How to Know If Your Website is Hacked
From Fortune 500 companies like Sony to small mom and pop shops, any and every one can wake up to find that their website is hacked. Given the latest Equifax breach (which was completely preventable), proactive cyber security measures are more important than ever. Ensuring the safety and security of your business website, includes actions like installing firewalls or keeping your systems up-to date, but most times, that isn’t enough.
Websites and web applications are faster, stronger and more efficient today than they were 25 years ago. The digital landscape is changing and now, website vulnerabilities are more present than ever. The number of website hackings increased by 32% in 2016 from the previous year and that number is only expected to rise.
So how do you know if your website has been hacked? Well, you first have to understand what it means to be hacked. Spoiler alert: it sucks. It’s frustrating, daunting and depending on the severity of the attack, can be costly to your business’ reputation and financial standing.
What is a website hack?
Website hacking comes in many forms, but it typically starts when someone gains access to your account by the way of an FTP (File Transfer Protocol). The protocol is a set of guidelines that networked computers use to communicate with one another. In other words, FTP is a language that computers use to transfer files back and forth.
Once a hacker gains access to your account, they are able to insert their own code into your physical machine or website. This can come in the form of obscene messages defaced across your homepage, or something more complex like installing viruses on your site’s visitors’ computers. Ouch.
So how do you know if your website has been hacked?
Knowing if your business website has been hacked or compromised, starts with knowing exactly what to look for. There are symptoms known as Indicators of Compromise (IoC), which can include:
- Unfamiliar content
- Unusual website performance
- Foreign Plugins
- Blacklisted website from Google and other search engines
- Unknown redirects
- Disabled website
- Strange user accounts
- Disgruntled customers
Here’s a more in-depth look at what to search for.
1. Your Website Has Unfamiliar Content
As they say, content is Queen. Whether it’s your mission statement, blog posts or even product descriptions, you work relentlessly to make sure there is brand voice consistency across all your pages. You strive to have a tone that is accurately reflected across your site and use images, designs and colors that can easily be associated with your brand at every turn.
If your website is hacked you may notice that some of your links are redirecting to sites that look suspicious and are unaligned with your brand’s voice. Google refers to this as a “gibberish hack,” where your pages are filled with just that: gibberish.
In other cases, you may notice:
- Your product images have been swapped out for different products (most likely, ones that aren’t yours)
- Your logo may have been altered or removed altogether
- Your About Us page may not be about your business at all.
These are the different types of unfamiliar content that may be a sign that your website has been hacked.
2. Your Website Has Unusual On-Site Performance
Whether you’re operating an informational, E-commerce or custom platform website, you should always keep an eye on the technical and logistical performance of your website. If you do, you should know what’s a normal volume of traffic in a given day, week or month. If you check your analytics often and notice an unexplained surge in traffic, that can be a telling sign that your business site is hacked.
Alternatively, if you notice that the load time of any of your pages has increased dramatically, or the pages are full of glitches, these may also be indicators that your website is hacked.
3. Your Website Has Foreign Plugins Installed
Plugins are typically add-ons found on Content Management Systems (CMS), and are useful for carrying out certain functions and features for your site, that may not already be built-in. WordPress, for example, has over 44,000 plugins. Some of the plugins you might utilize include a CAPTCHA plugin to weed out bot traffic or a contact form to collect visitor’s email.
Open source plugins are good for your business because they’re versatile, usually cheap and for the most part, reliable.
However, this also means they are open to have their code modified by anyone at any given moment and are made freely available. If you notice a foreign plugin, you can check it on the WordPress store for its reviews and comments—if it has 0, that’s a great (and by great, we mean great that you know it’s suspicious) indicator that it was maliciously installed and you may have been hacked.
4. Your Website is Blacklisted on GOOGLE and Other SERPs
It’s not uncommon for Google to blacklist a website because they detect it has malware, been involved in phishing campaigns or other unusual activity. Actually, Google blacklists about 10,000 sites a day.
If your site has been blacklisted by Google specifically, it is possible a visitor will notice it before you do because they’ll be alerted in the Search Engine Results Page. Usually Google will remove a blacklisted website from SERP, but in the case it doesn’t, it’ll display two different messages under your domain’s URL.
The first message might read, “This site may be hacked.” Google lets any potential visitors to your site know that there may be suspicious activity going on. The other message is “This site may harm your computer.” This means Google has detected some type of malware on your site. Users finding your site in the search results will see the previous message and if they continue to click through to your site, they may see a red screen with a message that reads, “The site ahead contains malware.”
5. Your Website Contains Unknown Redirects
Redirect links come in many forms, but they all serve the same purpose: take your visitor from your site to a different site filled with spam, fraud or viruses. If your business website has been hacked, your visitors may be redirected to different web pages and they may see messages asking them to claim their $100,000 prize, enter their credit card info to receive a special offer or some other suspicious activity.
Recently, hackers hijacked around 800 U.S. school websites and redirected them to pro-terrorism websites. Imagine explaining that to thousands of parents.
