What to Do If Your Site Is Hacked

As technology grows quickly, so do the risks of cyber attacks. Around 30,000 websites get hacked daily, and yours could be at risk too.

If your site gets hacked, it’s important to fix it as soon as possible to reduce harm, like losing your good name, or money, facing legal issues, or dropping in search engine rankings.

This guide will talk about what to do if a site is hacked, how to spot if your website has been hacked and how to fix it. You’ll also learn ways to protect your site from future hacks and the best way to tell your visitors about any security issues.

How Do You Know if a Website Is Hacked? 

Many customers realize their website has been hacked when they encounter the ‘Red Screen of Death’ from Google or are informed by a customer. This situation is serious as it suggests the website has been compromised for a while, potentially harming its reputation and privacy.

Every website, no matter its hosting environment, team size, or use of HTTPS, is at risk of hacking if proper security measures aren’t in place. Security is a continuous effort, and absolute protection is unrealistic.

For those seeking to bolster their website’s defences, exploring comprehensive website design and development services can be a vital step toward implementing robust security features and maintaining a secure online presence. What to do if a site is hacked underscores the importance of immediate action to secure the site, assess and repair the damage, and communicate transparently with users to restore trust.

Let’s explore how to know if a website is hacked: 

Alerts About Hacking From Browsers and Search Engines

It likely is if you or your customers see a warning message indicating the site may be hacked. This happens because the site has been added to Google’s Safe Browsing blacklist.

Major browsers such as Google Chrome, Mozilla Firefox, Safari, and Opera rely on Google’s blacklist to alert visitors with warning messages. These messages vary based on Google’s findings but generally alert you that something is wrong with your site.

If you encounter such warnings, it may be time to consider a digital marketing strategy for your business that focuses on cybersecurity to safeguard your digital assets effectively.

If Google shows a warning when you search for your site, indicating it has been hacked, your sitemap may have been compromised, affecting Google’s ability to crawl your site properly. Alternatively, this could signal a more significant issue. To determine the precise nature of the problem, you’ll need to conduct the following diagnosis.

Source: getastra

Links Redirecting to Shady Websites

When a website is hacked, unauthorized access is gained. These hackers can then change parts of the website to serve their purposes. One common thing they do is modify the links on the website. So, clicking on a harmless link might redirect you to “shady” websites. These websites can be harmful or misleading, possibly trying to trick you into giving personal information, downloading malware (software designed to damage or gain unauthorized access to your computer), or showing inappropriate content. Hackers do this to steal information, make money illegally, or cause trouble. This situation is a big problem because it can lead to personal data loss, financial loss, or even harm to your computer. It’s always good to be cautious and have updated security software to protect yourself online.

Source: Emsisoft

High Volumes of Traffic From Other Countries

When a WordPress site is hacked, one of the first anomalies website owners might notice is a significant increase in traffic from other countries. An unexpected surge in traffic from foreign countries can indicate a security breach, often associated with malicious activities like malware distribution. Monitoring traffic and engaging in PPC management services can provide insights into traffic patterns and help identify anomalies.

To check if your WordPress site has been compromised, examine your site’s traffic analytics for any unexpected increases in visitors from countries that do not align with your typical audience.

Defaced or Broken Webpages

When websites fall victim to hacking, one of the most immediate and visible impacts can be the appearance of defaced or broken webpages. Cyber vandalism involves altering the website’s visual presentation, often replacing the original content with the hacker’s messages or malicious content.

The defacement can serve multiple purposes: from making a political statement and showcasing a security breach for notoriety to the malicious intent of embedding harmful software that can infect visitors’ systems.

On the other hand, broken webpages result from more destructive attacks that disrupt the website’s functionality, making it difficult or impossible for users to navigate or access the intended information. These incidents undermine the credibility and reliability of the website and can lead to significant financial losses, erode user trust, and necessitate costly repairs and security overhauls to prevent future breaches.

Slower Load Time Than Usual

When a website is hacked, it often loads more slowly than usual. When you try to visit the site, it takes longer for the page to appear on your screen. Hackers might add harmful software or unwanted files to the website, which makes it heavier and causes it to take more time to open. Sometimes, they can also create a lot of fake traffic, like a traffic jam on the internet, further slowing down the website for everyone. This slow load time is a sign that something is wrong, and the website owners need to check and fix the issue to make the site safe and fast again.

