What do I do if my website is hacked?

First of all, how do you even know that your website has been hacked?

There are several indicators that you can look out for:

  1. Google alerts that your website has been hacked (if you have Google search console configured).
  2. Updates to your website that you didn’t make, including new users.
  3. Customers advising you that their anti virus software has flagged your website as malicious.
  4. Strange links appearing in Google when you search for your website. (This one can be difficult to determine, because some redirection malware recognises your IP address as an administrator, and won’t enable the redirections on familiar IPs or when logged in. So in those cases you might not notice as the website owner. You could visit your site from another location, or on your phone when away from your office, or ask someone else to click through it for you.)
  5. Being black listed by Google.
  6. Being black listed on various other security resource websites, like https://sitecheck.sucuri.net/.
  7. Your host disabling your website (in extreme cases). This is usually an automated step based on detection software of theirs.

What should you do, once you realise your website may have been hacked?

  1. Take notes of all the ‘indicators’ that show your website has been hacked, recording any timings that you are aware of.
  2. Contact your local web developer.
  3. Contact your web hosting service.
Most of the time, when websites are hacked, it’s more inconvenient than anything with time being lost in terms of having to recover back-up files, save new passwords and the time taken to seek professional help.
Sometimes, more serious hacks involve lost money, brand damage, database breach and loss of business. This is when insurance companies need to be contacted and provided with as many details as possible.

The Good News

As mentioned, most of the time, we can recover your website and get you back online quickly! As long as your website has been fully backed up on a regular basis, then we can reset it and start again with your last back-up. (We back up all of our websites at least daily, so there is likely to be a clean version of your website on file.)

How to avoid your website being hacked in the future?

Make sure you change your password regularly and only use strong usernames and passwords. Keep your plugins up to date. Run anti-malware and security tools. We have a Website Maintenance and Security service that attends to all of these and more. It is becoming increasingly important to take these pre-emptive steps. And for only $360 per year, it’s excellent insurance. In the very rare case of a website breach for a website we are actively maintaining the software for, then we clean it up and find the likely source of the breach at no charge, jumping into action immediately. So you can minimise downtime and brand damage.