How to remove malware from WordPress and keep your site protected

Tech Help for Churches
Play

Podcast: Play in new window | Download | Embed

Malware infection is fairly common on WordPress sites. But there are simple ways to keep your site secure. Also, is Facebook really worth your time?

In this episode…

  • Is Facebook really worth your time? (After all, your posts aren’t being seen by fans.)
  • How to remove malware from WordPress (Don’t panic. It’s not that hard to do.)
  • Keep WordPress safe from hackers (Why wait for an attack? Secure your site now.)
  • Options for outsourcing (In case you don’t want to do the Web work yourself.)

Is Facebook really worth your time?

You may not be aware of this (unless you keep an eye on your Facebook Insights) but what you’re sharing on your Facebook Page is not seen by everyone. Not even close. The average number of fans that will see a post is about 17 percent. On my page, the low end is 14 percent and the high end is only 29 percent.

This is due to Facebook’s algorithm known as EdgeRank. According to Facebook:

Facebook’s news feed makes the most of the time a person spends on Facebook by serving up information that is most meaningful to them. It ranks information from people, apps, and Pages based on what that person interacts with the most, and how frequently the person visits Facebook.

In short, Facebook attempts to show people only what they believe each person wants to see. Of course, it’s not a fool-proof algorithm. If you have a Facebook Page for your church, you shouldn’t rely it for communication with church members. They may not see what you post unless they turn on notifications…

Facebook.com/JeremySarber screenshot

Fans of your Facebook Page are able to turn on notifications by hovering over the Like button.

There is no shortage of social media “experts” explaining how you can improve your EdgeRank and gain greater visibility. For instance, most of them will recommend posting more pictures. But photos do not always mean more engagement (i.e. better EdgeRank).

For better analytics than what Facebook provides, you might try using Agora Pulse. You’ll get their premium service free for 30 days. Based on the last month, it will show you top fans, the best days and times for posting, and even the best type of post (mine happens to be a plain status post).

All you can really do is do what seems to work best for you. Don’t expect miracles. But the question is, is Facebook even worth your time given these limitations?

I believe so. This might shock you, but based on years of my own website’s analytics, a link shared on Facebook is worth at least four times more traffic than a link shared on Twitter. This is why I continue to promote Facebook on my own site above Twitter. It’s why I implemented Facebook Comments.

Despite what you do with your Facebook Page, I wouldn’t disregard Facebook on your website just yet.

How to remove malware from WordPress

The most common security threat with WordPress is malware. Since so many websites are built on the same platform, hackers attempt to exploit these sites and infect them with malicious script.

If your site has been infected, don’t panic. It’s a relatively easy fix (especially if you can still access your WP Dashboard). If you cannot access your Dashboard, start here:

  1. Download the latest version of WordPress (remember where you saved it).
  2. Download FileZilla (FTP client) and install.
  3. Enter Host, Username, and Password at the top of the FileZilla screen and click Quickconnect (use your FTP credentials provided by your web hosting company).
  4. On the left side of the FileZilla screen, find the WordPress files you downloaded.
  5. On the right side of the FileZilla screen, navigate to your website’s root folder (you should see folders within it like wp-admin, wp-includes, and wp-content).
  6. Highlight all of the WordPress files on the left (except the wp-content folder) and drag it to the right side so that they upload to your website’s server.

Once all of the files have uploaded, you should have access to your Dashboard. Proceed with these steps:

  1. Search for, install, and activate the Anti-Malware plugin.
  2. Navigate to the Anti-Malware plugin’s settings and click Register Now on the right side of the screen.
  3. Return the plugin’s settings and click Download new definitions on the right.
  4. Do a complete scan (it’ll take a few minutes).
  5. Ignore Potential Threats and allow the plugin to remove all serious threats (highlighted in red).

That should do it. I’ve used this plugin many times and it’s never broken the website.

Keep WordPress safe from hackers

Don’t ever think your site is too small to be hacked. WordPress sites are targeted in general because of the common framework among them. You should secure it before it happens.

First of all, search for, install, and activate the Better WP Security plugin. It will recommend several items that will improve your website’s security. Before allowing the plugin to fix anything for you, be sure you make a backup of your site (this plugin will do it for you).

Next, you’ll pull up the Security Dashboard and see what it recommends. All items on the list will be color-coated. It’s the items in red you’ll want to fix immediately. These often include:

  1. Your passwords are not strong enough (I would manually change them using 15-character passwords generated by the Strong Password Generator).
  2. Change the default administrator username from admin to something else.
  3. The administrator’s ID needs to be changed from 1 to another number.
  4. The table prefix in your database needs to be changed from wp_ to something else.
  5. Block known spammers using HackRepair.com’s blacklist.
  6. Your login area should be protected from brute force attacks.

Most of the items on this list can be fixed automatically by clicking the Click here to fix link next to them. But if the item is not in red or on the above list, I would not worry about it. “Fixing” other recommendations could cause problems on your website.

Options for outsourcing

You’ve listened to me explain how to set up your own website, but maybe you don’t have the time or are simply not interested in doing it yourself. I have two recommendations if you want outsource the work:

Arlen Nagata of Hawaii WordPress Web Design | http://hawaiiwp.com

Arlen

Making Tech and WordPress web design simple.

If it’s all “Geek” to you, you need Arlen. For years, Arlen has been keeping up with the trends of technology and providing simple, easy to understand help for others with their technology needs.

Arlen built his first websites in 1994 while attending college and professionally designed websites since 1998. When WordPress came around, Arlen fell in love with the design and flexibility of what the system could do. Now after countless classes and seminars, Arlen is the one teaching and training others to use WordPress.

JD Sutter of Radio CSS Media | http://www.jdsutter.me

JD

I am the founder of Radio CSS Media, a podcaster, new media consultant, tech enthusiast, Android fan, and food junkie.

I am extremely passionate about the medium of podcasting and I get excited when I see great content being distributed to the world! My goal is to create family friendly content and to assist others in doing the same.

I’d love to help you and your business thrive in the online world. If you’d like more information on how I can help you, visit my Consulting Services page and be sure to contact me if you feel like I can offer some value to you.

In Tech Help for Churches ,
permalink

Jeremy Sarber

Posts Twitter Facebook

I'm pastor of Angier Primitive Baptist Church. I thoroughly enjoy studying and teaching God’s Word. I pray you will be edified and God glorified.