Everyone from Google to WordPress to the U.S. Small Business Association is warning of an increase in site hacking, and many of our customers are doing what it takes to stay safe. Some don’t know whether their sitesThe entire set of pages that make up a website, including the homepage (root domain) and all other pages. have been hacked and, if they are, what to do about it.
While the problem is growing recently, the good news is that the vast majority of sites are not hacked. If and when they are, you can find out pretty easily.
What is the Problem?
Hacking has been around since the early days of the Internet, but new tools used by the hackers let them target hundreds of sites at a time.
Lately, big companies such as Ashley Madison have been in the news for being hacked, but it’s happened to sites of all sizes.
Hacks usually occur because of some kind of weakness on your site, whether it has to do with your login information, a flaw in your CMS (content management system), bad plugins, or other vulnerabilities.
We have seen a dramatic increase in hacked websites, and wrote just a few weeks ago about increase in brute force attacks, on WordPress site in particular. That kind of attack occurs when hackers use computer programs to guess passwords and usernames by trying every conceivable combination until they hit the jackpot.
The world’s biggest search engine agrees:
“Thus far in 2015 we have seen a 180% increase in the number of sites getting hacked and a 300% increase in hacked site reconsideration requests.” – Google’s official webmaster blog
Hackers can benefit by posting spammy links and hijacking content to make money for themselves, stealing financial information from your business, collecting information and passwords from your customers or installing other kinds of malware.
So what is site hacking?
“Hacked content is any content placed on your site without your permission as a result of vulnerabilities in your site’s security,” – Google Search Console Guidelines
At Online Image®, we have professionals that are trained in both site protection and hack clean up. If your site has been compromised we can help you get it back to a healthy and safe state and in good standing with Google, ready to rank again.
Have You Been Hacked?
Many sites have done a great job of resisting attacks, and others haven’t been targeted at all. But if you think your site has been compromised, it’s important to fix the problem or your business, not to mention your rankings, could be at risk.
If you are hacked, you’ll probably find out quickly through an email from your search engine analytics provider or CMS provider, an email from a user, notification on search engine results pages when your site comes up or errors when you attempt to navigate to your site from a search engine results page. If your site has been targeted by a brute force hacker but the hack didn’t work, you might have a login timeout error when you try to access your CMS. If the hack was successful, though, there are a few things you can do to investigate further:
Find hacked content on your site by checking for suspicious URLs or directories
Keep an eye out for any suspicious activity on your site by performing a “site:” search of your site in Google, such as [site:example.com]. Are there any suspicious URLs or directoriesFor Internet marketing purposes, directories are sites that aggregate the contact information and ratings of multiple businesses. These can be general, like an old phonebook, or specific, such as a site that shows all the practicing lawyers in a specific area. that you do not recognize? If so, this is likely the work of a hacker.
Check the search engine results pages
If you see either of these messages when searching for your site or clicking to your site, your site has more than likely been hacked:
Look for unnatural queries on the Search Queries page in Webmaster Tools
The Search Queries page shows Google Web Search queries that have returned URLs from your site. Look for unexpected queries as it can be an indication of hacked content on your site.
Tips to Prevent a Hack or Compromised Site:
Use a secure password
This means using something more sophisticated than adding a 3 to your mom’s maiden name. Learn more about keeping your hosting/ftp password secure from GoDaddy.
Have your site scanned regularly
A lot of companies offer tools that will go through your site looking for malicious/suspicious-looking code or activity, and Online Image® customers can keep an eye on their custom reports for signs of trouble.
Update your website’s software
If you use a CMS such as WordPress®, keeping your software up-to-date is the difference between a site that runs smoothly and one that’s infested with malware.
Be careful when transferring sensitive information
Sending information such as passwords, access points, FTPFile transfer protocol is a system for transferring files online, and FTP servers store online files. In some cases, making changes to websites requires access to FTP servers. Access, or server access to other parties can be risky. When possible, limit your site’s administrative access to one user and only give necessary permissions to other users.
Google released a video with a great basic overview of hacking, hacked sites, and what to do about it, but we know it can get complicated. If you suspect that your site may be hacked or have seen a dramatic decrease in your site’s traffic or rankings, contact our team as soon as possible and we can help you get back on track.