What are the 13 signs your website has been Hacked? Here’s how to tell if your website is hacked and what to do about it.
You may think that a hacked website is only affecting your website. But in fact, it is affecting all of your digital marketing assets. That is your website, your email, your social media, your paid ads, and landing pages. How do we know what the signs are? Because in 2018, six short months after launching our website redesign, of 12 months worth of painstaking strategy, keyword research, writing more and new content, a hacker broke in. Here’s our experience. We want to make sure this doesn’t happen to you.
Don’t think Your Organization Needs a Website Security Plan?
Neither did we in March of 2018.
NOW….. I’m a woman on a mission! My site was hacked not long after Godaddy in August of 2018. What? At first, I was having the pity party of a lifetime. “WTH…Why me?” My team and I just spent 12 months and countless hours redesigning and creating content, then launched the new website in April 2018. In August, some hacker decides to make my website his testing ground to wreak havoc on my business. Livid doesn’t begin to express the emotions.
Then, I thought, this is an opportunity to learn all about what just happened here and what needs to be done to recover? How to fight back! Why? So I can do this for all my clients and have the strategic weapons to prevent hackers from violating any of our websites ever again. “Never” is a pretty tall order. But at Hit-the-Web Marketing, that is one of our latest and ongoing missions.
I find a little consolation from WordPress saying “don’t feel bad this is happening to even the best of cybersecurity companies”. It’s happening to large companies who are investing megabucks to secure their information as well as their client and patient information. So, hacker, you have nothing better to do than to bring down good business? We are not going to take this. I never stand down from a bully. Cyberbullying is an even bigger coward. No face to him or her. How convenient for you.
Here’s what I have found. The following signs start showing up in places you may not consider.
- Website issues
- Email Marketing Issues
- Social Media Issues
- Erroneous files on the server
- Our Website is on the Blacklist!
- Our Google ranking is demoted
- Erroneous Backlinks
- Phantom URLs
- Redirects to phantom pages
- URL Redirects …
So what are 13 Signs Your Site Has Been Hacked
1. Warning: Website Ahead Contains Malware
An unsuspecting returning business owner called Hit-The-Web Marketing to help with online marketing. In my attempt to look at the website …here’s what we found. Is this a hacked site?
The message says “404 There isn’t a GITHUB PAGES SITE HERE If you’re trying to publish one ….”
You may see a message with the red screen of horror.
“The Website Ahead Contains Malware! Google Chrome has blocked access to malware.testing.google.testing for now. You may have visited this site in the past. Doing so now is very likely to infect your Mac with malware. Malware is malicious software that causes things like identity theft, financial loss, and permanent file deletion.”
2. Your email campaigns show signs your site has been hacked
We were developing one of our monthly email reward programs, all the while malware was lurking. We sent our email to a couple of our testers. As one tester clicked a link to the website, he reported that he received notice of the website containing possible malware. “Ok,” I said, “I’ll look into it.”
I didn’t. He was right!
Don’t take this lightly. I did. I figured it was because I was sending a test email. Little did I know a virus was lurking and spreading all sorts of havoc.
Lesson Learned. emails with links to your website will give warnings to possible malware if they click forward on the link.
3. Your Social Media Has Signs of Malware
LinkedIn Profile Shows Signs
The Linkedin profile shows a “general malware page” in link to your Website. Because my Email includes my website domain name, it also shows signs of malware.
Twitter would not allow us to post tweets that include links to our website. I couldn’t understand why… until I found out why. The site was hacked.
Facebook didn’t show any signs that anything was wrong. No flagging of links to the website here.
4. Erroneous Files on Website Hosting Server show signs your website is hacked
I found files on the server where my website files reside with names similar to agldktje.php.
5. Erroneous Backlinks are Signs your website is hacked
I used Neil Patel’s backlink report to find backlinks to URLs that we didn’t create.
For example, as the image above shows “Police Radio codes victoria australia hitthewebmarketing.com/agldktje/nlaceljk.php?tykesaw=police=radio-codes-victoria-australia” a totally random directory and PHP files that never before existed. And they no longer exist.
This is bad because search engines demote your website ranking if backlinks derive from less-than-trustworthy websites.
