Survival Guide to Fixing a Hacked Website

Survival Guide to Fixing a Hacked Website

Survival Guide to Fixing a Hacked Website

No Comments on Survival Guide to Fixing a Hacked Website

More than 30,000 websites are hacked each day, according to a Sophos Security Threat Report. It’s frustrating when you check your website, only to discover that it’s been taken over by a hacker.

You’ve invested countless hours into building a strong online presence from the ground up. Now that your site is hacked, however, all of your hard work is negated. Maybe the hacker is using your site to distribute to malware, or perhaps he or she is using it to funnel traffic to their web properties. Regardless of why your site was hacked, you should take immediate action to remedy the situation.

Notify Your Web Host

First and foremost, contact your web host and notify them of the situation. Most web hosting services — virtual private servers (VPSs) and shared hosting packages — feature multiple sites on the same server. When one of these sites is hacked, all other sites may also be compromised as well. So, unless you have a dedicated server, your hacked site could cause security issues for other webmasters.

Web hosts deal with hacked websites and security issues on a daily basis. They can provide guidance on how to restore your site, or in some cases, they can perform operations on their end to fix the vulnerability. Regardless, the very first thing you should do after discovering your site has been hacked is notify your web host.

Check for Cloaked Content Using Google’s ‘Fetch as’ Tool

When hackers take control of a website, they often use software or scripts to show two different types of content: regular content and cloaked content. Human visitors see the regular content, while search engines see the cloaked content.

The general idea behind cloaking is to display malware, phishing schemes, advertisements or links on a website without losing the site’s search rankings. Search engines “think” a website is filled with high-quality content, but in reality its serving visitors with malicious code.

You can check to see if your website is displaying cloaked content by using Google’s “Fetch as” tool in the Search Console. This tool shows your site from Google’s perspective.

If your website is serving cloaked content, you’ll need to clean it before submitting a reconsideration request to Google. Neither Google nor any other major search engine allows cloaked content in their respective index. And failure to fix it will likely result in a significant drop in your site’s search rankings.

Take it Offline

Unless otherwise instructed by your web host, you should take your hacked website offline to mitigate the damage. You don’t have to necessarily delete your site’s files from the server. Rather, point the domain name of your site to different nameservers.

If you have another web hosting account — and it hasn’t been compromised — you can direct your nameservers to a static page with a 503 HTTP error code. This tells visitors that your site is temporarily down for maintenance.

Your site won’t display content when it’s offline, but that’s not necessarily a bad thing. If your site has been hacked, it may contain malicious software or code that can affect visitors, potentially infecting their computers as well.

Change Your Passwords

Now it’s time to your change the passwords associated with your site. If an unauthorized user has accessed your website, he or she probably knows the password for either your content management system (CMS), file transfer protocol (FTP) login, or back-end control panel.

Hackers often use brute force attacks to spam username and password variations in attempt to find a combination that works. As the name suggests, a brute force attack relies on repetition to infiltrate sites. Using dictionary software, the hacker spams countless words and word combinations to try and find the correct password.

Here are some tips on how to create strong passwords:
• Create unique passwords; don’t reuse the same password on multiple accounts or services.
• Don’t use personal information, such as your birthday or middle name, in your passwords.
• Use a combination of upper-case letters, lower-case letters, numbers (non-sequential), and special characters.
• Don’t store your passwords, unless they are encrypted and stored offline on a USB flash drive or separate media device.

Repair the Damage

Now comes the fun part: repairing the damage caused by the hack. Some hacks are minor, consisting of nothing more than redirects, in which case you can simply delete the redirect code. Other hacks, however, are more severe, featuring thousands of lines of new or modified code.

If you’re familiar with HTML, PHP and JavaScript, perhaps you can repair the damage yourself. But if this sounds too difficult, you should hire a professional cybersecurity expert to perform this task. The ultimate goal is to restore your site to its original condition before it was hacked.

An alternative solution is to use a backup copy of your site. If you create regular backups of your site — like you should — you can restore it back to its original state using the most recent backup. The only downside is that you’ll lose any content created after the backup was made.

Update Content Management System

Assuming your website runs a CMS like WordPress, you should update all of its associated files. If you followed the instructions listed above, you’ll need to go back and change the nameservers to your original server. This will allow you to log in to your site’s CMS through your web browser, at which point you can update the files.

Hackers often target websites running outdated versions of WordPress because they contain exploitable vulnerabilities. If you don’t update your site’s files, it could leave the doors open to hackers. So, log in to your site to ensure it’s running the most recent version of WordPress.

You should also update any plugins and themes on your site to the most recent version. According to the WPScan Vulnerability Database, plugins are responsible for more than half of all WordPress security vulnerabilities. If your site’s plugins or themes are outdated, update them ASAP.

Submit a Reconsideration Request to Google

Not surprisingly, Google typically removes hacked websites from its search index. So, even if your website ranked at the top for its target keywords, it may no longer appear in the search results after being hacked.

You can regain your lost rankings, however, by removing any malicious content from your site and then submitting a reconsideration request to Google. Visit while logged in to your Webmaster Tools account and check your site for manual actions. If Google has taken action against your site, you’ll have the option to submit a reconsideration request.

Keep in mind that Google receives thousands of these requests, so it may take several weeks or even months before your site is reviewed. If your site is fixed, however, Google should reinstate your lost rankings.

Don’t let a hacked website ruin your brand’s online presence. Follow the steps listed here to fix the damage and restore your reputation.

About the author:

Justin Soenke is a trend-based serial entrepreneur and thought leader in the areas of cyber-security, web design, SEO, social media, eCommerce and managed IT. Justin has overseen the creation and success of over a dozen companies in the technology, security and media sectors, and is the contributing source for his SB Design Blog, SB Tech Blog and SB SEO Blog among regular contributions to many outside blogs and websites, all for our clients.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please follow & like us :)

Subscribe to Emails

Our Address

Mailing Address
Phase 3 Enterprises, Inc.
PO Box 369
Santa Barbara, CA 93116

Call Us Today!

Contact our team of professionals — your single point of service for all your IT, Web design and SEO needs.

Phone Support Hours
Mon - Fri: 8am to 5pm
tel 805.964.3235
fax 805.715.8107