Hopefully by now, you’re monitoring your website traffic with some sort of analytics program, like Google Analytics. If you’re checking it on a regular basis, you can see the ebbs and flows of your traffic. There come times when you may see something amiss. A dip in traffic can be caused by a lot of things. Today, I’ll just focus on what to do if the dip in traffic was caused by some sort of hack on your website. If Google sees the hack, it’ll put up the dreaded red screen of death before visitors get to it when using Google Chrome.
Why do people hack websites? Someone may want hidden links on your pages (links pointing to their websites), or they may want to put malware on unsuspecting visitor’s computers so they’ll have control of it. But who knows and who cares. Let’s focus on your website.
What should you do to find out for sure?
Make sure you register your website with Google’s webmaster tools. Webmaster tools, is where you can find out a lot of information about the health of your website. The benefit of registering with webmaster tools is that Google will let you know when something is amiss with your site like a hack, some blackhat (nefarious) seo, too many errors, if Google has trouble accessing your website, etc.
Google Webmaster Tools isn’t the end-all-be-all on hacking detection. To be safe, I’d run it through some of the online website scan tools like Sucuri, Unmask Parasites, Web Inspector, and Is It Hacked.
Hacking is tough because some hacks can be severe and it’s very hard to find out where they originated from. If you removed the infected files, it may be very hard to tell it the hack originated somewhere else in your website file system. Which means that it’ll happen again, and again. You have to take care of the problem, not just the symptoms. Keep smashing your head against the wall and you’ll get a headache, but I guarantee the headache will come back if you only take Excedrin while continually hit your head against the wall. Think of it like a virus on your computer. It’s tough to tell how deep it’s dug itself.
Personally, I usually just send it to Sucuri and have them clean up the mess. I’ve had great success using them and their communication is excellent.
If you have been hit with a hack and you’ve cleaned it, you now want Google to remove the warning telling your visitors that there may be a virus on your website. You can resubmit it through Webmaster Tools. If you get one thing out of this blog article, it’s to register your website with Google Webmaster Tools.
So how can you avoid getting hacked in the future?
Keep up to date!
Your website is made up of a lot of technologies. Keeping them up to date keeps the security holes plugged. The same thing applies if you have a content management system (CMS) like WordPress, Joomla, Drupal, and a slew of others. Whatever was used, keep it up to date. No one can say their technology is hackproof. CMS’s release updates and patches when there’s a security hole that’s found. So to find out if you have a CMS, what it is, as well as what other technology is being used, check out BuiltWith and put your domain name in to check it. Then check the CMS’s website to see if there are updates.
If you do have a CMS (or not), research some security measures and plugins. An example would be just searching WordPress security. There are a lot of plugins that will help you to change the default settings of your setup. Some plugins will lock people and bots out after a certain amount of missed login attempts, which hackers usually target.
Though keep in mind, updates and plugin installs can fail! Backups are important! Which brings us to…
Backup, backup, backup
Have a backup running on your website. I’ve seen websites that have been hacked beyond repair. Your host should be backing up on a continual basis, but don’t rely on that. Your host probably has a backup partner, if not, you can try something like Code Guard. Like I stated previously, backups are important before upgrades and updates to your website, as they can go very wrong.
If you think your website has been hacked or you’ve been to a hacked website, make sure you run a virus scan on all of your computers
that you went to the infected website with. They probably need it!