It will be quite terrible if you find that your website has been replaced or hacked entirely. More often, hackers will make it difficult for you to notice their hacking activities such as installing malware, spreading infection, collecting information and more. Most of them are designed and covered up to avoid detection. It’s probably no exaggeration to say that a hacked website can rapidly impact on thousands or even millions of users. No matter you run a personal blog or business website, your success and credibility would be destroyed if someone else finds the hack before you do.
Fortunately, there are some simple and feasible ways and useful tools available to help you identify whether your website is hacked or not.
Checking Website for Hacks
Before taking advantages of the checking tools, you can take a look at your files first if you can manage your website and are familiar with coding and site files. In general, majority of hackers attack websites at 3 critical factors: .php files, .htaccess files and media files.
Hackers will use these files by inserting hidden links to malicious websites and embedding code, especially if you have many unnecessary files cluttering up the file folders of your websites. One of the common tricks is to encrypt the code with base64 encoding, especially at the end of .php files.
Even if you are comfortable with checking your own files and code, using security checking tool is one of the smart and easy way to check your website for hacks. There are many checking tools available, and we introduce some reliable tools in the following.
- Google Webmaster Tool: this tool can help you check and determine the overall health of your website. You can setup Google Webmaster Tool on your website, and it will analyze and find any possible malware.
- Safe Browsing Checker from Google: it is totally free. It can scan website, crawl suspicious activities and return detailed information about your website.
- A Platform-Specific Scan: if your website is built on content management system like WordPress, Joomla or Drupal, this type of tools such as Better WP Security, Theme Authenticity Checker or Jamss.php is highly recommended.
- Securi SiteCheck: it is perfect for checking viruses, redirects, blacklisted site references, spam, XSS, backdoors, SQL injections, IP cloaking, drive-by-downloads and etc. The basic version of this scanner is free for use, and the provider offers additional services as well.
Clean Up Your Hacked Website
Once you find that your website is hacked, you need to clean up immediately. And you have to make a full backup of your website before deleting anything, and it will prevent some unexpected situation.
If you identify the suspicious links and code, one of the best ways to clean them up is to find and download the affected files by using FTP application. You can modify, delete and reupload them. When your work is finished, you can give your website another thorough scan to ensure you did not miss something.
In addition to removing all unnecessary files, you need to change your passwords as well, including the passwords of admin account, control panel, SSH account, FTP and more. It will effectively prevent hackers from exploiting old passwords to regain access to your website. On the other hand, some malware will install a scheduler on your website, and you can access your scheduler and remove any suspicious task if your website uses Cron Jobs.
Prevent Future Hacks and Potential Threats
No matter you run a new website or your website just comes back with a clean bill of health, you can take some measures to prevent future hacks and those potential threats.
First of all, you should be proactive with your website security. In order to keeping your website safe from hack attacks, you can change your passwords regularly by using strong password generator and removing all unnecessary content & files. Secondly, you can block some functions and protect sensitive files, databases and folders.
If you use content management system to build and manage your website, then you need to keep the core installation up to date and clean unused plugins and themes. The 2 steps can keep your website secured efficiently.
Do not forget to monitor your website regularly. Some hosting providers will offer professional monitor and backup service, and you may consider take benefits from them. Or you can make full use of tools like Google Analytics allowing you to monitor your website for unusual traffic patterns and other suspicious behaviors.
Hackers will cause major headaches for you and your visitors, but honestly, a hacked website infected with viruses, spam and malware is not the end of the world. You can completely protect your website, your brand, reputation and your visitors & customers by taking time and making efforts to scan, clean up and monitor your website on a regular basis.