How Sites Become Infected
Website viruses can originate from the user’s computer or be silently downloaded from the web. In the former case, the user may have lax security that results in a keylogger being installed. Once in place, the keylogger will keep track of each key the user presses, which leads to stolen passwords. A hacker can then simply login to the user’s hosting account and begin uploading malware, viruses and scripts that will spread throughout the entire server while infecting everyone who visits the site. The latter scenario occurs when a WordPress user installs a theme or plugin that either has malicious code already in place or is not coded securely. The bad code will run in the background, placing invisible links or redirecting traffic to another website where more malware is waiting. Even when the offending plugin or theme is removed, there can be backdoors left behind that cause further trouble.
How Viruses Affect a Site
Viruses can cause considerable damage to a website’s reputation. Search engine bots can see both hidden links and redirections, causing the site’s ranking to drop. Once a site has been reported as infected, it will trigger a browser warning that blocks visitors. Both situations are difficult to recover from and often require professional assistance. In many cases, the owner of the damaged website is blamed even if the infection was the result of a silent hack.
The best defense users have against website viruses is to protect their computers with antivirus software and regular scans. Those who run WordPress sites should set up proper security and only use themes and plugins from thoroughly vetted sources.