How Do You Know If Your Website May Have Been Hacked? Google Knows!
Searching for a term ‘Lead Generation’ on Google today produced a number of results, and the one I was most interested in had a message “This Site May Be Hacked” link added to it.
Clicking this redirected to an information page advising “We recommend that you don’t visit the website until this message disappears from the search result”.
Ouch!! Page 1 ranking for out of 55,900,000 results snd Google is warning visitors not to visit the website!
“Lead Generation” is a very competitive term which other site a paying for ads on the search results page, and the site with the #2 ranking organically (meaning they don’t pay to be on the page) is losing visitors because of they have not protected their website or kept it secure.
When Clicking To Visit, It Was Not Apparent Seeing The Website Hacked
It doesn’t mean that it hasn’t been hacked, but just looking at the site didn’t reveal the security breach. So in all likelihood, the website owner may be totally unaware of the problem, has not seen the notice google has placed on their search result, but have probably noticed a drop in traffic and enquiries, without being aware of the cause.
Google Warns Visitors Of Hacked Website
If they fail to fix the hacking and clean up the website, Google may then place a big red warning page for people that click through to the website advising people to proceed no further because the website has been compromised, and that their personal details may be at risk.
Risks To Search Ranking Of A Website Hacked
The next step, Google will take is to demote the page away from page 1 ranking or to remove the site all together from the search results.
If this business is reliant on leads and sales resulting on people visiting their website from the organic search results, they would be in serious trouble because:
- Enquiries will plummet
- Sales will dry up
- If the leave the issue, their search ranking will be damaged and it may take months to restore, if they can ever recover
- Visitors details may be skimmed to a malicious site
- They may lose trust and credibility with their existing clients
- Potentially lose thousands of dollars in revenue which can never be recovered
- To get their ranking back, they may need to pay for restorative SEO or Google Adwords, and increase their cost per sales and leads.
- And, it will probably cost hundreds, possibly thousands to clean up the website depending on the extent of the hacking
Fixing A Hacked Website
The website is built on WordPress and the issue needs to be addressed immediately. Having dehacked numerous sites, we would:
- take a full backup
- create a clean install of WordPress, and the Plugins to an isolated server
- restore the theme folder and the database
- scan for infections and malicious code
- clean the instances or hacked code
- scan again and repeat the process until all traces of infection are removed
- Run through a set procedure to secure and harden the website against further intrusions
- Replace the live site with the now cleaned site
- Advise Google that the site is clean and request the site to be crawled so the Google Notices can be removed.
And finally, suggest strongly that owner subscribe to a regular backup and maintenance schedule to monitor and manage future attempts to hack the website.
How To Secure Your WordPress Website From Being Hacked
Out of the box WordPress installations are most at risk of being hacked because the common settings are know by hackers.
For example the default table name prefix is “wp_”, the most common WordPress Administrator username is “admin”, the WordPress Version number is visible in the header, and a whole lot more. For a hacker this is a good start to exploit potential vulnerabilities or brute force attack to gain access.
The first step to security is to change the default settings. We have a 30 Point Checklist For Hardening And Securing A WordPress Website. Once the website has been secured, then it is vital that all the core and plugins are updated as upgrades are released.
As a backstop, regular backups should be taken and stored in a secure location not on the same server hosting the website. Should the website be hacked then it can be rolled back to the most recent uninfected backup. You may lose a small amount of content but the site can be up and running in a matter of minuted rather than being down for a day or more waiting for it the be cleaned up.
Have Your Website Checked Today And Secured Against Malicious Activity.
How secure is your website? Has it been hacked and you are unaware hat it has? Don’t wait until Google tells you, have your website checked and secured today to ensue you retain your ranking, enquiries and sales. This will save you the cost of cleaning up a hacked website.