You have an awesome website and everything seems to be going really well; you receive lots of visitors, your bounce rate is relatively low and most importantly, you get calls and form submissions. Great job!
Then, one day, you get a call from someone saying your website is hacked; or perhaps you notice that when your website comes up in Google results, you see the dreaded “This site may be hacked” message. You understandably panic and log in to Google Search Console and read a message from Google stating:
“A hacker may have modified your site to contain spammy content. To protect visitors to your site, Google’s search results may label your site’s pages as hacked. We may also show an older, clean version of your site.”
Yikes! The question is, what should you do?
Contact Your Webmaster
Chances are, most website owners don’t personally maintain their websites. Rather, they have a webmaster or some other technical person delegated with the task of maintaining their website. You should immediately contact that person should you suspect your website has been hacked.
What if I don’t have a Webmaster?
If you don’t have a webmaster or technical person responsible for maintaining your website, you can contact the web design company who built it. If for some reason you cannot reach them, it may be time to plan B.
Contact Your Web Hosting Company
Many web hosting companies offer a service to remove malware and restore a clean, backed up version of your website. Of course, this service may not be free, but it could be well worth it if you don’t have the technical skills to do this yourself.
Change Your Passwords
When you get hacked, you may want to change your hosting account password, FTP password and Content Management Password (i.e. WordPress Admin log in password). Make sure that your password has at least 12 or more characters using a combination of uppercase, lowercase letters and special characters such as @; ! or ; and avoid using common words that are easy to guess. For example, “XaiuRE394@-B!;5” would be a strong password, whereas “Fluffy” would not.
Remove the Malware/Infection from your Website
Generally speaking, it is very difficult to remove malware with 100% certainty from a website, particularly when a database is involved. In such cases, you may want to consider using a software application (service) from your hosting provider, if they offer such a product or service. Or you can always try to reach out to the web developer (if that is possible) who built your website and see if they have the capability or willingness to assist you. Otherwise, you may need to hire a professional website security company to assist you.
Identify How Your Website Was Hacked and Fix the Vulnerabilities
A website is typically hacked in one of three ways:
To correct these weaknesses, you can:
- Use strong passwords
- Update your plugins, themes and core software (i.e. update your version of WordPress to the latest) when available
- Change your database table prefix to avoid hackers exploiting your content and secure your .htaccess files.
EMAIL US