A hacked website is far from unusual — indeed, according to research from Astra, around 30,000 websites around the world are hacked every day. And it’s not just big firms that are affected, with more than four in ten of these attacks being targeted at small businesses. The consequences for website owners can be devastating. Data may be accessed, there may be damage to your reputation, and you may be hit with a ransomware demand. But — with quite a lot of work, unfortunately — it’s usually possible to take back control and protect your site better in future: we look at what you should do.
How To Tell If Your Website Is Hacked
There are a number of signs that your website has been hacked. In some cases, you may be alerted by browsers, your web host or visitors to the site.
You may experience slow performance, or see changes to the site that you didn’t make, such as unexpected ads or new pages. You may even discover that a new admin account or FTP user has been added without your knowledge. Traffic to the site may drop sharply, and emails that you send may go straight to the recipient’s spam folder. While some of these signs could have other explanations, they should all be taken seriously as possible signs that your website has been hacked.
Sign 1: Alerts From Browsers
The clearest sign that your website has been hacked is when Google Search, browsers or antivirus programs start displaying security warnings about accessing your site. All the major browsers, including Google Chrome, Mozilla Firefox, Safari and Opera, will do this when alerted by Google Safe Browsing, which checks billions of URLs per day.
Sign 2: Changes To The Website
Another clear sign that your website has been hacked is changes to its appearance. It may redirect traffic to a compromised website, for example, show unexpected ads, or display new pages that are nothing to do with you — possibly containing offensive content. It may also become very slow and show error messages.
Sign 3: Admin Changes
You may spot unusual login attempts or, worse still, a new admin account or FTP user. This is a sign that a hacker has compromised your account — and they may be able to maintain access even after you’ve eliminated the initial threat. You may even find you’re locked out yourself.
Sign 4: Web Host Notification
Hosting providers monitor for unusual activity, and may warn or even suspend your website if they have serious concerns. They’re looking for signs such as excessive resource usage, hosting of malicious content or spam or phishing content being sent from your server.
Sign 5: Unexplained Drop In Traffic
If search engines detect issues with your website they may delist it; hackers may be diverting traffic from your page to unknown sites. It’s worth keeping an eye on your level of traffic, as this can often be an early sign that your website has been hacked.
Sign 6: Your Emails Are Sent The Spam Folder
If hackers have installed malware on your website and are using it to spread spam, email servers may blacklist your server and its IP address. If this happens, even your legitimate emails could end up in the spam folder.
What Should You Do If Your Website Is Hacked?
Sorting out a hacked website is, unfortunately, a difficult and time-consuming process. You’ll need to start by taking it offline and putting it into maintenance mode.
You’ll also need to reset all user passwords and access rights — most importantly, the website’s administrative account password. You should run a scan and remove malware and backdoors — a potentially tricky process where you may need expert help. It should then be safe to restore the site from a backup. Finally, there’s a number of people you should inform, including your hosting provider, regulatory authorities and users.
Step 1: Take Your Website Offline
Your first step should be to take your website offline and put it into maintenance mode while you sort things out. This will help stop any problems getting worse and keep your users safe. It is a good idea to show a maintenance message while you do this.
Step 2: Reset All User Passwords And Permits
You’ll need to reset all user passwords and access rights. The most important, of course, is the website’s administrative account password, but you should also change passwords for any email accounts linked to your domain or hosting provider, FTP credentials and any third-party services integrated with your website.
Step 3: Get Rid Of Malicious Code And Backdoors
Give your website a thorough scan to uncover malware and backdoors, and remove any suspicious files or code injections. This can sometimes be straightforward — perhaps, just a single dodgy plugin — but more usually will require a fair level of technical knowledge. You may need to call in expert help.
Step 4: Restore From A Clean Backup
Hopefully, you’ve been backing up your website regularly — and this is where that effort pays off. Obviously, the backup needs to have been made before the hack to restore things to the way they were.
Step 5: Contact Your Hosting Provider
Your hosting provider needs to know what’s happened — and could be a big help when it comes to cleaning up the site and providing advice, as well as in getting your site removed from any blacklists. It may have seen similar attacks on other websites on its servers.
Step 6: Contact Users And Regulators
GDPR and other laws may require you to inform regulators about any hack. You should also tell users, which not only helps maintain trust but also alerts them that they may need to change passwords.
How Can You Protect Your Website From Hackers?
There are a number of basic best practices that you should employ to keep your website safe from being hacked.
The first is to carry out regular security audits, and to use monitoring and detection tools on a regular basis. You should restrict access to only those people that need it, and use strong passwords and two factor authentication. Make sure you keep all your software up to date, so that it gets the latest security patches. And back the site up regularly, so that if the worst does happen you can get things back up and running that bit more quickly. Finally, make sure your team is on board with basic cybersecurity practices, and that they look out for anything suspicious.
Bottom Line
There’s no denying that a hacked website can be difficult and stressful to fix. But with a little knowledge and a bit of time, it’s possible to recover your site, and there are ways to make sure it’s well-protected in future.