Malware is a growing concern for website owners – especially those with WordPress websites. Because WordPress powers more than 24% of the web, it is becoming a popular target for hackers. According to CNN Money, nearly one million new malware threats are released every day. Understanding the risk and implementing proactive solutions will help protect your website from a future malware attack.

Why does it happen?

Malware is used for different purposes. Attackers exploit malware to steal confidential information (like credit cards), hijack a user’s computer or create spam. The fastest growing attack is to steal search engine positioning. The attacker will target websites with strong Google placement and redirect the link to a malicious website.

How does it happen?

Malware can be injected into websites in a number of ways. It can target a specific website by finding a weak spot such as an easy admin login or outdated software. It can also spread through the web server.

Why should I be worried about malware?

If you do not catch the malware on your website quick enough, Google may blacklist your website leaving it inaccessible from the search results.  Google estimates that it flags and quarantines 10,000 websites daily. (Source:

A ban from Google can not only hurt your reputation, but it can render your website inaccessible and even install malicious software on your visitors’ computers.

How do I get rid of malware?

Malware can be very difficult to remove. You will save much time and frustration by hiring an expert who can scan, identify and clean the malicious content quickly. The sooner you can get it off your website, the less of an impact it will have on your site and your visitors. If you need help cleaning an infected site, contact me.

What can you do to prevent it?

Website security is usually not something we think about until we have fallen victim to an attack but being proactive can save you time and money.

While “there is no single unique solution capable of providing 100% protection” (source: Sucuri webinar), there are many steps you can take to reduce your risk of infection.

  1. Make sure your WordPress version and all plugins and themes are kept up to date. This is a critical step. Outdated software is a leading cause of malware infection.
  2. Use a very strong password and change it frequently. While it is a pain to have a long, unique password to remember, it is one more way to ensure your website is protected. I use 1Password to generate and save unique passwords. It stores your passwords and makes logging in a breeze.
  3. Be smart about what you install. When you are choosing a new plugin (and theme), look at the frequency of updates and rating to determine if it is a reputable plugin/theme. Installing a plugin/theme that hasn’t been updated in years is very risky.
  4. Use a security monitoring service. Monitoring your website 24/7 allows us to catch the malware sooner and remove it before Google sees it.
  5. Backup your website. Having a routine backup of your website is a nice safety net in the event that your website is hacked beyond repair.


Additional resources if you would like to know more about malware:

Author: Jennifer Sanderson

I take the frustration out of managing your WordPress website so you can focus on growing your business. My unique approach to website maintenance means you get dedicated one-on-one attention to your website without the cost of a full time employee. Learn More About the Blue Duck Difference