Recently I was asked to help a local business clean up their website as Google had flagged it as a HACKED website.  Perhaps when you have Googled a search term and the organic results came back and one of the results was a site you want to see, but you saw the warning, “This site may be hacked.” You obviously didn’t click it.

You wouldn’t know what the problem might be. You would not want to take a chance that some malware or spyware being downloaded to your computer.
Goolge SERP result with HACKING FlagObviously this type of warning is something serious for any business.  Let’s face it most businesses would not have any idea on how to clean this situation up and it does hurt ranking and clicks.

This was my third case like this and fortunately, the only harm done was the loading of thousands of pages with links and hundreds of Google Webmasters Tools keys onto their server.

How did this site get hacked?

That is a question they all asked,  In all three cases, the business was using WordPress as the website development tool. WordPress is now used on more than 30% of all websites in the world and hackers know this and they know how to get to the dashboard login screen.

Most people when the set up a WordPress website they leave the first user name that is created – “admin” – as their user name. A very bad idea as hackers know this too. They send out their little robots (most often) to hammer passwords until they break into your site through your own dashboard.

As I laid out in my post on WordPress Security you need to create a new Administrative user account for yourself and not use “admin” as the name.  Do something more cryptic and don’t use your regular name.  Put some numbers in the user name, as hyphen or asterisk help as well.

Keeping WordPress Up to Date

Woirdpress logoThen you need to keep WordPress up to date.  In all the cases I have worked on, the other backdoor is out of date plugins, themes or even WordPress itself. As a business owner, you need to either update these items on a regular basis or appoint someone on your team to do so.  Just go out to your website’s dashboard and look for the UPDATES on the dashboard home page.

Add Security to Your WordPress Website

There are a number of plugins available that will add some level of security for you.  I detailed several in my WordPress Security post. They are designed to:

  1. Stop the front door attacks.
  2. Hide your true user name from the world.  Just scroll over my name with your mouse and see what shows up in the lower left hand corner of your screen. Try that on your blog.  Hint: whatever you see is not my real user name, the plugin I use scrambles it.
  3. Get alerts for out of date WordPress elements; plugins, themes, and WordPress itself.

Before you go ahead and do any updating, be sure you have backed up your site. Sometimes updates can play bad tricks on your site, especially if you hired someone to do your site and they performed some custom coding to the base code.  Something I avoid for this very reason.

And do use a strong password of 11 or more characters.  Avoid Pa$$w0rd.  Even I could guess that one.  No names, anything that someone could guess by Googling you.

What do hackers put on your website

Fortunately for the three clients I have worked with, it was rather harmless and I was able to get the flag removed from their sites within 24-48 hours. I say “harmless” as all the hackers did was add thousands of pages with links to other websites; the most recently client had more than 100,000 pages and 100 Google Webmasters Tools keys on their server. This is an old SEO tactic that Google and other Search Engines have discounted.  No longer it is the number of links leading to your website, rather the quality and relationship of the link to your business.

Hackers could also load malware or spyware that can download on the computer of a visitor’s computer to your website, which would be very bad for them and yourself as well.  It can happen to anyone that is why I have a couple pieces of software that I have purchased to protect my system and even then, nothing is 100%.  I do have say, these little gems did block the website when I first went to it.

Been Hacked?  Your Next Steps

Contact someone you know that can help you clean up your website and server. If you don’t know of anyone, give me a call at 402-953-2340 or fill out the contact form and I will be in touch soon.

Hope this has been helpful.  Have a Question or just want to comment, leave one below.  Thanks.