Do you have malware on your site? Kevin Hill, CTO at Monumetric, wrote this helpful post in response to malware, viruses and spammy ads that publishers sometimes experience on their sites.  

Fighting Malware, Viruses, and Pop-ups

A common issue we get feedback from publishers about is malware, viruses, and “malvertising”. We at Monumetric have no motivation to spread malware. In fact, we fight it. We hate it as much as everyone else. We go through a thorough process to make sure that malware can’t be delivered through our ads or plugins. We also don’t serve pop-up ads or takeover ads. So if you see those, they aren’t from us either.

Most of the time – malware, viruses, pop-up ads or takeover ads are related to your computer or browser and not your site.

Is it your Computer or your Site?

Below are a few tips on how to troubleshoot if the problem is on your site, or if it is on your computer.

Step 1: Scan your Computer

Hopefully, this is the most obvious problem and it’s usually not hard to fix. Use a virus scanner. Avast www.avast.com is a good free option – just make sure and choose “custom installation” and remove all the extra options. Why? Because Avast’s Browser shield plugin… serves pop-up ads.

One to use in conjunction with Avast is an adware remover. Lavasoft http://www.lavasoft.com is a good free option. No surprises during install, but I’ve found their adware detection to be awesome – and their anti-virus software to be marginal.

Step 2: Test your Browser

Incognito / Privacy setting

Using the incognito or privacy tabs is one of the fastest things you can do to see if the malware is coming from your site, a cookie, or browser extension. Visit your site in an incognito tab – if the malware or pop-up stops – then it most likely is your browser or cookies – not your site.

Disable browser extensions

Most people don’t know that it is very common for a plugin or extension to serve pop-up ads. They give away the extension for free – in exchange – they throw up a random pop-up ad to monetize their plugin.

If you have special toolbars, extensions or plugins added to your browser – disable all of them and visit your site. If that solves the problem – then it most likely is an extension or plugin on your browser that is generating the problem.

Use a different computer

Use a friend’s computer to test your site. This isn’t always the best solution. That’s because if you use your spouse’s computer, often they have visited the same sites and have installed the same plugins and the problem might persist – but it is worth a try. You can try an internet Café – some of the nicer ones will restore the computer to default settings after reboot so you have a clean experience to test on.

Step 3: Check your Site

Once you feel confident that the problem isn’t your computer – now you can move to your site.

 Check your plugins

Look at the plugins that haven’t been updated for the longest period of time – namely anything that is older than 1 year. I would be very worried because if they haven’t updated it in a year that shows there are a lot of potential vulnerabilities.

1. Keep your plugins updated, most platforms like WordPress will show you if there are plugins that need to be updated. Get in the habit that every time you write a post. Make sure there aren’t any pending updates to your plugins.
2. Remove ALL unused plugins, even if you have them disabled. That opens a door for vulnerability.
3. Only use plugins from providers that you trust. I’m just as busy as you are, and I feel like I don’t have time to do research on a plugin developer. But a simple evaluation of how many reviews (if the plugin only has 100 reviews be prepared to do your homework before you install it), and a quick scan of the developer’s website is worth the time it will save you if you install something that highjacks your site.

Secure your User accounts

Change your website login password. And get in the habit of changing it every 6-12 months.  If that bugs you, I strongly recommend that you consider using 2-factor authentication (https://en.support.wordpress.com/security/two-step-authentication/). This generates a random 6-digit code that changes every 30 seconds so even if someone gets your username and password they still can’t log in without entering the ever-changing 6-digit code.

Disable inactive accounts. If you or other Admin’s computers are infected the malware is likely tracking your username and passwords and that is how they gained access to your website to spread it more. You can also request that your other website admins use 2-factor authentication.

Step 4: Ask your Web Host

I would have your host do some digging. Malware can come from more than just your WordPress site. It can come from your server too. It is the responsibility of your host to maintain the integrity of the server. It isn’t too much to ask for them to run a scan on your account to make sure things are good.

What is “Malvertising”?

Malware that is served through Ads or “Malvertising” is real and it can happen. If you have ads that are served through a private network that uses their own servers, then there is a risk that Malvertising can come through if they don’t know whom they are getting their ads from.

At Monumetric we use a Google hosted server for our primary ad server. Every ad is scanned before it is served.  If an ad is found to have Malware, our server kills it before it ever is delivered to you.

We hope that this helps clear up confusion or questions you have about malware and viruses!