Your website has been compromised, oh no! Your website may have been taken offline by your web host, or you may have received a warning from a browser, user, Google Search Console, or something similar. Perhaps you found it out after noticing a significant (and otherwise unexplained) increase in traffic to your website.
But why is it such a big deal if your website is hacked? A hacked website causes issues not just for you, but also for your clients. Hackers can use the company’s good name and prestige to conduct phishing attacks and other cybercrime campaigns. They will use your website to do the following:
- Organize spam or malicious ad campaigns,
- Take confidential data from your customers or phish sensitive information from them.
- Induce users to download malicious software (malware), resulting in penalties and/or fines for your business.
So now you know, and you’re still yelling from the mountaintops, “I’ve been hacked, how do I fix it?” So relax (I know, it’s easier said than done) and take a deep breath — I’ve got you covered. Here’s a short guide to what you can do if your website has been hacked.
Hacked Website Part 1: Determine how, when, and where it happened
The first step in the protocol is to determine when and where the incident occurred. As a result, you’ll have to put on your best Sherlock Holmes impression here. Now, go get your magnifying glass and start working! Only kidding, you won’t need a magnifying glass, but there are a few other resources that will help you figure out whether your website has been hacked.
Use a Malware Scanner
Malware is a major danger to both companies and customers. A malware scanner is a programme that searches your website for malicious code and warns you when it finds it. You’re good to go if you already have a malware scanner installed. Start by going over your malware scan history to see when your website was first infected. After that, run a new malware scan to find out which files are infected.
Once the files have been found, you can scan the source code for the code snippet that is infecting your website.
To pinpoint the exact date and time of the infection, look at the timestamp of the infected files. It should be remembered, however, that if you or an automation tool have changed your files, the timestamp will not be correct.
Find Visual Evidence
If you don’t have a malware scanner, searching through previous saved versions of your website is a decent hack (no pun intended) for finding where and when the infection occurred. This is where a tool like the WayBack Machine comes in handy. Essentially, you’ll need to search at previous screenshots of your webpages for signs of infection. This could be odd noticeable code or peculiar links on your website. As we previously said, you’ll need to don your detective hat for this.
If you can’t find any visual evidence, the hacker could be using a cloaking strategy, which means the hacker is showing you and your users different content than the search engines. Fortunately, you can tackle this strategy by using Google’s Compromised Sites Troubleshooter app.
Other Best Practices to Follow When You Realize You Have a Hacked Website
When you first find the infection, you should take the following steps:
- Test your files and tables for malware manually. Take the time to manually check any recently updated files to see if something odd or suspicious has occurred. Check the database tables for malware as well.
- Make a copy of the infected website. You’ll be able to compare files later if you do this. However, don’t replace any backups that you assume aren’t tainted.
- Block links to your website temporarily for “routine maintenance.” This is done so that you can protect your users as well as your credibility when resolving the issue.
- Scan your computer for malware. This is important because if a hacker gained access to your website from your personal computer, you don’t want them to exploit the same flaw again.
Additional Considerations for eCommerce Businesses
Of course, for ecommerce businesses and organisations that manage payment card data, there are some additional Payment Card Industry (PCI) enforcement considerations. If your website has been compromised and you’re worried about data disclosure, consult the PCI Security Standards Council’s (PCI SSC) guidelines on cardholder data breaches and incident response.
Please keep in mind that this is not legal advice. In fact, nothing in this article is intended to be taken as legal advice. A legal processional should be contacted for such details.
Hacked Website Part 2: Fix the Problem ASAP
It’s time to roll up your sleeves and clean out your website now that you’ve found the problem, created a backup to compare later, and blocked user access. Don’t worry, there are some excellent cleaning solutions available to you! When it comes to removing malicious code and restoring your website, there are four key options to consider.
Do It Yourself (DIY)
Depending on the project, having a do-it-yourself mentality can be beneficial. A website cleanup can vary from “I’ll just jump in and take care of it myself” to “why did I ever think this was a good idea?” -scale disasters The amount of work required varies significantly depending on the severity of the infection (or what systems the attackers compromised). Fortunately, if you followed Part 1, you’ve already completed some of the work and know when your website was compromised.
You’ll need a file transfer protocol (FTP) client to connect to your website. FileZilla is my personal favourite. Here’s a look at their user interface:
After you’ve linked, you’ll need to go through every folder on your website. Starting with the files that were changed at the time of the incident is the safest way to go. This should give you a good idea of what to look for in terms of malicious code snippets. You’ll need to uninstall the malware or replace it with uninfected copies as soon as you find the infected files.
In theory, it seems to be a smart idea to simply step in and address the problems without the use of any external resources. However, in addition to the fact that the procedure can take a long time, you can miss some infected data. If you aren’t familiar with websites, this isn’t the most detailed alternative.
Restore Your Site Using a Current (Clean) Website Backup
One of the simplest ways to fix your website is to restore the most recent clean website backup you have. However, you must have a good backup of your website for this to work. You’ll know which backup is clean thanks to the work you did in Part 1.