6. Google Rankings Drop Due to Malware
Your Google ranking will be demoted. Yes, all the hours spent searching for the best keywords, using them in the content are demoted in a swipe of the evil witches’ wand. You can see this in your Google Analytics or in Google Search Console.
Scan Website for Malware
A dashboard within a website malware scanner – Sucuri – shows a list of what is going on with malware as it infiltrated all our hard work! You can see McAfee and Spamhaus blacklisted the website, indicating that our domain was a Critical Security Risk. This means a Critical Security Risk to my customers, clients and to my visitors. Also states that the version of PHP needs to be updated. Note it is only [.1 ] version away from the most recent version.
7. Website is Blacklisted by Search Engines
The website is blacklisted by McAfee and Spamhouse. If this happens, you have to fix your website, recreate a sitemap, and resubmit your website pages to the search engines. To resubmit with Google, submit your new sitemap.xml via Google Search Console.
8. URL Redirects
This will send visitors to other sites where malicious viruses lurk waiting for unsuspecting visitors. These websites have programs that will infect our computers, destroy files, destroy priceless content, and customer information.
9. Your Hosting Company takes Your Site down
Many business owners buy hosting that is on servers shared by many other businesses. That’s why hosting prices are low. This makes all websites vulnerable to hackers. When one site is hacked, it’s highly likely many if not all of the websites residing on that server will be hacked as well.
10. Sudden Traffic Spikes
Sudden traffic spikes may be a sign your website has been hacked. Usually, an increase in traffic is because of some of your marketing efforts. This type of spike can be a hacker. But it can also be a bot.
11. A message from Google Search Console, one of 13 signs your website may be hacked
When Google Search Console notifies you your website has been hacked.
12. Your Website Becomes Slow
Hackers may be using your site as a way to send spam emails. This will slow down the entire server and the other sites hosted on it. Slow load time is often an indication of this type of hacking. The most targeted pages are the checkout, payment, login, and signup pages. If your page normally loads in 4 seconds and suddenly it takes 10+ seconds to load, that could be a sign that something is wrong.
13. Your Website Shows Error Messages
A website that shows error messages perhaps of Timing Out, is a sign your website is hacked.
In conclusion, your countless hours of content creation, search engine optimization, creatives of your most important online business asset – Your Website – can vaporize in an instant, if you are not paying attention and taking proactive steps. What is at stake is your reputation, your website, your social media, your email marketing, your search engine ranking. It can ruin your business, and most importantly if a visitor, client, customer, or prospect has been infected it can ruin their computer and possibly their business. It is bad enough if they receive the screen of red horror. What are the chances they will return to your website? Two chances; slim and none.
How Hit-the-Web Marketing Helps Our Clients Handle Their Website Security
Hit-the-Web Marketing knows first hand how to deal with this situation. We now know all the steps needed to recover from this tragedy. We have plans, policies, and procedures in place to ensure this doesn’t happen again. It’s part of cybersecurity and we are on it! We can help put procedures in place for your business website before this ever happens to you. We have been in the technology industry for over 33 years. We can help you.
Here’s What to Do About it. We built a Website Security & Maintenance Plan to help ensure this doesn’t happen to you.
Can you do this yourself? If you are technically inclined. What do you want to focus on? Building your business or spending hours ensuring your online presence is safe. Let us take the worry out of your business becoming the next victim. It’s not a matter of if, it’s a matter of when.
Updating Software Can Take Down Your Website
Some things can go wrong when the software is updated. We have seen this take down websites. They then have to be restored from backup. Don’t have a backup? Then it’ll cost you to have another website built. Try to remember all that you have into this one. It can be a nightmare. We have been able to rebuild websites in a day with our procedures. Here’s one way to backup your WordPress website.
Why Hit-the-Web Marketing? The Technical Knowledge
We have the technical know-how to correct things when good intentions go wrong. Keeping your website safe means keeping software updates, having scheduled backup procedures in place, backing up in more than one location, scanning for malware, and preventing login attempts and ensuring hackers accessing your website by guessing passwords doesn’t happen. We provide monthly reporting so you can see what has been done to keep your biggest online business asset – your website – safe.