Immediate Steps to Take if Your Site Is Hacked

If you discover your site has been compromised, it’s crucial to know what to do if it is hacked. Initiating a digital marketing audit can help assess the extent of the breach and guide the recovery process.

Here are immediate steps that you should take if your site is hacked. This guide helps you secure your site, assess the damage, and start the recovery process effectively.

Taking Your Site Offline or Putting It in Maintenance Mode

One step of what to do if a site is hacked is to prevent visitors from seeing your site while it’s compromised or during the repair process.

Therefore, activating maintenance mode is advisable if possible. However, if you can log into your WordPress site, setting it to maintenance mode won’t be feasible until you regain access. Once you can immediately switch to maintenance mode, a plugin such as Coming Soon Page & Maintenance Mode can help make your site appear under scheduled maintenance rather than being repaired following a security breach.

Source: kinda

Changing All Passwords and User Permissions

Since you don’t know which password the hacker used, it’s very important to change all your passwords to stop them from getting in again. This means changing your WordPress password and the passwords for your SFTP, database, and the one you use with your website hosting service. You should also ensure that other people who help manage your site change their passwords.

If you see new admin accounts on your WordPress site that you don’t know, you must delete them. But first, ask the admins if they’ve changed their account details, just in case you don’t recognize an account that is supposed to be there.

Contacting Your Hosting Provider for Immediate Assistance

If your website shares a server with others and gets hacked, the trouble could have started with another site on the same server. This situation could put your site at risk too. So what to do if your site is hacked is to talk to your hosting company to find out if other server websites have also been hacked.

Your hosting company usually lets you check who visits your site via weblogs. If you can’t see these logs right away, you should contact your hosting company to turn them on, or you might be able to do it yourself.

How to Fix a Hacked Website?

After discovering your website has been hacked, it’s important to start fixing it. Here’s how to fix a hacked website: follow these steps to get your website back to normal and secure it.

Change Your Passwords and Review Access

When hackers try to break into a website, they often guess the admin’s password by mixing up letters and numbers. This is a common way websites get attacked.

To stop hackers and fix a hacked website, change all your passwords. This blocks their access and stops them from getting into other accounts, causing more problems.

Here’s a list of passwords to change to secure your site as soon as possible:

• The account you use to manage where your site is hosted.

• FTP accounts, both the main one and any others.

• The admin account for your site’s content system.

• Your databases (do this through the file that connects to your database).

• Email accounts linked to your site.

Changing passwords isn’t enough. You should also check who has permission to use your site. If a hacker gets in with an admin account, they can do anything they want on your site.

If your site uses WordPress, you can check who has what permissions by going to “Users” in the admin area. Pay close attention to accounts labelled super admin and admin since they can do the most.

Do this check on any system where many people can log in, like your hosting control panel and FTP account.

Also, ensure your website files, especially those in the main folder (like “public_html”), have the right permissions. This includes folders and files like “wp-admin” and “wp-config.php.” You can set these permissions through your web host’s file manager. This helps keep out anyone who shouldn’t be there, stopping them from changing or running files on your site.

Remember, if your site is hacked, knowing ‘what to do if a site is hacked’ can help you take the right steps to fix the hacked website and protect it from future attacks, an important aspect of maintaining your digital presence, as highlighted in the latest digital marketing trends.

Source:hostinger

Investigate With Google Blocklist and Spam Blocklist

If Google thinks a website is unsafe because of strange or harmful activities, it might stop showing it in search results. This is done to keep people from going to sites that could have harmful software.

To see if your website is on Google’s blocklist, use Google Search Console. If there’s a problem, you’ll see a warning in the Security Issues section under Security & Manual Actions.

You can also use Google Safe Browsing to check that your website is safe.

Source: hostinger

If you can’t check the DNS zone editor, look at your website’s traffic with Google Analytics. A big drop in visitors could mean Google has blocklisted your site.

