In my day to day interactions with businesses whose websites have been compromised, I’ve become increasingly alarmed by companies charging outrageous fees for basic “malware removal” then leaving their clients out in the cold to fend for themselves when they do not complete the tasks required to fully secure the website at the completion of their malware cleanup work.
Now I’m normally a rainbows and unicorns sort of guy. And bad-mouthing competing website security-related service providers is not my thing. That said, about two-thirds of the interactions I have with new clients by phone lead to a discussion regarding the malware cleanup company they used last month. This has become so prevalent and it breaks my heart.
The malware removal company sales script often reads something like this, “I’m sorry to hear your website has been hacked? Ok, we’ll remove the malware for you ASAP. Can I get your credit card number?”
The unsuspecting client then pays for “malware removal” and receives a service that involves little more than an automated malware scan and removal of suspicious files, sometimes breaking parts of the website in the process. This type of work is something a person with a moderate level of website security expertise can complete in a matter of minutes. That people are being charged hundreds of dollars for this level of service is disheartening (and borderline unethical IMHO).
| Suffice it to say, simply removing malware from a website does not fully secure a hacked website against future abuse.
If your website has been compromised and you are looking for help, please ask the person doing the work to at least take the following minimal steps in securing your website:
- Change all passwords throughout your entire hosting account.
- If yours is a WordPress website, ensure all core WordPress files have been replaced, and ensure all plugins are updated to the latest version.
- Remove all content management system and FTP users no longer requiring FTP access.
- Ensure all websites sharing the same account have been equally reviewed and secured.
If these four minimal requirements of a website security service are not completed, it is very likely your website may be recompromised.
If you would like a free review of your website’s security by phone, please feel free to call me anytime here in San Diego, California, at (619) 479-6637