Website malware attack prevention

Malware is a malicious code that includes viruses, worms, and trojan. Malware works like unnoticed, in-actively hiding or not making its presence on a system known to the user.

There are few tips for malware attack prevention for the website :

1. Take site offline, configure web hosting to “503 services temporarily unavailable”. Google webmaster tool suggests, taking website/application down(offline) is better than using robots.txt to prevent search engines from being crawled.
2. Keep licensed antivirus up to date and always scan your computer for malware, virus, trojans, and other infections and enable internet and mail security on.
3. Change FTP password and all the login account password with a strong password (Minimum 8 characters in length should contain a mix of alpha, numeric and special characters)
4. Don’t save the password in local machine directory or FileZilla
5. Use SFTP instead of FTP in FileZilla.
6. In WordPress, Ensure make sure all plugins are up to date. Since WordPress is a commonly used system. Use spam/ malware prevent plugins (eg. Stop Spammers Spam Prevention, Wordfence Security, Anti-Malware and Brute-Force Security by ELI etc.) for the secure website from malware and spammer attacks.
7. Contact your web hosting provider to check if the attack affects other sites on the server, and ask them to address the problem.
8. Avoid using Iframe in website pages.
9. Install an SSL/TLS certificate to encrypt data between your website and visitors. Redirect HTTP traffic to HTTPS to prevent man-in-the-middle (MITM) attacks.
10. Use website security tools like Sucuri, SiteLock, or Wordfence to scan for malware and vulnerabilities.
11. Install a WAF to block malicious traffic, filter requests, and prevent common threats like SQL injection, XSS, and DDoS attacks.
12. Use a secure hosting provider with strong security measures like DDoS protection and regular backups.
13. Configure file permissions to prevent unauthorized access (e.g., 644 for files, 755 for directories).
14. Prevent attackers from viewing directory contents by disabling directory listing in your web server configuration (e.g., Apache or Nginx).
15. Restrict file execution in directories like /uploads/ or /images/ to prevent attackers from executing malicious scripts.
16. Block IP addresses known for malicious activity using a blacklist or country-based restrictions if applicable.

These are important steps for website malware attack prevention.