PC antivirus identifies hacked sites: Did you ever had a visitor suggest that his PC antivirus says your site has been hacked? The information can be distressing and even annoying, but you must take it seriously. Because many PC antiviruses are designed to identify hacked sites. A very common reason to hack websites nowadays is to get visitors to the site to do things, like click on an ad, buy something illegal or download and install rogue software or insert backdoors. This is why some PC antivirus software (like Avast, Avira, Kaspersky, or Norton) flag websites as compromised. It’s done to protect the users from installing malware into their system.
The general idea with PC antiviruses is that they protect the computer system but can’t scan websites for malware. Therefore it’s a little confusing when a visitor comes and tells a site owner that his PC antivirus has identified malware infestations in your site. It makes you wonder, can PC antivirus identify hacked sites? And why do they scan websites in the first place? Let’s find out:
Why Do Computer Antivirus Software Scan Websites?
The main goal of any computer virus is to prevent the installation of malicious software into the system. Some antivirus has an option to scan websites that the user is visiting. This is to make sure that the users do not download a rogue software and install it into their system. You’ll find this feature mostly in premium antivirus software. That said, it’s very important to note that these products don’t scan as effectively as security plugins do. They only scan the URL of websites that the user visits to make sure that the user’s computer system is not affected by a malicious website.
Computer antivirus checks if the URL that the user is trying to open has been reported as malicious in the past. Many users have been infected by an exploit called ‘drive-by-download.’ In this exploit, visitors of a site is duped into downloading spammy software that can potentially cause harm to the computer system.
How Do Computer Antivirus Software Scan Websites?
Premium antivirus for personal computer comes with a feature called ‘URL Scanner.’ URL scanners examine the URL web page and match the link against a repository of malicious links. They look for whether the link was reported in the past. This process can be called ‘signature matching.’
Antivirus software repeats this process every time the user tries to open a link in the browser. They regularly update their list of malicious links by collaborating with resources like VirusTotal, a service that analyzes files and URLs to detect all kinds of malware. PC antivirus software collaborates with companies and uses their database of malicious URL to analyze websites that the user is visiting. With new malicious URL being added every day, these databases are auto-updated regularly. Services like VirusTotal are available online free of cost. Every time the system detects a malware it automatically sends a report to the PC antivirus solutions it is collaborating with. PC antivirus identifies hacked sites when they come across a site that has been marked as compromised.
Signature matching is not the best way of finding if a site is infected with malware. And should never be used as a substitute for a security plugin. In an attempt to kill two birds in one stone, many website owners buy an antivirus that also scans website URL. But in the scans this software perform, they look for only existing links that are marked as malicious. Therefore they don’t really scan malicious websites meaning they don’t look for malware on a site. This software is dependant on other services to tell them if a website is hacked. Thus they are not an effective website scanner and should not be treated as such. If you require a WordPress website scanner get a security service that not only looks for known malware but also manages to find new ones. Only a powerful security plugin can do that.
Steps to Take After PC Antivirus Flags Your Site as Hacked
Despite the fact that PC antivirus identify hacked sites, they are not very effective. But it’s also worth noting that they are not completely useless. Warnings from the software must be taken seriously. Your sites must have been flagged as compromised which means you could be hacked. You need to repair your hacked website immediately. If the hack is not taken care of immediately, things will only escalate, and you may never get your site back to normal. To prevent the situation from getting out of control, take the following steps:
Step 1: Update Your WordPress Site
Outdated themes and plugins are cited as the primary reason behind a majority of hacks. Themes and plugins develop vulnerability no matter how who experienced or skilled the creators are. But to mitigate damage, developers release a patch in form of an update. When site owners don’t update their sites, they leave it vulnerable to common hacking attempts. It’s very likely that your site was hacked due to a vulnerable plugin installed in your site. Therefore update every theme and plugin that needs to be updated on your WordPress site.
Step 2: Scan & Clean Your Site
Following alerts from the PC antivirus, you need to perform malware scanning by a proper security plugin. If it detects malware, then you’ll need to clean it. There are several security services that clean WordPress websites. Most of these services are ticket based which means you’d have to raise a ticket and wait for the security personnel to get back to you. It can take a few hours to a few days before your site is cleaned completely. Using an automated cleaner like MalCare you can clean your site in a jiffy with the click of a button. With a hacked site in tow, time is of the essence. Any delay could cause it to become get blacklisted by Google or web hosts can suspend your account.
Step 3: Harden Your Site
WordPress recommends website owners to harden their site’s security. Typically hardening your site would mean locking down the backend of the site. It could involve disabling the file editor, blocking PHP execution in untrusted folders, disallowing installation of plugins and themes, changing the security keys in wp-config.php, resetting all passwords and activation keys for all users among other things.
Step 4: Install a Good Firewall
A firewall is your site’s first line of defence against hackers, bots and the rest. It helps fortify your site, keeping off bots and bad traffic from entering your site. Typically, you would come across three types of firewall – plugin-based, cloud-based, and an in-built firewall. Plugin-based firewall is installed on the site like any other plugin. When someone makes a request to your site, the firewall uses some predetermined rules to check if the request is valid or malicious. Cloud-based firewalls are those in which when someone tries to access your site; the request is sent to the firewall that sits on a cloud away from the site. And inbuilt firewall is found in web hosts, and these firewalls are mainly used to protect the hosting provider’s infrastructure. Depending on the kind of protection you need, you can choose a firewall for your site.
Step 5: Invest in a Good Backup
Backups are like a safety net that saves you when you slip off the edge. That is when your website gets hacked and your posts start getting modified, you can rely on the backups to get your site up and running. If you take daily backups for your site, on occasion of a disaster you can simply restore the backup with a single click.
From what we discussed so far, it does seems that the claim that PC antivirus identify hacked sites is true. Computer antiviruses may not be an ideal tool to depend on to find out if your site is hacked, but any warning from such software must be investigated into.