During the past few years I’ve not had to deal with a hacked website at all, but over the past two months I’ve dealt with four! Today one of my own websites was hacked.
Despite increased website security that exists these days, every website runs the risk of being hacked. When it happens, I say when and not if because it’s increasingly likely that it will happen, then be prepared to feel that thump in the stomach. Your first thought is protecting all your content, your second thought is any mischief that the hacker has been up to and the third thought is, I want my mum! Maybe that was just me!
Why Do People Hack Websites?
The reasons for being hacked vary by attack. Some large websites are hacked for either sensitive information or purely for shits and giggles by spotty teens who haven’t yet discovered girls and beer. Thankfully however large scale hacking is reserved for Hollywood movies.
The main reason that your site will be hacked is to install malware. Malware is a script that is injected into your website in order to perform a function. Typically, malware will either create additional pages on your website with the intention of trying to trick people out of money, alternatively it will hijack your email and send spam out to thousands of email addresses. Sometimes, it will even redirect your webpage urls to other websites in order to try to benefit from any traffic that Google sends your way. This is what was happening to me.
How Do I Know If My Website Has Been Hacked?
Again, it depends. Quite often it isn’t apparent. Your website or blog may be functioning as normal despite the fact that behind the scenes it could be being used by a hacker for all manner of questionable endeavours. Here are a few ways that you can check the health of your website.
1) Google offers a free malware check tool. Simply copy and paste http://www.google.com/safebrowsing/diagnostic?site=yourwebsite.com (replacing yourwebsite.com with your own domain name)
2) If your website is registered with a Google Webmaster account then you’ll have access to some security tools that can perform a basic check
3) Sucuri offer a free manual scan, this is by far the best service. The first two failed to recognise that I had malware running and yet it was Sucuri that immediately identified the problem.
My Website Has Been Hacked, What Should I Do?
Well if i’m being honest theres a few things you can do, I’m assuming however that in reading this blog, you’re not a PHP programmer nor would you even know where to start in cleansing an infected website. If the truth be known, I have neither the time, knowledge or inclination to do that either and so that is why I turned to Sucuri.
I first used them last month when a clients website was infected. They offer a service for $89.99 (roughly £55) per year which not only cleans an infected site but then also monitors it for any future infections, the price also includes getting your website off a blacklist if you’re unlucky enough to have been placed on one. The service is quick, painless and perhaps the best £55 I’ve ever spent. I was expecting to pay ten times that figure if i’m honest.
How Can Prevent My Website From Being Hacked?
Protecting your website or blog from attack is about prevention. Ensure that your website is up to date, if you run WordPress or Joomla for instance then ensure that you install EVERY update. In addition you should make it a weekly task to check if your plugins are up to date too. WordPress makes it easy for you to do this with just a click of the mouse. Remember to take a back up first. Most malware scripts are executed but taking advantage of vulnerabilities in outdated software. By keeping your website up to date you greatly reduce the risk of an attack.
My recent attack was largely my own fault. The website in question isn’t one that I’ve updated in a few months and so it had quickly become out of date. In addition, it runs a lot of plugins most of which had updates available but not applied. I guess I was a sitting duck.
Your best course of action however is to invest in something like Sucuri, they monitor your website for anything suspicious and immediately take action if they find it. If you use your website for your business then you can’t really afford to have it go down or worse, have your website used to send spam emails etc. For the sake of around £1 per week it’s got to be worth looking at Sucuri for peace of mind. I’m with them now and I’m advising all my clients to do the same. It’s a small price to pay for peace of mind.
I’ve seen a huge surge in hacked websites this past month or two. It’s inconvenient, potentially damaging and costly, don’t risk it. Click here to get a free Sucuri Scan now