Fix Your Hacked Website Immediately. It’s Dangerous for Your Brand Reputation, Revenues & Site Visitors
Your website security can significantly impact your company’s profit. In case if you think you’re someone who’s not lucky in terms of website security and question yourself like how to fix a hacked WordPress site or how to fix my hacked website, then you’re reading the right post.
Here we’ll provide some quick tips on
- Signs Your Website Is Hacked
- How to Verify Whether Your Website Is Hacked
- Quick Steps on How to Fix Hacked Website
- How to Avoid Your Website Being Hacked
Signs Your Website Is Hacked
There’s a number of different signs to recognize that your website is hacked, and some of them are quite frequent and common. Below are some of the commonly seen signs that will help you identify your website is hacked.
1. Homepage Appears Differently
Differently appearing or acting Homepage is among commonly seen and a major sign that your website is hacked. When you visit your website, you may witness that hacker has changed the website content. Your site might display banners or ads that are inappropriate such as illegal or adult content. At worse, hackers might even change the homepage to sell their products.
2. Not Able to Log In to Admin Panel of Your Website
Not able to login to the admin panel using valid login credentials is another classic indicator that your website might be hacked. Many times hackers remove admin privileges by deleting accounts once they gain access to the website.
3. Your Website Starts Displaying Odd Pop-Ups & Malicious Ads
Hackers may use your website to display illegal or fake products. For instance, they may display ads and pop-ups that are quite difficult to close.
4. Out of the Blue Your Website Slows Down
Your website uses resources through your webserver that runs activities like displaying content to your site visitors. It often happens that due to the rich content of your sites, like videos or images, your site sees a drop in performance. But, if you see a continuous drop in performance without any specific reason, then it can be certain that your website is hacked.
5. Huge Drop in Website Traffic
If you’re using any tool to track your website traffic, such as Google Analytics, you may notice an unusual drop in website traffic. Sometimes, it happens that your website traffic drops due to the festive season, due to penalization after a Google algorithm update, or any other reason. But if it’s happening for quite long without any specific reason, then there’s something wrong. Hackers use different methods due to which your website gets diverted to their site. Instead of gaining legit SEO rankings and traffic, hackers usually try hijacking your website.
6. Strange & Irrelevant Keyword Ranking
Another indicator of your site being hacked is that your website starts ranking for keywords that aren’t related to your industry. For instance, if your website sells SSL/TLS certificate, along with SSL certificate related keywords, you may also encounter strange keywords on Google Analytics like buy Viagra online.
Getting on the first page of the Google search engine requires a lot of hard work and effort. Instead of that, many hackers hijack your SEO efforts and inject their keywords. Also called SEO spamming for getting their products or website on ranking.
7. Your Hosting Provider Takes Down Your Website
You receive an email from your hosting provider informing you your account has been deactivated or suspended as your website is hacked or detected a malware that should be cleaned or replaced with clean files for account reactivation.
8. Google Displays Warning Message Like Deceptive Site Ahead
Google does its best to provide security to their search engine users, and for that, they regularly monitor and scans websites for malware or any other harmful content. If your website comes under their radar and it detects something malicious that can prove harmful to your site visitors, then your website will be blacklisted immediately. And, users start getting warning messages such as “Deceptive site ahead.”
How to Verify Whether Your Website Is Hacked
If you doubt that your website is hacked, then we recommend going through two below tools that can help you identify it:
Website Scanning Tool
Many website scanning tools are available, like HackerGuardian PCI Compliance, provided by respected CA (Certificate Authority) Sectigo. It’s an affordable website scanning tool that’s perfect for all types of business websites. It helps to fix issues that can be huge hassles. It offers to automate and streamline the process that prevents those common issues reported by users. Additionally, it offers 30K+ tests that ensure your website is secured and protected from hackers.
Google Search Console
For those who run the simple blog and don’t accept any payment on their website, it’s okay to have an account on the Google Search console. Though eCommerce sites should also have a Google Search Console account, it requires other security practices too, which is not mandatory for any blogger who does it as a hobby. Google Search Console can prove a good alternative, as it offers options that show security issues like alerts you if it finds any security threat on your website.
Quick Steps on How to Fix Hacked Website
Don’t panic if your website is hacked. Go through the below steps, and we’ll walk you through what you suppose to do to fix a hacked website.
First, we recommend taking proper backup of your website. If you already set up a backup tool like CodeGuard Backup, then there’s no issue as it mostly fixes problems like Malware through one click.
But, if you’re someone who runs a simple website and hasn’t subscribed to CodeGuard Backup and looking for other alternatives, then first you’ve to take backup manually. Of course, this backup will be the hacked version of your website, and it’ll have infections, but you don’t know when the need arises for any specific file.
