It’s important to stay alert and check your website for any signs of hacking. A hacked website can be a disaster, as hackers can hijack your website and steal customer data or use it to distribute malware. Your site might also get blacklisted by Google or other search engines if you don’t take the proper steps to rectify the situation.
If you suspect that your website may be hacked, here are some ways you can check to confirm the situation. Without knowing what went wrong, you won’t be able to address the issues.
1. Use the Google Safe Browsing Tool
Google Safe Browsing is a free service that protects users from malicious web pages, and it can offer protection against several types of attacks, including phishing and drive-by downloads. On the website owner end, it’s a quick way to see if Google thinks your website may be dangerous.
The Safe Browsing service is available through Chrome, Firefox, and Safari (on Mac) browsers. To use the tool, simply visit a website, and the browser sends some information about the site to Google.
2. Check for Strange Redirects
Redirects are not necessarily bad, and some websites use them to send visitors to other pages. There are legitimate reasons for redirects, such as when a website owner wants to direct users from an old web address to its new one.
However, redirects are also frequently used maliciously by hackers who want to fool website visitors into visiting a page that contains malware or ads they’re trying to spread.
To check if your site has any suspicious redirects:
Go through your redirected URLs and make sure they correspond with the destination content. You should also note if the pages you’re redirecting to are recognized and not unusual external pages.
Alternatively, you can use an online service to scan websites or web pages for redirects. The problem is that tools like this that offer comprehensive features can be expensive. More basic ones like Redirect Checker only analyze one page at a time.
3. Google Search Console Can Show Anomalies
Google Search Console (GSC) is a free tool that lets you see how Google sees your site, and it can be instrumental in determining whether or not your site has been hacked. It’s important to note that GSC doesn’t necessarily indicate that your website has been hacked. However, if you see certain things in the report, it’s worth looking further to see if something suspicious happens.
A big part of using GSC to check for anomalies is simply familiarizing yourself with how it’s been keeping tabs on your website. The service allows you to track more than just 404 errors: You can also track crawl errors (when Googlebot can't reach a page on your site).
GSC can also alert you when it detects unusual behavior website behavior like sharp drops in visitor count, warnings of security or manual actions, etc.
4. Check for Code Changes in Files
One of the most tedious ways of checking for potential hacks is by scouring your website code. Of course, this only helps if you’re familiar with the code and will not likely help newbies. The exception is using tools to compare code versions and highlight the differences.
You want to ensure that no one has inserted malicious code into your HTML or PHP files, which may not be obvious but could cause severe damage if left alone. One example of a code (or web page) comparison tool is w3docs Code Diff, available for free. All you need to do is cut and page your current code and code from a backup copy.
Note: Remember to check your database if you’re using a web application like WordPress. Sometimes, hackers break into databases and do things like adding extra fields or modifying existing ones. These are harder to detect since changes often won’t appear on your website.
5. Scan Your Log Files
Checking log files can be a great way to determine if your website has been hacked. Log files are a record of all the activities on your website. They contain information about visitors and things they did while on the site, like when they visited or what pages they viewed. Log files can also include information about hackers who have tried to access your site.
Hackers usually leave behind traces of themselves when trying to access a website. Checking for this kind of activity will help you determine if someone has broken into your account to spy on users' activity or steal valuable data from public forums or databases.
Some log files you may want to inspect are:
- Access logs
- Error logs
- Application service logs
How to Find Your Log Files
Log files can be found in multiple places on your web hosting plan since multiple services create them. For example, you should be able to find system log files in your web hosting control panel. Website log files often reside in specific subdirectories where your web application resides.
6. Notifications From Your Web Host
Web hosting companies almost always have in-house security measures that scan websites on their servers. If your website gets hacked, it won’t be long before you receive notifications from your web host.
The most common type of notification will be a warning saying that there has been an attempt to access certain parts of the site or that someone tried to upload something malicious.
These notifications can help you determine whether or not a hacker has gained access to your site, what kind of activity they've attempted, and what rectification measures you should take. However, remember that not all suspicious activity is necessarily due to hacking; some may simply be due to incorrect code or other issues unrelated to hackers.
Not all web hosts offer the same level of service for hacked websites. Some go above and beyond. For example, Bluehost offers new accounts SiteLock, a service that helps scan websites for infections.
7. Defaced Web Pages
The most obvious sign of a hacked website is when it falls under a hacker bent on embarrassing you. These hackers typically deface web pages and make them display specific messages that further some strange agenda.
For example, hackers defaced a US government website and posted an image of then-US president Donald Trump getting face-punched. The hackers also claimed responsibility (or attempted to deflect it) by stating their cyber identities.
The problem with defaced websites is that hackers won’t always choose the front page. Some hackers will select a more hidden page to deface that you won’t necessarily see at first glance.
Because of that, you should visually inspect your website from time to time, especially web pages with high traffic volume.
How to Fix a Hacked Website
There are many ways to prevent a website from being hacked. However, if you already have a hacked website, there are some steps you can take to fix it.
1. Contact Hosting Support
Hosting companies are sometimes willing to help customers fix hacked websites. This is especially true for customers on shared hosting since hacked websites may affect more than just you. Some web hosts may charge a small fee for the service.
2. Update Your Passwords
Change passwords for all accounts associated with your website (including FTP logins). Most hackers target WordPress sites because they're so popular and easy to access. Still, since you may be using recycled passwords on other websites, they may have gotten your credentials from elsewhere.
It's best to change everything just in case – and remember to use strong, unique passwords! If you fear forgetting those passwords, then use a password manager.
3. Restore Files From a Backup
Restore your website with a backup from a date when everything was working fine. Ignore backups created after the hack because they may contain malicious code. Remember that you need to change the website-specific passwords once you restore from the backups, such as your WordPress login credentials.
4. Check All Files for Malware
After restoring your site from backup, check all files for malware by scanning them with an anti-virus program. What applications are available to you may vary depending on your web host. Some may be able to benefit from WordPress antivirus plugins like NinjaScanner.
Conclusion: Prevention is Better than Cure
Restoring and reinforcing a hacked website can be a massive pain. It can be incredibly complicated and time-consuming. There’s also the risk that a leftover loophole might allow the hack to happen again.
Even worse is that your website will often suffer from erratic performance, service outages, or worse. It may severely impact your brand reputation with customers. Because of that, the best thing you can do is to be proactive in your website security.
Keep backups current and ensure you have proper defenses such as strong passwords, web application firewalls, malware scanners, etc. Most importantly, keep all your applications (and plugins) updated.