How to Check If Your Website Has Been Hacked (and How to Clean It & Protect It from Happening Again)
Holy sheeeit that blog title was longer than my college graduation ceremony. Alternative titles for this post included “I Can’t Believe This Is Hackening” and “Why the Hack Is My Site Redirecting to Russian Porn.”
But no more jokes because if you’re reading this blog you are probably a business owner worried that your website security has been compromised—or you’re just a huge fan of my work. Probably the former though.
Signs that Your Site Has Been Hacked
When determining if your site has been hacked, check for the following signs:
Your Website Looks…Different.
A hacked website often means that your website gets defaced. You may have words like “Viagra,” “Cialis,” and “Propecia” painted all over your site. If you own a pharmacy, maybe that’s not so terrible. But if you’re an upscale remodeler, you probably don’t want “Viagra” all over your homepage!
In other website hacking scenarios, your homepage could turn into a homepage for a violent terrorist group or might have weird pop-ups. Believe it or not, this is all stuff our webmasters have seen (and cleaned!) at Blue Corona.
Your Website Is Redirecting Somewhere Else.
Is traffic to your website being redirected somewhere else? Some hacks are getting trickier, too, with conditional redirects such as mobile-only redirects and operating system contingent redirects.
Your Google Website Listing Says “This site may harm your computer.”
Whenever your site’s security is compromised, Google displays a warning to searchers on your listing that your site might be hacked. This makes sense if you think about it—Google wants to show its users good and relevant search results, not websites that have been hacked. Google recommends users don’t visit the website until the message disappears from search results. As you can imagine, this can hurt your organic search traffic quite a bit.
Even If Your Site Doesn’t APPEAR to be Hacked…
You can run it through a scanner like VirusTotal.com, Sitecheck.Sucuri.Net, or WordFence.
Google Webmaster Tools (which they recently renamed Google Search Console) is crucial for not only being alerted if your site’s been hacked but also for cleaning it up. If you’re not already using it, sign up here:
Side note: if you have an online marketing company and they don’t already have you set up with one of these accounts, they aren’t a very good online marketing company.
What to Do If Your Website Has Been Hacked
There are many different places your hack could be hiding, including your core files, plugins, themes, database, .htaccess, and even your server itself (read more about why quality hosting is important for website security).
Once you find the hack, you’re going to want to overwrite the infected files with clean ones—you should have a backup of your files and database for this reason. We recommend you store these back-ups offsite. In addition, once you’ve cleaned up the hack, you’ll want to harden your site to prevent future hacks. More on that in a second. First let’s try to find where the hack is.
Commonly Hacked Files
Commonly hacked core files include but aren’t limited to functions.php, index.php, and 404.php. Check for modifications to these files by viewing the date last modified. Typically it will be a different date than your other files. Overwrite the current files with clean copies if you can.
Similar to your core files, check your theme files for the last modification date. If the date seems off, that’s likely the hacked file.
A couple of things to keep in mind when it comes to website security and plugins:
- Never use pirated themes or plugins. They are almost always hacked.
- Always keep your plugins up to date to help prevent website hacks.
- Make sure all the plugins on your site are actually ones you’ve installed—sometimes hacks will take the form of fake plugins that look legitimate.
- When seeking out hacks, check the modification dates of your plugins (just like for your core files and your theme files).
Search your database for spam items. If you see spammy posts/pages on your site that you didn’t write, this means your database has been hacked.
When dealing with malicious redirects, the hack usually lives in your .htaccess file.
If your site is hacked at the server level, it’s often a good idea to change hosting providers. Pro tip: do NOT reuse any of your passwords if this happens.
This one is the hardest hack to identify and fix so if you’ve made it to this point, consult the webmasters at Blue Corona for hacked website cleanup and removal services. The truth of the matter is, if you find yourself cleaning a site over and over, there is likely a backdoor on the site that you need to find and remove—otherwise it will just continue to be repeatedly hacked.
Hardening Your Website after a Hack
Once hackers determine your site is vulnerable, they WILL be back. So here’s how to combat the hack:
Outdated software is the leading cause of infection.
Change All Passwords
It’s best to assume that passwords have been compromised and change them.
Review Who Has Access
Your site should have as few admin level users as possible.
Decrease Your Attack Surface
Delete any themes and plugins that aren’t currently in use and migrate old versions of your site off your server.
And like we mentioned earlier, store them offsite.
Website Hack Clean Up and Security Services by Blue Corona
If you’re worried about the health of your WordPress site or you’ve been hacked, we can help! Call Blue Corona today. Our webmaster team can identify your site’s security vulnerabilities, assist with removing any malicious code, secure your site, and help protect you against future attacks.
Special thanks to Kristin “Cutthroat K” Schallhorn for the information provided in this post.
About The Author: Blue Corona's Editorial Staff is determined to help you increase your leads and sales, optimize your marketing costs, and differentiate your brand by passing on our tribal knowledge. The team vigilantly stays on top of the latest in digital marketing, bringing you the top insights with expert commentary. Want to see something on our blog you haven't seen yet? Shoot us an email and our marketing team will get to work.
View more blogs by Blue Corona
The information on this website is for informational purposes only; it is deemed accurate but not guaranteed. It does not constitute professional advice. All information is subject to change at any time without notice. Contact us for complete details.