What is malware?

What is malware? If you run a website, you're probably haunted by the spectre of malware. The idea that your website could be compromised by people with malicious intent is a horrifying thought.

In this guide, we'll explain what malware is, how it works, how you can remove malware from your website and how to protect your website against it.

If your site has been infected, click here to jump straight to the section on removing malware.

What does malware mean?

The word "malware" is a combination of the words malicious and software, and covers any programme or file that is harmful to a computer user.

Malware covers a wide spectrum of things including like:

Viruses: Viruses infect and corrupt files on a computer, making them unusable. They can even delete files. A virus could lead to significant data loss. They're a good reminder as to why you should always backup regularly, and never open files that you aren't sure are safe.

Spyware: Spyware allows hackers to monitor what you do on your computer - including passwords, credit card details and any other sensitive data that you type into websites.

Ransomware: A particularly troublesome piece of malware, especially for business owners, ransomware encrypts your files so you can't access them. The hackers then demand payment to unlock your files. Regular backups will help mitigate the risks of ransomware.

Trojans: Much like the famed Trojan Horse, Trojans pretend to be one thing, but actually allow malware to sneak on to your device. Often they allow hackers to install more malware on your device.

Website malware: Just as your computer can be infected with malware, so can your website. Website malware can be particularly devious - its effects can include:

Changing the appearance of your website - either through simple defacement, or by placing spam content containing links with the aim of improving the search engine rankings of other sites. Often, if spam content is present on a site, the malware will act in such a way that the rogue content can't be seen by the site admin, but can be seen by visitors.

Redirecting visitors to malicious websites - quite simply, sending visitors to your site to another site which could attempt to scam money out of them, or download malicious software to their device.

Data theft through impersonation - either through installing a malicious form on your site which sends any data inputted to the hackers, or by redirecting visitors to a fraudulent replica of your site.

Spam advertising - by forcing popups and other ads on to visitors, usually encouraging them to visit malicious sites.

Force malicious downloads on visitors - by changing code on your website.

How does malware work?

The non-technical explanation of how malware works is that it exploits weakness in computer and website security to carry out malicious actions.

These weaknesses in website security include:

Using weak passwords that hackers can easily guess.

Failing to update software - either on your computer or on your website (for example, WordPress plugins). Updates frequently patch known security issues, so hackers target people using older software as they aren't protected.

Failing to use anti-virus software on your devices - if hackers can install a keylogger on a device you use to access the admin section of your website, then they'll be able to obtain your password.

Zero-day exploits - this is when hackers exploit a security issue as soon as it is discovered. This kind of attack can be particularly hard to guard against.

How can I remove malware from my website?

Detecting and removing malware from your website is almost impossible to do manually.

As we've already explained, malware on your website may not be obvious and that complicates both its discovery and removal.

Thankfully, help is at hand.

If your site is currently hacked, you need a tool like Express Malware Removal from GoDaddy.

As the name suggests, the tool offers a rapid way to fix your hacked site - as soon as you've completed the checkout process, GoDaddy will start scanning your site to identify the malware that has infiltrated it.

When something suspicious is found you'll get an alert and confirm if it's something that shouldn't be on your site. Once you've done that, our security team will start work on removing the malware and send you a response within 30 minutes.

They'll then work on fixing your site until it's 100% free of malware.

On top of that, your site will be protected against future malware attacks.

How can I protect my website against malware?

There are a few basic steps everyone should take to protect their website and connected devices.

These are:

Use a strong, unique password for every account you have. Learn more about strong passwords in this guide.
You should only install or run software and plugins that come from trusted sources.
You should install anti-virus software on all your devices and run scans regularly.
You should update all software as soon as possible, including your anti-virus package.

However, even if you take all these steps your website may still be vulnerable to hackers. Remember the zero day attacks we talked about before?

Because of threats like zero day attacks, it makes sense to get proactive with website security.

Website Security from GoDaddy scans your website for malware and removes it, think of it like anti-virus software for your website.

With the deluxe package, you also get proactive protection against malware, meaning hackers can be stopped before they can infiltrate your site. With the ultimate package, your site is also automatically backed up - adding an extra layer of protection.