If you find out that your website has been hacked it can send you into a panic. How did they breach your security? Why did they do it? What did they steal? What will your customers think? Despite all of the thoughts that might be rolling through your head, it is important to try and remain calm.
Hacking actually occurs a lot more often than you might think. A Sophos Security Threat Report says that about 30,000 websites are hacked every day, which is why it is so crucial to have the proper security setup to protect your website. However, if your website has already been hacked there are still plenty of options for you to save your website.
How to tell if your website has been hacked:
Before you can do anything about a hacked website you need to confirm that your website has indeed been hacked. Sometimes, hackers will take over the website and display a different homepage that will be very obvious, but more often, automatic hacking bots will simply inject your website with malicious code that can be hard to detect with the naked eye.
The first line of detection should be a malware inspection tool like the one offered by Sucuri, a company that cleans hacked websites and offers protection plans as well. If you use their free Site Checker, it’ll give you a clearer idea of whether or not your website has been compromised. However, because their software is free and remote they can not guarantee 100% accuracy.
Google’s Safe Browsing Site Status can also give you an idea of what state your website is in from a malware perspective. Of course, one potential downside of using Google’s tool is that you are essentially informing them that your site has malicious content on it, which will temporarily ruin your rankings and organic search traffic.
Another telltale sign of potential problems on your website are spikes in unusual activity. Check your website for unusual traffic spikes or an unusual amount of spam being sent to or from your website. Also, visitors from random parts of the world could be a clear indicator of hackers. For example if you run a small business in Toronto, but you notice an influx of visitors from Russia, you will probably want to run a scan on your website.
If you are familiar with code you can check your website files yourself. This can be tedious and difficult, but if you have a keen eye it is doable. Most hackers attack website code through .htaccess files, .php files, and media files, so your search should focus on these points first.
For the best chance of detecting malware and removing it from your website, you may want to consider a professional service like SiteLock. SiteLock scans your website everyday and warns you of intruders and potential vulnerabilities. SiteLock also fixes the problems that it finds. SiteLock does come at a price, but it is one of the best ways to protect your website. If you collect user or customer data, or take payments on your website, a service like SiteLock is integral.
How to fix your hacked website
Once you’re certain that your website has been hacked and/or contains malware, you need to take action quickly. The first thing you will want to do is change all of your passwords. If a hacker has access to your website, it could mean that they have cracked your password. This is especially scary if you use the same password for multiple places. Make sure you change all of your passwords, or you run the risk of being hacked again.
If you have an automated website backup, now would be a great time to put it good use. Automated website backups constantly store backed up versions of your website. You can simply go back to a version of your website before any malware was injected into your website files. Once your files have been cleared of any hacker’s presence you can patch any security holes on your website and upgrade your security, so that the intrusion does not happen again.
If you don’t have a pre-hack backup of your site, you have your work cut out for you. While you can find some of the instances of malware by searching your site files on your own, it is quite a challenge to entirely rid your site of them manually. To ensure that your website is clear of malware, you will need some form of software, or professional help, to clear your website.
Both of the companies mentioned earlier, SiteLock and Sucuri, can take care of cleaning the malware from your site files, for a price. They will backup your site and then pour through each and every site file (sometimes in the hundreds) looking for malicious code. Once the code has been removed, they will reupload the clean version of the file.
They will also communicate with search engines to ensure that while your website contained malicious code, it was not blacklisted by any of them. A search engine blacklisting can be a tough thing to bounce back from: yet another reason why securing your site before disaster strikes is worth the cost.
Hackers send bots across the Internet searching for vulnerabilities on websites big and small. One of the latest government security breaches surveys showed that 74% of small businesses have reported a security breach in the last year. Unfortunately in today’s world hacks are inevitable, which is why it is important to be prepared with the proper detection software and security, so that if it happens to you, you can eliminate the threat fast and effectively.