What To Do If Your Website Has Been Hacked?
Websites are the heart of your online presence so having your site hacked is a nightmare situation for any business owner. Not only is your website a key form of advertising, but it may also hold sensitive or valuable information that you don’t want to be compromised or stolen by hackers.
Whilst prevention is better than a cure, hackers are unfortunately becoming more sophisticated. Most modern hacks are designed to evade detection with the goal of infecting others. This is massively damaging to your business as well as potentially affecting your customers.
Fortunately, there are things you can do to check your site is free from hackers and actions you can take to regain control of your website.
How to check whether your website has been hacked
If you’re worried that your website has been hacked, there are several different ways to check. Below we’ve listed some of the key ways to ensure the security of your website hasn’t been compromised.
Check your files
There are three main areas that hackers normally attack. These are:
- .htaccess files
- .php files
- media files
This is because these files are more vulnerable to attack, as hackers can embed code or insert hidden links to other malicious websites. Often, hackers will embed base64 encoded information as this allows them to disguise links and malware so that they don’t look like files of concern. To find these, search “base64” throughout your website.
Be aware that this is a long and complicated process. A lot of normal, necessary files can also be called something that looks like a hacked file. For example, xthrospf.php could be a hacked file or a necessary system file. You’d need to read the code in that file to see what it does. If you’re not sure how to carry out this process correctly, you should contact a professional. You can find out more about seeking professional help later in the blog.
Use security tools
There is a range of security tools available for keeping your website safe. Google offers two of these tools:
A free service, this scans your site for malware and other security issues. It will also show you if there is anything on your website that is being flagged to visitors, such as:
- Harmful downloads
- Deceptive pages
It provides information on how to fix any issues it finds. Once you have completed the fixes, you can rescan your website to check that it is working properly again.
Google’s safe browsing checker
This tool allows you to scan your site and provides information on the last time it was scanned as well as shows any suspicious activity and whether or not your site has been identified as a distributor of malware.
This tool is free and just takes seconds to run, simply copy the link below, replacing ‘yourdomain’ with your site’s domain.
How to fix a website that has been hacked
So, your website checks have revealed the worst-case scenario and your website has been hacked. What do you do next?
Make a backup
If you have discovered issues with your site, the first thing you should always do is make a backup of your site before you make any changes. This is particularly important if you’re analysing and deleting files yourself. Many people feel that the easiest thing to do is simply to restore their website from a previous backup, but this is a mistake because it means your site is still susceptible to future attacks. If they got in once, they could do it again if nothing on your site has changed to stop them.
It Is also useful to backup your website as some hosting providers delete sites when they have been hacked.
Ask the professionals
Restoring a website that has been hacked can be a long and complicated process. If you’re not sure what you’re doing you could actually damage your site further, particularly if you’re deleting files. For this reason, we recommend that you allow a professional to do this and don’t attempt it yourself as it could cause irreversible harm to your website.
If you have a WordPress website, we advise that you go to WordFence for assistance. We use the WordFence plugin on all the WordPress websites we build, it’s an excellent tool for helping to keep your WordPress website secure.
Change passwords and ensure you verify all users
This is an obvious one but change the passwords for every part of your website as well as the passwords for devices you have used to access your site. You should then verify your list of approved website users and immediately delete any that you don’t recognize.
After removing a website hack, it is a good idea to change servers. However, if they got in once they could get in again, so you need to ensure the new website is much harder to hack. Make sure you choose a reputable hosting company. Discount hosting providers rarely don’t do a good job of protecting their databases and once a hacker has gained access your website will be at risk.
Upgrade your software
Make sure that all the software you are using has been updated and is the latest version available. This includes WordPress plug-ins and themes.
Run another malware scan
Once you have taken steps to remove the hackers, make sure you run another malware scan on your website to ensure that it’s clean and nothing else is flagged up. Repeat this with every change if issues keep getting raised.
Apply for a Google Security Review
Once you’re done removing the malware it is a good idea to change your passwords again. This ensures that any malware that was on your website can’t access your passwords. You can then apply for a Google security review which can ensure your website is clean and highlight any other hidden malware.
Preventing future website hacks
Once you have removed the hackers and secured your website, there are some steps you can take to protect it in the future.
- Regularly remove all unused files. This helps you keep track of files that are supposed to be there as well as notice any new ones suddenly appearing.
- If you have a WordPress website, you can install an activity log plugin to keep track of any activity taking place on your website. This helps spot anything unusual/unauthorised.
- Keep your site updated.
- Perform regular security scans.
- Use strong passwords and change them regularly.
Website hacks are taking place every day, so it is vital you ensure your website is as secure as possible. Prevention is the best cure, however, if you do find yourself in the unfortunate position of being hacked, the above steps will help you to take control of your website again.
There are costs involved in some of these steps and ideally, you should get a professional to remove the hackers rather than risk damaging your website further, with this in mind it’s worth weighing up the costs of getting the hack sorted, security updated and moving servers versus getting a new website built.
At Pagio Digital, we specialise in building websites and apps that get results. Contact us today at: firstname.lastname@example.org