6. Host Takes Your Site Offline
A major indication of compromise is having your site taken offline. If your business website has been hacked, chances are your site is plagued with suspicious activity which can include foreign payment gateways on your checkout page or phishy redirect links within blog posts or other parts of your site.
After your site visitors complain about spam-like activity on your website, your hosting company is alerted about suspicious behavior from their internal or external automated systems and they may pull your site offline.
In these cases, they’ll often email you letting you know your website has been taken offline—which as you can imagine, depending on what type of business you operate, can be an extremely costly endeavor.
7. Strange User Accounts
If you’re the admin of your business website, then you should have a good overview of who has access to your Content Management System, dashboard or database. You’ll have oversight of what user accounts should and should not exist. If your site has been hacked, you may notice strange user accounts that haven’t been accounted for (i.e. the email addresses of users may belong to domains that are unrecognizable and unassociated with your business)
Alternatively, you may see a change in your own access. It may be restricted, limited or blocked altogether. You may see a switch in authority, where your role “admin” has been removed and replaced with an unfamiliar user. If this happens, your website might have been hacked.
8. Customers and Users React
Any smart business knows that listening to the wants and needs of their loyal customers is one of the many keys to success. This listening also extends to your visitor’s complaints about your site. If your customers are experiencing trouble accessing their user accounts or are receiving out of the ordinary emails from your company, for example, this may prompt them to report your site or contact support.
Chances are, depending on your field of business, your visitors may spend more time on your site than you do. That means, they are more likely to notice suspicious activity and notify you before you actually catch on. If your visitors complain about questionable activity, the worst thing you can do is nothing.
What should you do if your website has been hacked?
There are a variety of steps that can be taken if your site has been hacked, but the most important action is to stay calm, assess the situation and check with your support and hosting provider.
While we provided a list of symptoms you can use to ask yourself, “has my site been hacked?” experiencing a few of them doesn’t necessarily mean that’s the case. A slow load time on your checkout page can be a connectivity issue (if you’re on the same internet service provider as neighboring businesses, it’s a good idea to see if they are running into the same problem). Additionally, if a plugin you installed is suddenly not functioning properly, that also doesn’t mean your website is hacked. The plugin could be in need of an update because it’s out of date or broken. Again, it’s important to thoroughly assess and investigate the factors that are causing you to believe your website has been hacked.
Don’t freak out.
It’s easier said than done, but if you find yourself asking “is my site hacked?” and the answer seems to points to yes, your best option is to stay calm. The calmer you are, the easier you’ll be able to assess the situation and determine the best course of action. Freaking out may cloud your judgement and cause you to act without a clear-cut plan.
Yes, it’s true, having your site hacked can be a costly ordeal; you may damage your business’ online reputation; you may even lose a portion of your customer base. However, not all hope is lost. If you allow yourself to react calmly and act cautiously, you’ll find the best solution in no time.
Contact your hosting provider.
Once you’ve successfully mastered steps one and two, your next step should be to contact your hosting provider. They may contact you first if they need to take your site offline because they believe it has been hacked. If you contact them first, they may be able to provide you with insight, determining whether it’s an actual hack or a minor service interruption. Having a strong relationship and investing in a good hosting company, will save you time and money in the long run.
Contact support or your web admin.
In the event your website host and support don’t fall under the same roof, contacting support is a good way to fix any maintenance related issues. Support should be your go-to to making sure your software is up-to date, fixing any bugs that lead you to believe your site was hacked, scan your site for broken links and any other maintenance services.
Sidenote: It’s always a good idea to invest in hosting and support that falls under the same roof or company. This makes communication a breeze when both parties know exactly what’s going on with your website.
How can you reduce the risk of a future website hack?
Reducing the risk of a future website hack requires some proactive steps that include, monitoring, updating and scanning your website’s regular activities frequently. Here a few places to start:
Stay up to date with security trends for your field
It’s extremely important to stay up to date with the digital landscape of your field. Reading white papers and other informative sources from your field is a good way to stay informed on your industry’s security risks. All websites are subject to security compromises no matter the field. But some sectors, such as finance or accounting, may face different challenges than the fashion or electronics industry.
Did you know cloud cybersecurity is on the forefront of cyber security trends for 2018? Go figure.
Use Secure Passwords
Using secure passwords is a great way to protect your site from a website hack. Secure passwords should be used across your website and server, not one or the other. A strong and complex password is typically longer than 6 characters, uses:
- lower and upper case letters
- incorporates numbers and symbols
- doesn’t contain a real word
The more complex your passwords are, the harder it is for a hacker to decode them and manipulate your systems. A recent survey from by Keeper Security showed that out 1,000 respondents, over 80% of them use the same passwords across multiple channels and platforms.
Don’t be apart of that 80%.
Update your software regularly
Keeping your software up to date is an easy way to protect your website from hackers. Out of date software leaves your website vulnerable to an attack because security features are often weakened and less effective.
Scan Your Site Often
Knowing how your website is supposed to operate, is a great way to stay ahead of a website hack. For example, if you understand a normal load time, your usual weekly traffic and constantly monitor your links, you’ll be able to spot when something is out of order.