If you don’t even have a website backup, I strongly advise you to do so as soon as possible. CodeGuard, for example, is a great choice because it takes automatic backups and allows you to restore the most recent clean version with a single click. It also includes a malware scanner and sends you emails if the source code of your website changes. Isn’t it beautiful?
You can uninstall your new website and re-install your last clean version if you have a decent backup. Your database is one place to keep an eye on. If you have a website that accepts submitted material, such as appointment requests, purchase orders, testimonials, and so on, when you restore your backup, the submitted content/requests will be removed. You will escape this snare by doing the following:
- Before restoring your folder, make sure it’s free of malware. If it’s safe, just restore the website files and leave the database alone.
- Replace any material that has been removed. Add in the deleted database rows that were erased when your database was restored manually.
- Just clean your database. Just restore your website files after deleting the malware from your servers.
Still Not Sure What to Do If Your Website Is Hacked? A Malware Scanner could be the solution…
This is by far the most straightforward of the four options. Simply put, all you have to do is:
Choose a malware scanner, perform a full site scan, and start the repair process.
Of course, after that, you’ll want to double-check your website via FTP to ensure that all malware has been removed.
Completely Rebuild Your Website
This is a choice I would suggest only if:
- You don’t have a full backup of your files.
- Your website is infected to the point that you can’t get rid of the malware (for example, your malware scanner didn’t work).
The idea is to essentially rebuild your entire website (literally, your entire website) to ensure that the pesky malware is gone. You’ll need to do the following to accomplish this:
Create a new hosting account, then reinstall your CMS and themes/plugins before beginning to add new content.
I know, all of your lovely material has disappeared. Begin by collecting as much information as possible from previous papers, emails, Google Drive, and other sources to serve as a starting point. You can also scrape old webpages for copy and photos using the Wayback Machine and Google’s archive. Pulling images for the Wayback Machine is only a good idea if the images are safe and do not contain malware. If you’re unsure, stick to the other areas I listed for material.
Hacked Website Part 3: Prevent the Problem from Happening Again
Now is the time to take steps to reduce the chances of being a victim of another cyber attack. Your goal is to repair as many flaws as possible and close as many gaps as possible. To begin, make sure your software is up to date (hackers often gain access through outdated software, such as website plugins).
After that, you can run vulnerability and malware scans to ensure that your restored (or new) website is free of malware. You can also conduct a manual analysis of your website files to ensure that no malware remains.
Update Your Login Credentials
You want to make sure you don’t let any more unwanted intruders in now that you have a nice, clean website. It’s difficult to say if a hacker used one of your passwords to gain access to your website. To be confident that you’re using protected login information, you’ll want to update all of your website’s credentials. You should update the following accounts in particular:
- Web hosting accounts
- CMS accounts (Note: Keep an eye out for any suspicious new accounts.) If this is the case, exclude them.)
- Email accounts (associated with your website)
- Database accounts
It’s important to upgrade your passwords to include special characters, numbers, capital letters, lower case letters, and a length of at least 15 characters. Also, never use the same password for different accounts or websites!
Get Off the Website Blacklists
When a website is compromised, it will be linked to a blacklist, such as Google’s. Check your Safe Browsing site status through the Google Transparency Report to see if you’ve been blacklisted by Google. You can also use the MX Toolbox Blacklist Search to see if you’re on an email spam blacklist.
You’ll need to give a request to the blacklist’s host, describing what happened. I suggest being as detailed and precise as possible when explaining what happened and how you handled the issue. Via your Google Search Console, you will request that your site be removed from Google’s blacklist.
I suggest using a malware scanner with an automatic blacklist removal feature for optimum performance. After that, you can check to see if you’re on any blacklists.
Use a Website Vulnerability Scanner Tool
Website vulnerability scanners are extremely useful for monitoring the health of your website. For example, HackerProof Trust Mark checks your website for known vulnerabilities on a daily basis by comparing it to a current database. You’ll get actionable advice for how to fix the problem if it finds a vulnerability.
Hackerproof Trust Mark also has the value of being a site seal. This provides users and consumers with visual verification that the site complies with Sectigo’s security requirements. It’s a win-win situation for both you and your clients.
What Else You Can Do to Secure Your Website Against Future Threats
Of course, this isn’t an exhaustive list. There are a slew of other things you can do to make your website more secure; I simply don’t have time to go over them all here. With that in mind, read our post, which includes 21 website protection tips from 17 cybersecurity, website, and IT experts.
Conclusion of What to Do If Your Website Is Hacked
As previously said, you do not want a hacker to use your website to conduct cybercrime campaigns and tarnish your name. It’s important that you act rapidly but carefully, employing the tips, tricks, and tactics mentioned above. Bear in mind if you want to:
- Find out how, where, and where the problem happened,
- repair it as soon as possible,
- and then keep it from occurring again.
I hope you now have a better understanding of what to do if your website is hacked. Depending on the circumstances of the event, this three-part process can take various forms, but with these methods and resources, you should be able to save your website in any case. Know that your best defence against a hacker will still be preventative maintenance. Best wishes!