Has Your Website Been Hacked? Here’s what to Do

6 Aug

If you own a website, you might be worried about getting hacked. When a website is hacked, it’s normal to feel a sense of panic. Unfortunately, the worst has happened, and you have lost your website, your data and probably the very link between yourself and your customers.

The best piece of advice to give you is to relax. It’s not the end of the world, and the problem can be rectified. Your website and all that goes with it can be recovered, and then you are going to need to put mechanisms in place to minimise the risk of it happening again.

What are the Signs of a Hacked Website?

There are several tell-tale signs to look out for that will tell you that your website has been hacked? Here are some of the most discernible signs of a hacked website:

  • Your website’s source code suddenly includes some unusual JavaScript.
  • When you visit your URL, pop-ups and unknown adverts are displayed.
  • Additional unauthorised users have been added to your FTP and database management tools.
  • When you visit your website URL, you end up somewhere else – usually a dodgy website with questionable content.
  • Your website no longer displays your content but rather malicious or unknown content.
  • When you visit your URL, there’s a Google alert noting that the website is hacked.
  • When you enter your website URL, the website cannot be reached.
  • Internet browsers warn visitors that the website is unsafe or not secure.

Not all hackers have the same intentions, so it’s a good idea to take a close look at the type of hacking attack you have fallen victim to and ascertain what the intended outcome is for the hacker. Some hackers simply hack for the fun of it (they enjoy chaos and the attention that their efforts achieve), some hack with the intention of stealing money, while others hack for political reasons, identity theft, or to steal sensitive data.

What to do

If you are sure that your website has been hacked, there are a few things that you need to do immediately. Follow these steps:

  • Inform the right people
    You need to inform your IT department as well as your hosting company. These departments have the software and necessary skills to action the proper damage control.
  • Get the details of the hack
    You need to know just how much damage the attack has caused. What was stolen and what was exploited. A good tool for this is the Google Search Console. Once you have signed in, check the Messages and the Security Issues sections for the information that you need.
  • Go offline
    Taking your website offline while you deal with the recovery phase of the process will protect your customers and potential customers from being exposed to malicious software.
  • Purge the website
    First, take a close look at your website pages and make sure that you remove any pages that the hackers may have created for their own purposes. Once these are deleted, you need to back up the website. You can do quick and easy online backups at Soteria.

If you already have a recent backup of the website, you have the upper hand, as you can immediately delete all of the pages and restore the website pages to their former glory in just a few clicks.

  • Change all your passwords
    If your website has been hacked, you should assume that hackers have acquired your passwords. You need to change all of your website and hosting related passwords. It might also be a good idea to change any passwords that you use on websites where your banking/financial information is stored.
  • Get Google to review your hack recovery process
    Remember when you read up on the issues affecting your website in Google Search Console? Now, you need to go back to the Search Console and revisit the message Google sent you advising you that the website is unsafe. Through this, you can request a Google review to un-flag your site as “unsafe”. Google will require you to provide information on the steps you took to clean your website and make it safer for users in future.
  • How to Hack-Safe Your Website
    Once your website is back up and running, you need to ensure that you don’t become a victim of hacking again. The first step is to change your passwords regularly and to keep a close eye on any possible changes on your accounts. You also need to run regular data encrypted backups to ensure that there is always a current version available of your website that’s untainted.

Last Word

At Soteria Cloud we have heard all too often about websites being hacked and owners not knowing what to do to rectify the problem. Now, you can follow the above steps or chat to your hosting company about possible courses of action too.

Comments are closed.