Sucuri Docs > Malware Removal > After Clean Up > Steps to a Safe and Clean Website

Steps to a Safe and Clean Website

If you are reading this page, then you are on your way to being proactive and taking steps to help reduce the risk of a reinfection. Let’s work together to minimize your risks and ensure that your site remains clean.

1- Enable the Website Firewall – WAF

There is a growing number of software vulnerabilities, being exploited by attackers. As a website owner, trying to keep up with them can be very challenging. This is where our Sucuri Firewall comes into play. It will stop attacks before they can reach your website. Note, that it will only start protecting your site after you activate it by changing your site’s DNS settings. If you need help doing this, just open a ticket in our system providing us your domain registrar’s username password and we’ll configure it all for you.

2- Update your website!

If you are using WordPress, Joomla (or any other CMS), please update it to the latest version. Why? Because out-of-date software is the leading cause of infections. This also includes your plugins, themes, and any other extension type.

3- Change your passwords

Change all passwords related to your website: FTP/SFTP, cPanel/Plesk, WP-admin, database, etc… These could have been compromised and we do not want you to be reinfected because the attackers can still come back in with authenticated access. The following guides show how to change your password on the most common CMS’s:

Be sure to choose a strong password. A strong password is based around three core components: complexity, length, and uniqueness.

*Password Tip: Start using a password manager like: Peguta or LastPass. They’re online and free.

When changing your database password, please be sure to update your configuration file – Joomla: configuration.php and WordPress: wp-config.php. This is not an automated process so you will need to know how to open those files and edit manually. If you’re not familiar with making changes to your database and configuration files, contact your host.

If you unsure how to change your passwords, contact your hosting company for details or you can Google “YOUR HOSTING COMPANY – FTP password” for instructions how to do so.

4- Run a virus scan on your computer.

In many of cases, websites are compromised due to desktop malware that steals credentials. For this reason, you will want to take a moment to run an antivirus scan on your computer. We also recommend looking at additional tools to protect your desktop, such as Malwarebytes (Windows and Mac) and CleanBrowsing (DNS-based).

5- Backup your site

After the site is clean and secure, a very good practice is to do daily backups. There are a number of backup solutions out there you can use. If you are a client of ours you can sign up for our Website Backup solution. It’s a simple configuration that works off FTP / SFTP and stores all your content and database in the cloud.

6- Sucuri Security WordPress Plugin. 

Whether you’re a Sucuri client or not, we recommend installing our Free WordPress Security plugin. We provide detailed instructions on how to install it and provide a more in depth discussion on WordPress Security Monitoring.

7- Clean your Kitchen.

Too often the issues we see plaguing our clients are caused by “soup kitchen” servers. Old installations of their content management systems, themes or plugins. Over time these old installs become forgotten but grow ripe with malware that’s ready to infest their entire server after each clean. Take a minute to separate those things that belong on a test, staging and production server. Read more here

Was this article helpful?