If your website is hacked, it’s important to have an emergency plan in place to get you back online as quickly as possible. The first thing we need to do is confirm that you’re actually the victim of a hacker. It’s rare, but there have been times when a client has reported to us that their website was hacked, when in fact it was something else entirely. No sense wasting your time and money trying to fix the wrong issue.
How To Tell If You’ve Been Hacked
The most common symptom of a hacked website is a malware security message in your browser when you attempt to visit your website. Many times you might not even know about the problem until one of your customers calls or emails you. This warning message is to let you know that the website you’re about to visit is considered unsafe. There are several major malware blacklist services that keep a list of domains and IP addresses that are found to have malicious code. If you’re unsure about the security of your website, you can do a quick malware scan using Web Inspector’s free scanning tool. Simply go to the website and enter your website address, then submit.
But Why Were You Hacked?
The primary reason for some jackass to hack your website is to embed malicious code within the source code of your website for monetary gain. The goal of this code is to either infect your visitors’ computers or use the resources of your visitors’ computers to generate crypto currency. The longer their code can go undetected, the longer they can exploit your website and visitors. Other reasons that websites are hacked are to insert spammy links to sex, gambling and payday loan websites.
None of these are good for your and your business. Primary if this happens, it gets reported and your website is added to a malware blacklist. When you’re on this list and people try to visit your website, they get a big giant warning sign in their browser informing them that your website is infected and a risk to visit. (see image below)
How To Fix Your Hacked Website
Now that you’ve confirmed that your website has been hacked, let’s go through the steps you’ll need to take in order to fix it.
Step #1 – Clean Up The Infected Files
The fastest way to do this is to restore a previous version of your website. There are tons of solutions available for a variety of platforms that allow you to setup free daily automated backups. It’s also a good idea to do a manual backup archive of your website each time you make changes to the design and/or content. Also keep a backup of your most recent version of your website locally. This could save you a ton of time and money in case you or your developer is unable to restore from the copies on your server. Also check with your hosting provider and see what backup options they offer with your hosting.
If you don’t have a clean backup copy of your website, you’ll need to clean up the source code manually. Because this could take you some time to complete, we recommend adding a temporary, static html landing page with your business information and a website maintenance message. This will allow you to quickly bring a web page back up for your domain while you troubleshoot the problems. I say problems in plural because typically if your website has been hacked, there are at least several different files infected in your website code.
If you’re one of the people that doesn’t have any backups and you want to try and fix it yourself. The first thing you can try is to connect to your website using an SFTP connection. You can get this from your hosting provider or your developer. Once you’re connected via SFTP, you can search your source files, looking for any files that were recently updated which you haven’t touched. You will need to download these files and search through the source code of these files to locate the malicious code. You’ll want to delete that code and save this clean version of your files before uploading them back to your website via SFTP. Be sure to check the entire directory system of your website hosting account. Some of these malware scripts are very sophisticated and contain several backup methods for infecting visitors’ systems. Also be sure to notice any unknown or unusual files. Sometimes you might even find infected files in your images folder.
If you don’t feel confident tackling this project on your own, you can hire a malware repair service that will go in and clean up your website. Click here for a list of the best services we recommend.
Step 2 – Secure Your Website
Now that your website is free of malware, now is the part where we patch the holes so it doesn’t happen again. Approximately 98% of all websites currently use some sort of CMS system. WordPress, Drupal and Magento are some of the most popular. If your website is running on one of these systems and it has been hacked, the most common cause is because something wasn’t kept up to date and there was a vulnerability that the hacker found by scanning your website. You’ll want to go into the dashboard of your CMS via your admin account. First make sure the core system is updated to the latest version, the check the themes and plugins (add-on modules) and ensure all of them are updated to their latest versions.
We also recommend installing a security plugin to your website. Here are several security plugins for WordPress that we recommend. Not only can they tell you which files might still be at risk of getting hacked again, but they can also continue to scan your website and keep you up to date regarding future risks to your website. Another thing we have experienced that might help you is that you might find that there is a current version of a plugin or theme that is still showing as vulnerable.
In this situation, what we recommend you do is find another solution that does the same job as the vulnerable plugin and replace it. An example might be that you have an add-on plugin for your website that is for social sharing but it is showing as being vulnerable to hackers. Simply find another plugin that is more current and safe for your website to use, then remove the old plugin and replace with the new plugin.
Now that your website is up-to-date and secure, take another backup. Download a copy of the backup to your local computer for safe keeping. We also recommend that at least once per week you log into your website dashboard and check to be sure there are no new security issues with your website. For additional tips for backing up your website, check out this great article. This will help you keep your website safe, secure and running smoothly.
Step #3 – Report That Your Website Is Clean
This is a very important step. The major browsers use the malware listing services to produce warning messages to your visitors if they think your website contains malicious code. These lists have methods for checking and updating their data, but they are not in real time. Meaning that your website could be clean and secure from malware, but when visitors try to go to your URL, they are still seeing a warning message that your website is a risk.
The way around this problem is by submitting your website to this free malware reporting service. We have had the best experience with this website. Simply submit your website URL along with a short note that you have resolved the issue and your website is now secure and safe for visitors. We have typically seen our website updated in the malware blacklist as clean anywhere from 15 to 30 minutes.
Final Tips For Keeping Your Website Secure
If you do a few minor things, you can easily prevent your website from being hacked again. This will save you time and money in the long run. Remember to have always have some kind of automated backup system in place. If you only update your website once per month, you can do it manually each time you make an update. If your website content and design is updated more frequently, then we suggest more of an automated solution.
Also be sure to remember and check your website for out-dated source code and add-on modules. Keeping these up to date, along with running a security plugin will greatly help in keeping your website safe. Many of these top security plugins will also include a list of things you can do to make your specific websites more secure. These typically include things such as renaming your default admin URL and adding a firewall that allows only your specific computer to access the admin area.
We hope this article has helped you with your hacked website. If you are still having problems or would like help in keeping your website secure, simply contact us via our website and one of our team members will be in contact with you as quickly as possible.