When your website is hacked

It’s any website owner’s worst nightmare; someone has got into your website and hacked it. Not only does it leave you feeling stressed and upset, but it also means you have a whole lot of work to do to restore your website.

Don’t take it to heart; most of the time you’ll have been hacked by an irritating bot rather than a malicious person, your website was just in the wrong place at the wrong time. Some of the ways that a hacker can get into your website include;

  • Guessing your password – change it often and make it hard to guess.
  • Using malware to capture your login credentials.
  • Finding a security vulnerability in software you’re using (more likely with an outdated CMS).
  • Hacking someone else’s site that’s on the same server as you.

The first thing to do is take your website offline while it is being fixed. If you don’t know how to do it yourself, ask your web host to help. On the subject of hosts; if you think you might have been hacked because of whom you share a host with, change providers and avoid cheap web hosts in future. They don’t always have up to date security practices and you might end up sharing a host with a troublemaker. Check for reviews when choosing a host and don’t just go with a good offer.

Scan your computers for viruses and malware to make sure they aren’t infected with anything nasty, and it goes without saying that you should also make sure you keep your anti-virus software up-to-date.

Get the experts in to rebuild your site, or if you can do it yourself, go ahead, and take a few tips on board to avoid the same thing happening again. Nothing is infallible but there are a few tips that you can use to make your site less hacker-friendly.

  • Firstly, make sure that you keep all your content management systems and plugins up to date, downloading the newest versions as soon as they are available.
  • Get used to checking the files on your server or cPanel – that way if one day there’s something unfamiliar there you’ll spot it straight away, hopefully before it has a chance to do too much damage.
  • Never ever give out your passwords. If someone gets hold of your login credentials, change them immediately.
  • Avoid using free CMS themes if you can – it’s so easy for a theme or plugin to be changed so that any website using it can be compromised and even used for illegal activities.
  • Google Webmaster Tools will alert you and possibly show a ‘This site may of been hacked warning’ in Google search results. You must deal with this in your Google account

Unfortunately, hackers aren’t going to go away, much as we’d all like them to, but if you can make life as hard for them as possible, they may well leave your site alone in the future.