Signs your website has been hacked

Don’t think it won’t happen to you …

I woke up this morning to an email message from Google telling me that my website had been hacked!

This is a website that I hadn’t really touched for a couple of years but I thought I’ll use it as an example to show you what can potentially happen to your website.

This website was built about twelve years ago and I was updating it up until about three years ago and haven’t really touched it since then.

First I wanted to show you the email that I received, so you can get an idea on what it looks like if it ever happens to you.

At first I thought it may just be a spam email but I quickly realized it wasn’t …

I wanted to mention one thing first – if you ever receive an email such as this from Google, don’t ever click on any of the links in the emails because it’s possible it’s a spam message and a phishing email.

In this instance however, you will see that it actually gives some examples of pages that may have been compromised … so I actually went to my website and saw that it had been hacked.

Google will generally let you know using an email that you have on your website so make sure that your  email(s) are up to date and working.

The other thing that I wanted to mention is, sometimes you won’t actually know that your website has been compromised and it’s not going to show up the way mine has.

Oftentimes hackers will install code into the code of your website so your website will continue to function as normal and it’s not until you receive a message from Google that you actually know something’s happened.

The website that got hacked is called Kids Universe –  it’s a website that I created to show places to go and things to do with kids.

Part of the website was still functioning but as you scroll down, you can see the hacked content.

Many people think, “I’ve got a small business and nobody’s really interested in what I do” or  “I don’t collect information or credit cards so therefore this doesn’t apply to me”.

This website did collect subscriber information – name and email address of people who wanted to know where to go and what to do with their children but that was pretty much it.

So  as you can see it can affect any website – in most cases the hackers do it just for the challenge –  just to see if they can get in and what damage they can cause.

Sometimes they do it to collect credit card or contact details of people they can then spam.

In this case, the person apparently didn’t like Aussies or New Zealanders and so decided to hack the website and he left me a little message and he’s pretty much wiped everything on the website.

If I go to any of the other pages you will see it displays parts of the navigation but everything else – the  content and the images of parks and playgrounds had been wiped out.

If this was your main website, where you earn your income from you’d probably be panicking.

But as I mentioned earlier I haven’t done anything with the website for a long time and I was going to redo it anyway so I’m not too concerned but I just wanted to show you what a hacked website looks like, because most people think it’s not going to have to them.

There are a few things that you can do to help protect your website and to keep it as safe as possible.

Nothing is fail-safe but the more steps you take, the less likely you are to get hacked.  Here are some things you can do to prevent it

  • Keep your passwords as complex as possible. I know sometimes people hesitate to use passwords they can’t remember but there are tools that help you remember your password such as LastPass which make it easier.  I’ll do another post on safe passwords.  Make sure that your password uses uppercase, lowercase, numbers and alternate characters
  • Make sure that you keep your passwords in a safe place – don’t just keep them in a Word document because your computer can get hacked and the hackers will have access to all your passwords including your website
  • If you’re running a WordPress website, for example, make sure that you keep upgrading every time WordPress brings out a new upgrade and also update all your plugins and your theme, because often times hackers can get through vulnerabilities in those.
  • Install a security plug-in there’s a couple of really good ones I recommend – one is called WordFence and the one I generally use for my clients is called iTheme Security. These will help to prevent people from getting into your website and causing damage like they have on mine
  • And finally … the most important thing – make sure you keep backing up your website.

I do have a few backups of this this particular site and I could reinstall it and keep going, change all my passwords and I would be fine, but Google hasn’t only sent me an email to say that my website has been hacked but they’ve also put a warning that the website may have been hacked for anybody that is trying to access the website through Google.

So my message to you today is to make sure that you keep your backups up to date.

If your website was created using something like Wix, Weebly or Squarespace contact them and find out what backups they are keeping of your website and what you can do in case your website does get hacked.

If your website was built by a website designer or a developer check with them whether they have backups of your website.  Don’t assume that they’re doing them automatically or that they did one when they finished the website.

The other thing that I wanted to mention about backups is – make sure that you keep a number of backups, even your older ones.  Don’t automatically overwrite them.

The reason I say that that sometimes you won’t know your website was hacked and if you reinstate a backup from last week, the malicious code would already be there, so you may need to reinstall an older backup, which may not be the most up-to-date version but at least it means that you’re not going to have to rebuild your website from scratch.

As you can imagine rebuilding a website would mean that you’re going to lose thousands of dollars in potential revenue and it’s probably going to cost you hundreds or even thousands of dollars to redesign.

You can sometimes get security experts that can clean up the website but often you won’t be able to.

And of course it might take you weeks or months to rebuild the website and you will have to spend  a lot of time and effort of finding all the information and images that you had on the website.  And if   you are collecting credit card details, that can have even worse repercussions.

So please  whatever you do backup your website, keep it up-to-date, and secure your passwords.

If you want to see whether your website has been hacked, go to:

http://isithacked.com/

If you need help cleaning up a hacked website or need a new website designed, please get in touch via email ask@web4business.com.au or book a FREE website strategy session at www.web4business.com.au