Your website might also be on a spam blocklist, which stops spam emails. Internet providers and email services use these lists. If your site’s IP address is on this list, your emails might not get through or go straight to spam.

Source: hostinger

To check if your domain is on a spam blocklist, use tools like MxToolBox and Domain DNS Health Checker. These tools also help find other problems with your website, like issues with your web server, mail server, and DNS.

Cleaning Infected Files and Removing Malware

You can fix or eliminate harmful files by putting in new ones or using a safe recent backup. Use any harmful or strange files you find at the start to help fix the problem.

Here’s how to clean your website files:

• Sign in to your server with SFTP or SSH, or use your hosting service like cPanel.

• Make a copy of your website before you change anything.

• Look for files that were changed recently.

• Check when these changes were made by asking who made them.

• Put back any files that look strange.

• Open any special or paid-for files in a text editor.

• Take out any strange code from these files.

• Check if your website works right after you’ve made these changes.

To update the main files of a CMS (like WordPress):

• Sign in to your server with SFTP or SSH, or use your hosting service like cPanel.

• Make a copy of your website before you change anything.

• Download the latest version of the CMS you’re using. Ensure it’s the same version your website uses (for example, if it uses WordPress version 5.9.2, download that version from WordPress).

• Update the main CMS files with the new ones you’ve downloaded.

• Check if your website works right after you’ve made these changes.

If Google, McAfee, Yandex, or any other company has blocked your website, you can ask them to check it again after you’ve fixed the problems. You’ll need to complete a form to request a review from each company that blocked you.

You can request a review from some common companies:

Google:

• Go to Google Search Console.

• Type your website’s address under “URL prefix” and click Continue.

• Verify your website using one of the methods provided.

• Go to the “Security Issues” tab.

• Make sure all problems are fixed.

• Tick the box saying you’ve fixed the issues.

• Click “Request a Review” and describe what you fixed.

McAfee:

• Go to McAfee’s Ticketing System.

• Select “McAfee SiteAdvisor/WebControl (Enterprise)” from the options.

• Enter your website’s address and click “Check URL”.

• Look at your site’s Reputation and Category.

• Click “Submit URL for Review.”

Yandex:

• Go to Webmaster Yandex and create an account.

• Log in and add your site by clicking the plus sign.

• Verify your site using one of the methods suggested.

• Click on “Security and Violations” under “Troubleshooting.”

• Make sure your site is clean and submit it for review.

G-Data:

• Go to G-Data’s URL submission page.

• Enter your website’s address.

• Choose “False Positive” as the Submission Type.

• Provide your email and any comments.

• Complete the captcha and submit.

Fortinet/FortiGuard:

• Go to FortiGuard’s submission form.

• Enter your website’s address and suggest a category.

• Provide your contact details.

• Complete the captcha and submit.

Restoring From a Clean, Recent Backup

If you have a backup made before the security problem happens, use it to fix your website. Go back to a version of your site that you know is safe. Make sure this backup was created before any security issues started. This approach helps quickly bring the site back online and minimizes the hack’s impact. For instance, consider a scenario where an e-commerce website is compromised, leading to the potential theft of customer data and sales disruption. By having a recent, uncontaminated backup, the site administrator can swiftly restore the website to its state before the hack, thereby preserving the integrity of customer data and resuming business operations with minimal downtime.

How to restore your website from a backup:

• Select Administration, Backup, and Recovery in the project details.

Source: webnode

• The second option for recovery is through the editor. First, click on Settings.

Source: webnode

• In the Backup and Recovery tab, click MANAGE BACKUPS.

Source: webnode

• Select the backup you want and click the Restore button.

Source: webnode

• Confirm by clicking Restore backup.

Source: webnode

• You have successfully restored and backed up your website.

Source: webnode

Updating WordPress, Themes, and Plugins to Their Latest Versions

WordPress is a popular target for hackers because it powers millions of websites and blogs. Keeping your WordPress installation up to date can help protect your site from being hacked. 

WordPress says that only 62% of websites use the newest version of WordPress, while 40% do not. Since many websites use WordPress, this is a big problem for their security.

