My Website Has Been Hacked – What Should I Do?

My Website Has Been Hacked – What Should I Do?

Have you ever entered your page and noticed unwanted content? Have you seen the notification saying that “this website may have been hacked” displayed in the search engine under the site address? If you didn’t know what to do back then, in today’s entry we’ll give you some advice on how to react to such stressful situations.

Latest on our blog: FAQ Displayed in the Search Results - How to Mark Them in Schema?

Why are websites hacked?

You can hear about website hacking quite frequently but who does it and what’s the purpose of such activities? In most cases pages are hacked by robots that place malware files on the server, send spam messages or alter website content in order to redirect users to another address and obtain sensitive data from them. Hackers stand behind creating such robots – they find some discrepancies in computer systems. For this purpose, they use ready-made tools for penetration testing and security breaches that include exploits for specific software versions with discrepancies. That’s why it’s so important to install all the updates.

How to recognize that your site has been hacked?

Every website can be hacked. So how to recognize that your page has been a victim of dishonest Internet activity? It may contain unwanted content, perform unplanned activities or not appear in the search results at all. Often pages are displayed on Google for a long time, however, when robots discover that they’ve been hacked, they display a notification saying that these websites may harm users’ computers in the SERPs. Consequently, many people avoid clicking on such links because they don’t want their computers to break down. Website traffic gets smaller and in the case of online stores, customers stop finalizing transactions. Positions in the search results may also decrease and as you may know, it’s a very important factor.

Website hacking can be detected by rendering the site with the use of tools like Google Search Console and analyzing its indexation (type site:domain.com in Google). This will allow you to recognize any content or advertisements published on the page by hackers. A fast-growing site (i.e. the number of subpages in the index) may also indicate that the page has been hacked. So if your store offers 5000 products and suddenly has a few million sites, you should start worrying. However, Google helps in such crisis situations and constantly provides information if the malware code is introduced on the page. Keep in mind that if you don’t get rid of the side effects of the website hacking for a long time, Google may penalize your page and impose a manual filter on it. To learn more, go to Google Search Console. All signs indicating a hacking attack necessitate the quickest possible reaction of website administrators.

website hacking - how to deal with it
The American Way site where the hacking was detected.

Methods to prevent website hacking and sources of website infection

There are many methods to hack a website, however, the most frequent ones include stealing the passwords, not updating software, having errors in the code or using illegal software. If you think that your website doesn’t contain any sensitive data, isn’t attractive for hackers, and consequently doesn’t need any protection, you may be surprised very negatively. Hackers use hosting accounts to attack other network users, therefore, your page is vulnerable to these malicious activities like any other website. Fortunately, you can prevent hacking and simultaneously avoid negative effects that are often problematic to get rid of.

First of all, use complicated passwords and change them regularly. Cracking more complex codes is much more difficult than cracking intuitive, dictionary words with names or dates of birth. Avoid “admin” logins and instead of using default login links, create dedicated addresses.

If you choose free content management systems such as Joomla or WordPress, you should keep track of updates and possible security issues. Apart from new functionalities and adjustments, updates help to eliminate any problems that may arise. With a single click, you’re able to avoid any negative consequences, that’s why it’s so important to install updates on an ongoing basis.

Moreover, you can also benefit from plugins that are frequently available for free, are assigned to specific CMSes, and offer numerous functionalities that additionally increase website security. Wordfence plugin on WP is an exemplary solution that shows suspicious login attempts and allows us to block selected IP addresses. However, remember to download such plugins from trusted sources.

It’s also a good idea to automate website backups as this will help you facilitate the process of repairing the page once it’s hacked. Website backups enable restoring the site condition to the state when it was operating normally, that’s why it’s so important to do them regularly. Thanks to it, you won’t lose your page content after a cyberattack.

Where to report website hacking and what to do in such situations?

There are no IT systems that are completely secure and you have to reckon with the fact that every website can be hacked. So what to do when such a problem occurs? Getting rid of the effects of a cyberattack is a complex process that involves both leveling the harmful consequences of the attack and protecting the page against similar situations in the future. There are two main methods to solve the problem:

1. Restoring the backup version of the website

The first one involves restoring the backup version of the page. If the website owner doesn’t have such a backup version, it’s possible to ask the hosting company for it. Such companies very frequently do backup versions on a regular basis and can restore them at the client’s request (if you’re just choosing your hosting, check if it provides similar services, and if they’re extra paid). After receiving the backup version which is usually placed on the server in the form of a package of files, it should be unpacked and then you can replace the infected files with the correct ones. The easiest and safest way to do it is to remove all the files from the server and upload those that you received in the backup version. The hosting server usually stores one copy which is done every few days. Therefore, if the virus hasn’t been detected right away and has been on the page for more than a week, it’s very likely that the backup version will also contain malware files.

2. Deleting suspicious code elements

The second option involves analyzing the source code of website files and removing elements that are suspicious. However, this method requires a very good command of the programming languages used on the page. If the website contains only several files checking them shouldn’t be problematic. On the other hand, if the server is more complex and comprises thousands of files, then, such an analysis may be extremely demanding and time-consuming. If you’re able to determine the exact date of the cyberattack, the verification will get much easier. In such a situation, you can limit your activities to checking the files modified from a given day, however, there’s the likelihood that you won’t notice files whose date of the edition hasn’t changed. Anti-virus programs for scanning pages are also helpful in analyzing website codes.

If the original files have been restored, it’s necessary to change the page access data. Changing the FTP server password for all accounts, including the CMS ones (if you have a content management panel) is the bare minimum to avoid further hacker attacks. To increase security, alter passwords to databases if your website uses them. If you’re able to specify the range of IP addresses used to log in to the FTP server, mark it in the hosting panel, which will help you additionally improve security. And last but not least, benefit from Google Search Console to analyze whether users who created accounts aren’t suspicious or likely to harm the website.

If the virus was removed but Google still displays information that your website is harmful, report a request for domain re-verification in Google Search Console. Once Google checks the page, the warning should be deleted.

Better safe than sorry

Prevention is a way to increase the security of every website. Very frequently cyberattacks are a mass activity, exploiting specific discrepancies in popular software. Keep updating your CMS regularly, download plugins from safe sources, protect your website with additional solutions preventing hacker attacks, use complicated passwords, take care of regular backup versions of your page and be familiar with the employed systems to significantly decrease the probability of your website being hacked and damaged.

(1)
Author
Delante is an online marketing agency specialized in generating website traffic from search engines and paid ads (SEO / SEM). Over 80% of our clients are from rapidly growing e-commerce industry.
Comments (1)
  1. Well, not sure if there’s anything that can work 100% for not getting hacked these days. Good you mention what to do if that happens 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *

Recently on our blog

Are you curious about SEO of online stores or maybe you want to enter the Swiss market and wonder SEO abroad looks like? You will find answers to these questions and many other tips important for the development of your business on our blog.

Gated Content - What Is It and How Can It Support Your Business?

Gated Content - What Is It and How Can It Support Your Business?

Blog posts, newsletters, podcasts - sharing knowledge for free is cool and every marketer, copywriter, or brand manager will tell you that. And what if you wouldn’t have to provide others with this high-quality content completely for free? What are the possible methods to make your content marketing more effective?

Read more