After taking site backup, recognize when your site was infected or hacked:
- If you already set up a malware scanner for your site and use it regularly, then go through scanning history, and you should get an idea when it became infected.
- Run a malware scanner to find which files are infected. Start reviewing source code and try to find if there’s any malicious code. Now, review your previous backups in reverse order till you find the clean version of your backup.
- Check the timestamps of infected files and see their last modified date. Though, if any of your site’s file is updated by you or auto-updated, the timestamp may not be able to show the date of infection.
- Look for those public pages that publicly shows infection or hack. For instance, they’ll have strange links added to the content. Now, review previous versions of your webpage through Wayback Machine or Google cache for estimating when your site was first hacked.
If you’re able to access the website, then another best way to prevent users from visiting your hacked website is to block their access. For instance, if you’re using WordPress CMS, then there’s numerous “Under Construction” and “Maintenance Mode” plugin that can become helpful till you fix a hacked website.
Nevertheless, it’s best to once run malware scanning on your computer or any other system through which you access to FTP or admin panel of your website. So, you can find out whether a hacker has gained access to your site through your computer or any other route.
Let’s get into some of the steps to remove those malicious codes from your site.
1. Find & Remove the Malware From Hacked Website Manually
Finding and removing malware from your website isn’t an easy option, but it can work well with easy tricks. However, it can backfire as there are higher chances of missing some backdoors and infected files if it’s not done carefully.
Follow the below steps to find and remove the malware:
- As mentioned above, first find out when your website got hacked.
- Once you find out, connect with your website using FTP.
- Sort all your website files based on modified timestamps and find files updated around the time your site was hacked.
- Verify all the folders of your site, and try to find malicious code inserted by hackers.
- Open each suspicious file one by one and examine their code. It’s best if you compare those files against the previously backed up good version of the file. For instance, if it’s a WordPress file, then download the fresh theme from WordPress.org and compare it against those files.
- After finding malware, manually remove it from the file or replace that malware-infected file with a known clean version.
2. Restoring Previous Good Backup
If you’ve got a good version of recently saved backup before your site got hacked, then it’s the best idea to restore your site using that backup. Because it helps to remove all infected code and any backdoor access point that hackers might have created. There are two different ways of doing it, and they’re:
- Delete your site manually and reinstall that clean and recent backup.
- Use the restore feature and compare files to update all those modified files and delete any added files.
If your website accepts user-submitted content or accepts any other orders, be careful with this feature as there are chances that you may lose any important data as backup may not have.
However, there are a few other options like:
- If malware is not found in your database, you can restore your files while skipping the database and keeping it unchanged.
- Restore database and once the restore process is completed, enter those additional rows and data that have been added by users.
- Instead of replacing the entire database, compare the malware-infected database with a clean version as you do with other files, and replace it.
3. Make Use of Malware Scanner for Finding & Removing the Malware
It’s another better way to resolve the malware infection issue quickly. Regardless of you’ve backup or not, using a malware scanner such as HackerGuardian PCI compliance or another free version provided by cPanel like Patchman or Virus Scanner, you can remove that nasty malware from infected files. And, once the process completes, you’ll receive a notification.
Less likely to happen, but if the malware scanner fails to find any malware and the issue persists even after scanning your site, then you can take another route to restore your site using the backup that overwrites/remove all malware.
4. Contact Your Hosting Provider
Many hosting providers are helpful in such situations. They’ve trained and experienced customer support department who handles such situations daily and if you’ve chosen to go with certain CMS specialized hosting providers such as secure WordPress hosting providers. They’re the best to take help from as they know their hosting provider well and good.
It often happens that a hack might have affected more than your website, especially if your website is on the shared web hosting plan. Further, your hosting provider will also be able to tell how your website was hacked, if there’s any backdoor on your website, etc.
5. Rebuilding Your Website
It’s the hardest, time-consuming option that should get into your list only if all other option as mentioned earlier fails to work. For instance, if you don’t have a proper backup and your website is destroyed or aren’t able to find or remove malware, you can think of this option. Put simply, you’ll be rebuilding your site from scratch.
Here’s the Step to Rebuild Your Site:
- Be cautious about going to a new hosting provider. For instance, if you’re using WordPress, it’s suggested to go with a secure WordPress hosting provider instead of the standard one. So, it ensures you don’t carry out any malware even by mistake, and you get all the security benefits based on your selected CMS.
- Install your chosen CMS (if you’ve selected a standard hosting plan).
- Install all the plugins and theme you were using for your site.
- Now, manually add the content, logo, and all other customization to make your site ready.
