Having been in this game for a good many years I thought I was on top of this but the cretins out there are getting smarter.
Here is a list of steps that you can take to ensure your sites remain secure: As advised by my website host.
1. Use the following online vulnerability scanner and ensure your software is up-to-date: Scan Now - Online (OSI) - Vulnerability Scanning - Secunia.com
2. Download anti-virus and fully scan your PC for malicious files. Here are some free online scanners for Windows, which is typically the most vulnerable to infection. If you have a different OS, there are similar programs that can be located and run on your system to protect it in the same way:
MalwareBytes ( Malwarebytes.org ) and
ComboFix ( A guide and tutorial on using ComboFix ) have been reported to be able to clean a recent strain of malware that resists detection by almost all other anti-virus agents. It is highly suggested that you one or both of them and one of the following:
3. Update all passwords for any account that you access/own that may not be up to standards. Any passwords that have been compromised will need to be changed as well. Standards for secure passwords are available: Password strength - Wikipedia, the free encyclopedia
4. Ensure that all scripts/plugins/modules/components are updated to the most recent released version, as new versions are released primarily to address known security vulnerabilities in these sites.
5. Keep your computer secure from malware infecting it. If your computer is compromised, your account can be compromised through your password being used to access it.
- Ensure you use the latest browser version; Ensure that said browser subscribes to Google's blacklist API (Mozilla Firefox, Google Chrome, Safari)
- Use the firefox addon noscript
- Make sure your antivirus has a subscription to new database and version releases. This may cost some amount of money, but is well worth the expense.
- Use AVG Online Virus Scanner | Scan Web Pages | AVG LinkScanner Drop Zone to test suspicious links you are given in emails or find online.
6. Ensure that all database configurations for your account are using a custom generated user and password combination, and that this information is not stored in plain text if this is feasible. Using your cPanel username and password to access your databases for your site may be convenient, but it introduces an incredible security risk.
7. Audit your account for unnecessary scripts, such as file uploaders. Ensure that if they are necessary that they are password protected, or if that is not feasible that they check the file type before allowing upload, to prevent upload of certain types of files.
Of course I take no responsibility for any of the programmes mentioned here. I just hope this can prevent you going through the angst (read expletives mumble under breath so wife can't hear) I've used some of the programmes already and with a few surprises.
I'm not sure if its ok to post the links but the admin will take care of that. I really wouldn't wish my experience on my worst enemy ( but I'll think about that one) Yeah I would!
So best of luck.