Survival Guide to Fixing a Hacked Website
More than 30,000 websites are hacked each day, according to a Sophos Security Threat Report. It’s frustrating when you check your website, only to discover that it’s been taken over by a hacker.
You’ve invested countless hours into building a strong online presence from the ground up. Now that your site is hacked, however, all of your hard work is negated. Maybe the hacker is using your site to distribute to malware, or perhaps he or she is using it to funnel traffic to their web properties. Regardless of why your site was hacked, you should take immediate action to remedy the situation.
Notify Your Web Host
First and foremost, contact your web host and notify them of the situation. Most web hosting services — virtual private servers (VPSs) and shared hosting packages — feature multiple sites on the same server. When one of these sites is hacked, all other sites may also be compromised as well. So, unless you have a dedicated server, your hacked site could cause security issues for other webmasters.
Web hosts deal with hacked websites and security issues on a daily basis. They can provide guidance on how to restore your site, or in some cases, they can perform operations on their end to fix the vulnerability. Regardless, the very first thing you should do after discovering your site has been hacked is notify your web host.
Check for Cloaked Content Using Google’s ‘Fetch as’ Tool
When hackers take control of a website, they often use software or scripts to show two different types of content: regular content and cloaked content. Human visitors see the regular content, while search engines see the cloaked content.
The general idea behind cloaking is to display malware, phishing schemes, advertisements or links on a website without losing the site’s search rankings. Search engines “think” a website is filled with high-quality content, but in reality its serving visitors with malicious code.
You can check to see if your website is displaying cloaked content by using Google’s “Fetch as” tool in the Search Console. This tool shows your site from Google’s perspective.
If your website is serving cloaked content, you’ll need to clean it before submitting a reconsideration request to Google. Neither Google nor any other major search engine allows cloaked content in their respective index. And failure to fix it will likely result in a significant drop in your site’s search rankings.
Take it Offline
Unless otherwise instructed by your web host, you should take your hacked website offline to mitigate the damage. You don’t have to necessarily delete your site’s files from the server. Rather, point the domain name of your site to different nameservers.
If you have another web hosting account — and it hasn’t been compromised — you can direct your nameservers to a static page with a 503 HTTP error code. This tells visitors that your site is temporarily down for maintenance.
Your site won’t display content when it’s offline, but that’s not necessarily a bad thing. If your site has been hacked, it may contain malicious software or code that can affect visitors, potentially infecting their computers as well.
Change Your Passwords
Now it’s time to your change the passwords associated with your site. If an unauthorized user has accessed your website, he or she probably knows the password for either your content management system (CMS), file transfer protocol (FTP) login, or back-end control panel.
Hackers often use brute force attacks to spam username and password variations in attempt to find a combination that works. As the name suggests, a brute force attack relies on repetition to infiltrate sites. Using dictionary software, the hacker spams countless words and word combinations to try and find the correct password.
Here are some tips on how to create strong passwords:
• Create unique passwords; don’t reuse the same password on multiple accounts or services.
• Don’t use personal information, such as your birthday or middle name, in your passwords.
• Use a combination of upper-case letters, lower-case letters, numbers (non-sequential), and special characters.
• Don’t store your passwords, unless they are encrypted and stored offline on a USB flash drive or separate media device.
Repair the Damage
Now comes the fun part: repairing the damage caused by the hack. Some hacks are minor, consisting of nothing more than redirects, in which case you can simply delete the redirect code. Other hacks, however, are more severe, featuring thousands of lines of new or modified code.
An alternative solution is to use a backup copy of your site. If you create regular backups of your site — like you should — you can restore it back to its original state using the most recent backup. The only downside is that you’ll lose any content created after the backup was made.
Update Content Management System
Assuming your website runs a CMS like WordPress, you should update all of its associated files. If you followed the instructions listed above, you’ll need to go back and change the nameservers to your original server. This will allow you to log in to your site’s CMS through your web browser, at which point you can update the files.
Hackers often target websites running outdated versions of WordPress because they contain exploitable vulnerabilities. If you don’t update your site’s files, it could leave the doors open to hackers. So, log in to your site to ensure it’s running the most recent version of WordPress.
You should also update any plugins and themes on your site to the most recent version. According to the WPScan Vulnerability Database, plugins are responsible for more than half of all WordPress security vulnerabilities. If your site’s plugins or themes are outdated, update them ASAP.
Submit a Reconsideration Request to Google
Not surprisingly, Google typically removes hacked websites from its search index. So, even if your website ranked at the top for its target keywords, it may no longer appear in the search results after being hacked.
You can regain your lost rankings, however, by removing any malicious content from your site and then submitting a reconsideration request to Google. Visit Google.com/webmasters/tools/reconsideration while logged in to your Webmaster Tools account and check your site for manual actions. If Google has taken action against your site, you’ll have the option to submit a reconsideration request.
Keep in mind that Google receives thousands of these requests, so it may take several weeks or even months before your site is reviewed. If your site is fixed, however, Google should reinstate your lost rankings.
Don’t let a hacked website ruin your brand’s online presence. Follow the steps listed here to fix the damage and restore your reputation.