Are you a website owner and did you receive a message about a hacked site penalty? Or when you search your website in Google, does it have a message under the URL that states, “This site may harm your computer”? If so, you may have had your website hacked! Don’t fret, as there are many options to help recover from this dire situation. First, you will want to verify that your website has been hacked by logging into Google Search Console (formerly Google Webmaster Tools), and looking under Search Traffic > Manual Actions. If your website has been hacked, then you should have a hacked site manual action that looks something like this:

hacked-site-penalty

Lucky for you, Google has put up an extensive guide on how to recover from a hacked site manual action!

I: Watch the “Help for hacked sites” overview

  The next 7 steps (of 8) are the steps you need to take to “un-hack” your website. The reasoning behind most of these hacked site manual actions are due to the fact that someone has made on-page changes to your website by gaining access to your CMS, or through another vulnerability. You could have hidden content, malicious links, or some other heinous attribute added to your website that caused it to be untrustworthy.  

II: Contact Your Hoster

Next, you should contact your hosting company and build a support team. If you have lost administrative control of your website, all you need to do is contact your hosting company, inform them that your website has been hacked, and gain control of your website. Most of the time, you need some way to prove you are the actual owner of the website, and verification of this is quite easy if you have access to the email you used to register the domain-name. Mostly, this is to inform your hoster that the hacking has taken place, so if the problem was their own security measures, they can take action to fix those immediately. If you seek outside assistance, you should contact an expert in the field. (Such as one of our experts!) You can also crowd-source assistance through the Google Webmaster Central discussion forum, which has a special sub-forum for Malware and hacked sites.  

III: Quarantine

Hazmat-quarantine

Once you have administrative control of your website, you should quarantine it. And no, this doesn’t mean put on a hazmat suit and call the CDC. Take your website offline so that you cannot infect any potential visitors with the malware or whatever else has afflicted your site. This also helps you complete many of the administrative tasks with less intrusion from the hacker. Next, check your CMS for any illicit accounts that were created and delete them to prevent future interference from the hacker(s).  

IV: Check in with Search Console (formerly Google Webmaster Tools)

Log into Google Search Console, and verify your website (if you haven’t already done so). Next, you will want to click Manage Site, and then click Add or remove users. Be CERTAIN that all users and owners that are listed here are ones you recognize and have authorized to have access (whatever level it may be) to your Google Search Console account. Document any email addresses that you do not readily recognize to provide as evidence a few steps later. Check your manual actions to determine the nature of the attack. Google will list the ways in which your website was compromised, which are any of the following ways:

  • With spammy content that could reduce the quality and relevance of search results.
  • For phishing purposes.
  • To distribute malware.
 

Lastly, navigate to the Security Issues portion of Search Console, and if your site is affected with malware it will show a top-level heading of “Malware” and categories of which malware has been injected into your website.

Depending on which specific threat has caused the hacked site manual action, you will need to take action for one of the three categories of the hacked site manual action.

V: Assess the Damage

Follow one of these guides so you can assess what actually happened when your website was hacked:
  • Modified server configuration: Malware
  • Error template injection: Same as above (Malware)
  • Content injection: Spam
  • Phishing: Same as above (Spam)
Accurately assessing the damage will help you with the next step, which is to identify the vulnerability and plug it!
assess-the-damage
 

VI: Determine the root-cause vulnerability that allowed your website to be hacked

In recent history, many websites have been hacked because they have failed to update their WordPress plug-ins. There are a ton of security vulnerabilities that could be the root-cause to the hacked site manual action, but locking down the method by which the hacker accessed your website is the only way you are going to prevent your website from being hacked in the future. Google lists four categories where your website could have vulnerabilities that need to be identified and fixed (or updated). (1) The administrator’s computer could have a virus, (2) weak or reused passwords, (3) out-of-date software (update yo’ plug-ins!), or (4) permissive coding practices, such as open redirect and SQL injections. Once identified, move onto step 7!

VII: Clean and maintain your website

These next steps can get a little technical, so if you are having trouble, please contact our sales team at [email protected] to see how we can assist you along the way!

Here’s Google’s detailed walk-through: https://support.google.com/webmasters/answer/2600723

Don’t forget to re-activate your website once everything has been cleaned up!

VIII: Request a review

Unlike a reconsideration request for a unnatural links penalty, the hacked site manual action requires less ‘getting on your knees and begging forgiveness’ and more ‘hey, I fixed my website.’ First, you will want to verify ownership of your site in Search Console (kinda sound like a broken record, eh?), clean your site of the hacker’s vandalism, correct the vulnerability, and bring your clean site back online. Hopefully you have recorded or transcribed the work that you have done to fix this, as you will need to put that into text format as to submit the reconsideration request for your hacked site manual action. If your website was the victim of malware, it should only take a day or so for Google to process. If it was an actual hacking of your website, the processing time may require up to several weeks because the team at Google has to review each page to ensure that they aren’t providing malicious content in their search results.

Wait, I forgot a step … CONGRATULATIONS, now you have successfully recovered your website! TIME TO CELEBRATE AND POP THE CHAMPAGNE!

champagne-celebrate

If you have any questions or concerns, please pose those in the comments below, or reach out to me on Twitter, @Tripp_Hamilton.