6. Check if Your Website Is Blacklisted & Fix It
Usually, once the website gets hacked or gets infected by any malware, those sites get blacklisted by popular search engines such as Google Chrome. To verify whether your website got blacklisted after getting hacked is first to fix your hacked website, remove all the malware and then check it through online tools such as
- Safe Browsing site status that shows whether your site is safe to browser or not: https://transparencyreport.google.com/safe-browsing/search
- Another tool MXToolbox Spam Blacklist: https://mxtoolbox.com/blacklists.aspx
- You can request the removal of your site from the blacklist through Google Search Console.
- If your email is listed on email spam blacklists, then you’ll require to submit a request for every blacklist where your site is listed on. Though, MX Toolbox provides a link to the removal request page for every blacklist.
- Once you submit your removal request, it may take around some days to weeks and sometimes, even more, to get your site removed from blacklists.
- Be as transparent as possible during your request for blacklist removal. For instance, explain in detail about your website is hacked, what steps you took after that, how you fixed your hacked website and what security measures you’re taking to avoid future risks.
How to Avoid Your Website Being Hacked
Some of the steps to avoid hacks on your website are:
1. Fix the Vulnerability & Lock Your Site
Once you recover your website, your next move should prevent your site from getting hacked again. For that, some of the steps you can take are like:
- If you haven’t, then fix the hacker’s vulnerability to gain access to your system.
- Block all the vulnerabilities or backdoor hacker made while being into your website.
If you’re restoring your site using backup, then one benefit you get is that it removes and closes any backdoors installed by the hacker.
Some of the steps you should imply are like:
- Update all the installed software so you can be sure that all the latest security patches to fix any existing vulnerabilities are not left out.
- Review your site files so you can know whether any unknown files are the reason for backdoors.
- Review and update file permissions to the minimum rights for your site to function without any issue.
- Double-check by running a malware scan and a vulnerability scanning.
2. Update Login Credentials
Once you recover your hacked website and fix the issues such as removing malware and blocking backdoors, your next step should be to update your website’s login credentials. Reasons for updating your current passwords with the new one are:
- You aren’t aware of how hackers break into your website. There are various ways they could’ve got into your website, and if they’ve your passwords, then it shouldn’t surprise you.
- Once hackers hack your website, they’ve numerous ways through which they can get their hands on all important login credentials of your website.
- Web Hosting Account: Update your web hosting account passwords, including your web host billing portal, cPanel account (hosting control panel), SSH, and FTP accounts.
- Review Accounts In CMS: Review all your existing user accounts in your CMS. For instance, there’s the possibility that once your website gets hacked, they may create a new account or even delete it. Verify whether the account email address is the same or changed, as hackers sometimes change an admin email address, so they can use it for the forget password feature to get into your website even if you’ve updated the password.
- Change Admin Password: Change passwords of admin, editor, manager, and all other user accounts in your CMS.
- Change Passwords Of Database: Change passwords for all the users who access the database on your server.
- Change Password Of Your Email Address: If you’re using any email address that’s managed via web host, change the email address password.
3. Avoid Null Plugins & Themes and Update Installed Plugins & Themes Regularly
Often nulled or pirated versions of plugins and themes or the ones that aren’t updated regularly are the reasons why your website gets hacked. Though these nulled plugins and themes are free, many times, they also have pre-installed malware that helps hackers to distribute their malware and infect websites.
It’s recommended that you, as a website owner, avoid using such plugins and themes and instead go with the trusted plugins and themes that are available at the main repositories of CMS. It’s also suggested to keep it regularly updated because updated versions offer patches to possible vulnerabilities found in the earlier versions.
4. Robust Network Security
Employees often have easy access to your website. It’s recommended that you make certain security tweaks such as:
- Login expires if for a certain period it remains inactive.
- Use strong passwords that include special characters, digits, upper and lower case letters.
- Scan all plugged-in devices within the network for malware regularly.
5. Prevent Unlimited File Uploads
Attacks through file uploads are one of the major concerns. It doesn’t matter how thoroughly uploaded files are verified; bugs can get through it, and hackers can access your website. It’s best to avoid unlimited uploads and direct access to uploaded files and store it outside the root directory.
6. Avoid Auto-Fill Form
Auto-fill forms should be disabled on your website. This feature is often vulnerable to attack from user’s stolen computers or mobile phones.
7. Harden Your Site Security
To harden your website security, you should take advantage of available security features such as limiting login attempts, 2-factor authentication, disabling plugin installation, disabling file editor. Disabling PHP execution for some directories, resetting passwords and security keys, etc.
In this digital age, cybercrime is getting worse day by day, and the website being hacked is not something unheard of. First, you’ve to be careful, and you should have proper security measures in place.
However, if you’ve been the victim of cybercrime and your website is hacked, then go through the mentioned steps that will help you regain your hacked websites and prevent future attacks that can lead to hacking of your site.