Your Website Got Hacked, Now What?

July 6, 2020

Hacked website with a red screen flying the Jolly Roger
Has your developer been making some “updates” to your site?

Noticing that your website got hacked is perhaps one of the most frustrating experiences you’ll encounter in online marketing. Website hacking is a real thing, and the reasons for it happening are multiple, ranging from black-hat SEO to ransom. Here’s what to do immediately after you discover your website got hacked.

Why Would Someone Hack Your Website?

This is probably the question that pops first in your mind after discovering your website was hacked. It’s even more puzzling when the website you own is not a very popular one. Any site can be the target of unwanted attention from hackers, but the results of the hacking are equally disastrous.

Some of the most common reasons websites get hacked include black-hat SEO, adding bandwidth to bot networks, spreading malware, for ransom, or just for the practice or fun. The important thing to keep in mind is that no website, no matter how small, is exempt from the possibility of being hacked.

How Do You Know If Your Website Was Hacked?

Sometimes you can tell immediately that your website was hacked because you can see it when you open your browser. It doesn’t look right, some strange text appears, or even a notice that it was hacked. Other times, the hacking is less obvious, and you need to do a bit of digging to determine what’s going on.

Google may alert you that your website has been hacked, but the easiest way to see for yourself is to check Google Search Console. This tool has a report on “Security Issues,” which you can check and see whether it mentions any cross-site malware warnings, phishing and deceptive sites, or code and URL injections. If there are any security issues listed on the report, your site has likely been hacked, which means you have to act fast.

A computer hacker with a skull face mask, reading computer code
Websites make attractive targets for hackers.

Besides Google Search Console, you can also receive notifications from your hosting provider, which may disable your website for security reasons, such as distributing malware, for example. Sometimes, you may receive notifications from visitors, complaining that their antivirus software is flagging your website as a threat.

Possible Consequences of Your Website Being Hacked

The consequences can be devastating for a business following a website hack, as you are likely to lose the ability to protect your personal and customer data. The compromised security of your website may result in identity theft, and your personal and financial information may be stolen. Hackers usually use that information for ransom or sell it later for their clients to use in identity theft.

Following a website hack, you are also likely to see your site’s speed slowing down, or become inaccessible entirely. This is often caused by cybercriminals looking to store thousands of files such as pirated movies and music or illegal information, and then use your server to run those files. Your website slowing down is not just annoying for visitors but may also cause your SEO rankings to take a hit. Google uses an algorithm to rank pages, and site speed is a factor it takes into account. Very slow websites are penalized and rank lower as a result.

Moreover, your website may crash completely following an attack… your reputation is likely to take a big hit.

If your website is hacked, your web host may suspend your account as soon as they realize it has been compromised. Moreover, your website may crash completely following an attack, which means that no traffic is going to come to it at all. This is not only inconvenient from a lost traffic point of view, but also because your reputation is likely to take a big hit.

Recovering From a Hack

Shadowy figure looking at the coding for a website.
Preventing a hack is your top priority, but if the worst happens, getting back up and running becomes the goal.

Once your site has been hacked, your first priority is going to be undoing the damage done. Hopefully you haven’t exposed any customer data to the hack, and just need to get things back to where you were.

There are methods of comparing your site files to known good copies, so you can tell if the file has been modified during the hack. If it has, you can return it to its original state. This method is can fail if you miss something that the hackers put in your site. Often times hackers will place nearly invisible code in place to make it more difficult for you to prevent their access.

One of the most sure-fire ways of recovering is to restore your site from a known good backup. It’s best practice to make frequent backups of your site to a secure location, for just this occasion. If you discover the hack quickly, you can go back to a recent backup and quickly restore your site. Your next step should be to look through your site to double-check the security. Try to figure out how they got in, and close that hole!

How to Prevent Hacking?

Even though any live website could potentially be the subject of a security attack, the good news is that there are multiple steps to take that may prevent hacking. First, make sure that you tighten your network security by enabling two-factor authentication to log in, setting strong passwords, and scanning all devices plugged into your network for malware.

Setting up an SSL certificate is an essential step because it improves the security of the data transmitted between the server and the user’s browser, making it more difficult for hackers to intercept. Another plus of having an SSL certificate is the fact that Google will rank you higher in searches.

Always keep your CMS up to date to improve the security of your website. If you’re using an out-dated CMS, you expose your website to security attacks. You should also make sure you maintain proper offsite backups and regularly monitor the site to spot any security issues.

Website security is one of the most important things to keep an eye on for businesses, both big and small. Take the time to evaluate how secure your website is and be prepared to act quickly in the event of a security breach to protect your sensitive data.

Want to know more?

Find out how GDQ can address your law firm's needs with a no-obligation consultation.

Book a consultation Back to Journal