Source:wordpress

People don’t update WordPress because they think it’s hard and takes time. Some also worry that updating might break their website or make them lose data, especially if their site has a lot of custom stuff. But this isn’t true. WordPress updates are easy to use and often happen independently to simplify things.

Some people also believe they don’t need to update WordPress unless their website is big or important, thinking hackers won’t bother with small sites. But this is wrong because hackers like to attack small sites since they’re usually not as secure.

It’s very important to know that not updating WordPress can open your website to attacks and make it run slower. Many people don’t update their WordPress because they don’t know how important it is, or they forget. This is risky because each update fixes bugs and makes the website more secure.

This is also true for WordPress plugins. Keeping them updated is important because they contain all the latest security fixes, so hackers and bad software can’t enter your site.

The following video shows how to update your WordPress site safely and effectively.

It is important to note that you should always back up your WordPress site before updating, just in case something goes wrong.

Plugin and theme updates include new features, bug fixes, and security patches. Even though WordPress themes are usually coded well, they must be updated regularly to fix security issues and add new features. If you’ve customized your theme a lot, you might be afraid that an update will erase your changes.

You can update your WordPress theme without losing anything by following simple steps. 

• Make a site backup.

• Use a child theme.

• Test updates in a staging area to keep your customizations safe. 

After that, updating your theme is straightforward through the WordPress dashboard, cPanel, or File Transfer Protocol (FTP). This is where search engine optimization (SEO) services can also be beneficial, as they can help ensure your site remains optimized through these updates.

How to Prevent Your Website From Being Hacked

Every business knows that cyberattacks are a big risk to their online work. But, many businesses aren’t sure how to protect their websites from hackers.

Have The Latest Security Software in Place: Owners of websites should always check whether the latest security software is in place. This tip is very important for website owners who use CMSs such as WordPress, which has many plugins, in their activities. Updates contain special security patches and features designed to address new threats and, thus, secure websites from hackers.

Use Strong Passwords: Make sure your password is really strong. It should be a mix of symbols, numbers, and big and small letters. Avoid using easy guesses like your birthday or simple words that are easy to figure out.

Download The WordPress Security Plugin: To keep your website safe, besides choosing a reliable web hosting service, it’s smart to add a security plugin if you’re using WordPress. These tools help fight off harmful attacks, protect your site with a firewall, and check for malware. A great choice for a security plugin is Sucuri Security. They offer a free version that includes checking for malware, monitoring for any blacklisting, making your site stronger against attacks, and offering help if your site ever does get hacked.

Choose Reputable Web Hosting Providers: Opt for well-known web hosting services that proactively monitor for signs of malicious activity and offer regular data backups. In the event of a cyberattack, a good hosting provider will work closely with you to manage incoming traffic. It’s also wise to investigate any past security breaches the hosting service may have experienced.

Here are some essential security features that your WordPress hosting plan should provide:

• Continuous network monitoring for suspicious activity

• Tools to prevent DDOS attacks

• Up-to-date web server software, PHP version, and hardware

• Disaster recovery plan

Examples of reputable web hosting providers known for their security measures include:

• SiteGround: Known for its strong security measures, SiteGround offers daily backups and advanced monitoring to detect and block malicious traffic.

• Bluehost: Bluehost provides malware scanning and removal services and offers scheduled backup options to ensure data safety.

• WP Engine: Specializing in WordPress hosting, WP Engine offers robust security features, including real-time threat detection, regular security audits, and automatic updates.

Don’t Forget Updates: Regularly updating your website’s software, including themes, plugins, and the core of WordPress, is critical for security. Hackers often target known weaknesses in software that hasn’t been updated.

Ensuring your software is up-to-date eliminates possible ways for hackers to get into your site. Updates usually include security fixes, offering your website additional protection.

You can easily handle these updates through the Updates section in your WordPress dashboard. Here, you’ll find the latest versions of WordPress and any plugins and themes that need updating.

Conclusion

Cyber attacks are evolving quickly and pose a big risk to all websites. If your site gets hacked, it’s important to reduce the damage quickly. If you have any questions or concerns about security, please don’t hesitate to contact our support team and take advantage of a CDAP free consultation today.

Frequently Asked Questions