My Website Has Been Hacked – A Guide to Recovery
With around 30,000 websites getting hacked everyday around the world, it’s not unlikely that your site could be next. Did you know that 63% if website owners didn’t even realise their site had been compromised until it was too late? How about 10,000 websites are blacklisted by Google everyday as a result of website hacking?
With day-to-day business tasks at hand it is easy for us to forget about the maintenance needs on the security of our online data. Here are a few tips to help keep your site secure from hackers as well as some easy and affordable backup solutions to help you recover what might have been lost or damaged as a result of the Hacking;
How do I know if I’ve been Hacked?
- First things first, if you suspect that you have been hacked your first point of contact should be to ensure that your site has in fact been compromised. You are able to tell that a hacker has found their way into your site by the following;
- You are starting to see spam appearing in your site header or footer. These can often to come in the form of adverts or even dark text on a dark background (The human eye may not notice it, but search engines are definitely able to see it)
- You are able to do a site:example.com (replace example.com with your domain name) search on Google. This allows you see pages or content that you don’t recognize and that looks malicious.
- You receive a report from your hosting provider that your website is doing something malicious or “spammy”. For example, if your hosting provider tells you that they are getting reports of spam email that contains a link to your website, this may mean you have been hacked. What the hackers are doing in this case is sending spam from somewhere and using your website as a link to redirect people to a website they own. They do this because including a link to your website will avoid spam filters while including a link to their own website will get caught in spam filters. This is how hacking effects many Small Businesses – the prize if your site legitimacy not its content.
- Products like WordFence are able to detect many of these problems and hacking attempts so when using a product such as this, make sure you are looking out and paying attention to any alerts that are being sent out.
You’ve been hacked? Back up your website right now!
Once you have discovered that you have in fact been Hacked, your first point of call should be to back up your site immediately. Many hosting providers should offer a suitable Website Backup tool which you are able to plugin and download a copy of your entire site. It is important to create the backup of your site straight away as many hosting providers will delete your site as soon as they detect that is producing spam from their servers – even though this will be a copy of the hacked or damaged website it may be easier to fix the problem rather than rebuild.
Be sure you also back up your Website Database. Backing up your files and database should be your first priority. Get this done, then you can safely move on to the next step of cleaning your site comfortable with the knowledge that at least you have a copy of your hacked site and you won’t lose anything from here on out.
Time to clean out your site!
First things first, change your passwords and login details – You want to ensure that you are locking the hackers out of your website so they cannot continue to inflict damage and undo all of your hard work. Be sure to use strong passwords.
Your next step is to remove the malware that was injected into your site. It’s nearly impossible for anyone to reliably remove malware from a website by hand. To remove the compromise from your files, we recommend using an application like SiteLock. Using its SMART scan technology, it will not only find any compromises in your files, it also removes them. If you are running a WordPress Website the installation of the application WordFence will be a great tool for detection and deletion of any Malware that me be added to your site’s files.
Your website should now be free of infection and back to its normal functioning self.
How to I stop this from happening again?
Now that your site is clean and free of any malware, you’ll want to ensure that you do not have to go through this ordeal again. The good news is that there a number of ways to stop Website Hacking. Even the most basic protection can help discourage website hackers and help you restore your site in the event that your site is corrupted.
- Keep up-to-date
This is key when using a Content Management System (CMS) such as WordPress, Joomla or Magento. Every couple of months you will notice a change to upgrade your website’s CMS and plugin applications to the latest versions available. It is vital that you do this as soon as the updates are available. Leaving your website behind on an older platform can create gaps in the code where Website Hackers are able to access your site and plant their malware. Many hosting providers allow for an automated update feature, if you are unsure of this it is best to reach out to your provider and find out.
- Toughen up the access to your website
The admin access of your website is one of the best and easiest ways into everything you do not want a Website Hacker to see. Enforce strong user names and passwords that cannot be guessed so easily. It is also recommended that you change your default database prefix from “wp6_” to something random and harder to guess.
- Install a web application firewall
A web application firewall (WAF) can be software or hardware based. It sets between your website server and the data connection and reads every bit of data passing through it. Most of the modern WAFs are cloud based and provided as a plug-and-play service, for a modest monthly subscription fee, CloudFlare is among the top rated cloud based WAF applications. Basically, the cloud service is deployed in front of your server, where it serves as a gateway for all incoming traffic. Once installed, web application firewall provides complete peace of mind, by blocking all hacking attempts and also filtering out other types of unwanted traffic, like spammers and malicious bots.
- Back-up your website frequently
Just in case the worst should happen, it is important to keep everything backed-up. A cloud based website back-up solution will save you many pain staking hours and potentially thousands of dollars in recovery and re-build costs. Ensure that the backup tool allows for daily backups, as well as the ability to roll back and restore and files from a previous date.
If you have any further questions about this feel free to contact one of our team members.