme if it fixes a vulnerability found by the Site Scanner.

Get an Email Alert When iThemes Security Pro Finds a Known Vulnerability On Your Site

Once you’ve enabled Site Scan Scheduling, head to the Notification Center settings of the plugin. On this screen, scroll to the Site Scan Results section.

Click the box to enable the notification email and then click the Save Settings button.

Now, during any scheduled site scans, you’ll get an email if iThemes Security Pro discovers any known vulnerabilities. The email will look something like this.

Don’t Wait: Protect Your WordPress Site Today

Getting started with protecting your site from malware is as simple as downloading the best security plugin, activating it, then following the steps it’ll take you down.

Now that you understand the dangers that malware presents to your WordPress site, there’s no better time to get serious about combating it. Don’t wait until your site is taken over by a hacker and ends up getting blacklisted by Google.

Of course, before adding any new plugins or making modifications to your site, make sure you’re running a WordPress backup plugin that can restore your site if something goes wrong.

It’s also important to have constant backups of your site in the case of an unexpected malware attack that takes your site down.

Understanding “what is malware?” is only the beginning of combating its impact. You’re now equipped with the tools and knowledge to make sure malware never takes over your website and business.

Get iThemes Security Pro now