Few businesses have a clear action plan to deal with a website hack. Hackers find new ways to penetrate sites every day. By the time you discover the hack, there may already be considerable damage.
But don’t worry. There are steps you can take to fix a website. First, you’ll need to do some detective work. Next, you can take steps to fix a website and protect against future risk.
Warning signs that your site has been attacked
If you notice that something is wrong with your site, start by identifying all signs of an intrusion. First, determine if you or one of your team may have taken an action that triggered the issue. It’s unlikely that these actions can be undone, but this information will help you decide what to do next to fix a website.
Six signs that your site may have been hacked
- Your website redirects to an unknown site.
- Your website shows pop-ups that are not created by you or your team.
- Your website begins to rank for spam keywords.
- Spam ads on your website display illegal or adult content.
- Google blocks your visitors with a warning that the site contains malware.
- Your web host emails you that your site contains Malware.
Identify the cause of the trouble
Use any of the following methods to gather information on how your website has been altered.
Use a malware scanner to scan your website
Antivirus software finds hidden malicious content, unnatural links, and coding that doesn’t belong on your site. Scanners also sort out infected files so you can see what changes were made. Many malware scanners are free, and some, you may want to pay extra for. Look for a review of options on a site such as CNET.
Google Search Console service for webmasters
Link your website property to Google Search Console (formerly Google Webmaster Tools). This free service will check your site and report problems in the console.
- Instructions to set up Google Search Console
- Login into your Google Search Console account.
- Select Security & Manual Actions from the menu on the left side
- One-by-one, click on both Manual Actions and then Security Issues to check if an alert saying that unwanted software is detected.
Check Google’s Safe Browsing list
Google maintains an up-to-date list of unsafe web resources. When in doubt, users can check URLs against listings to identify unsafe and unrelated links inserted by hackers. Google divides the list into two categories:
Attack Sites – websites that host harmful software
Compromised Sites – websites that host SPAM
Data security from your hosting provider
Hosting providers need to ensure secure operations to stay in business. They conduct routine checks because a single hacked website can make other accounts feel unsafe. If your site is identified as having malware, your host may temporarily suspend your account.
Search engines spot thousands of scam sites every day
Search engines, such as Google, examine billions of URLs each day. This is because their business is to provide users with the latest information each website contains.
In this way, search engines serve their customers by providing the best answer to search questions. When search engines “scrape” the web to retrieve content and code, they come across unsafe sites. (Not surprisingly, well-known brands are frequently targeted.) When a search engine runs across a scam site, it’ll warn the users with an alert notification that the site may be unsafe.
Here’s how to check if your site is on the warning list:
- Log out of your website.
- Open Google in incognito mode
- Then place your website’s URL in the Google search box and hit enter.
- Click on your website link to open.
- If your site is hacked, Google will prevent you from accessing it by sending you a warning alert saying that it contains malicious content.
Remove malicious content and code to clean the site
Depending on what technology stack your site is built on, there are different tools and approaches. After using anti-virus software to identify problems, these tools are designed to remove bad code and content. Defeating hackers is an ongoing battle, so anti-virus may not be able to neutralize all bad code to fix a website. Always rescan with anti-virus software after the removal process to see if you come out with a clean report.
Now, your website is ready to bounce back to the digital platform, it’s time to make your site go live again. The next step would be to analyze the impact of the hack on your website’s SERP rankings.
Things to do to secure your website
Recovering from a website hack is one hell of a chore, but don’t stop there. It’s time well spent to follow all recommended security measures below to prevent another breach.
Here are measures to secure your website going forward:
- Run regular backups of your site content
- Use a trusted SSL (protocol for encryption)
- Use an anti-malware plugin or software.
- Keep strong passwords, for example, #@#129eX_+!
- Update your PHP (scripting language) when prompted by your host
- Use the latest themes and plugins.
- Never use an untrusted web browser.
- Carefully filter on-site comments.
Need help fixing your website after a hack?
Getting a hacked website back up and running properly can be time-consuming, difficult, and costly. If you are not up to the task and need expert help to fix a website, contact us. We have experience in diagnosing and removing malware. And we can fix a website and improve your search engine ranking so you can get back to business.