NOTE: If you are not currently stressing over trying to fix a hacked website, you can skip this post. It’s ok, we all shy away from the bad things that might happen and tend to focus on the good things. This post will not increase your business, it will not make you more money. So it’s ok to skip this. If and when your site has been hacked, let me know and I’ll send you the link to this post again.
HOWEVER: If your website is currently hacked I promise to show you how to fix it quickly with the least amount of stress, no matter what they did – I promise!
But first let me tell you a story and I’m going to be painfully honest with you.
I’ve been hacked. Technically speaking I’ve had a website hacked and have had to fix it.
Yup. A few years ago I lost everything I had on AreWeConnected.com, EVERYTHING!
The bad guys got in and corrupted every single file in my website. Not just the posts and pages but scripts and .php files and so much more (and there are thousands of files in a website).
I know what you are going to say…
“You should have had a better password“
“You should have had the site updated to the latest version“
While those might normally be correct, my site was up to date and as for my passwords here’s what it was at the time (of course it’s been changed since).
&mr88N3Mku_XF3TL
That’s pretty secure. Run it through a site like https://howsecureismypassword.net/ and it’ll tell you that it would take a while for a hacker to guess it.
No, I was hacked because I was on a shared server and one of the other sites on that server (not one of mine) was infected with malware and it quickly spread. So it was no fault of my own.
Nothing against a shared server – but not every site is worthy of it’s own VPS.
If you are smart, you’ll next be saying…
“You should have had the site backed up“
And you are correct! If I had a backup prior to the infection, I could have wiped the server clean and gone back to a backup that was stored prior to the malware. But I didn’t. Which is part of why I lost everything.
When it comes to malware you must get it all. It’s an insidious virus and if you leave just a teeny tiny little spec, it’ll start replicating again and reinfect you all over again. Hence the clean wipe.
I learned something from this. I now schedule backups of all of my content PLUS the themes, PLUS the code, PLUS the javascript, everything. It’s then all sent offsite to an Amazon S3 Server where it’s stored nice and safely just in case. This was such a good idea that I started offering the service to all my clients.
Hint: I’ll start doing this for you for $120 annually.
But that still doesn’t fix your website, right?
Back then, I also learned of a great service that would go into your server files and nuke all the bad stuff for you. They knew where to look, they know what to look for and they knew what to keep. It wasn’t free but compared to the alternative it was a deal so I signed up for it.
If your site is properly built, it will be indexed by Google. That’s a good thing for SEO but when your site becomes infected Google is really quick to “BlackList” your site with a huge RED warning page. (shouldn’t that be RedListed?)
Once this happens it’s very tough to get off the bad list. Additionally other ‘security’ sites will also label you as a risk. According to them “Google alone blacklists 10,000 websites every day. With over 100 blacklisting authorities, that means a lot of websites are being blocked for serving malicious content. When a website is blacklisted, it loses nearly 95% of organic traffic, causing serious risks to your business and it’s brand.”
I know. Because just recently I had yet another one of my sites hacked (really). I knew because the service regularly scans my site(s) and if they find an issue I am alerted right away!
When I got the message from them, I simply created a malware removal ticket and within hours I was back up and running again!
Who is this magical service you ask?
The service is called Sucuri and while it might seem like just one person’s gushing about a service I asked a few people that have come to me before because their site was down and they needed help – here’s what they said…
One morning I went to work on my podcast page and when I tried to sign in I got this huge obnoxious red warning many of us have seen before. You know the one – it warns you that the sight contains malware. I was sickened by this and I broke down in tears. This had been the year of my business site being hacked and now this. The first person I reached out to was the one friend I always can rely on, Mike Mueller. He said one word “Sucuri”. Yes, it cost me some money, but it also gave me peace of mind and I rely on them to protect me in the future too.
I had a good experience with Sucuri recently when I had some malware redirecting traffic from my website. I believe I had a weak password to my WordPress Admin area and that’s probably how I got the malware in the first place. Once I signed up, they were working on it within hours, we exchanged a handful of messages over a day or two and then they said it was all cleaned up. I had to sign up for a year so now I have ongoing monitoring which to me is a bonus because the clean up alone was worth what they charged me. My website is not really “mission critical” but even so, I needed someone to clean it up and remove the malware for me and the site is now stable and seems to be working normally. Thanks again for recommending them !
-Joe Montenigro
So…
IF YOUR SITE HAS BEEN HACKED, HERE’S HOW TO FIX IT
Go to Sucuri, and simply hire them to do it right the first time! It’s as simple as that.
* oh, and for the record this is NOT a sponsored post. It really is just me and how I feel about a fabulous service that unfortunately we need in this day and age.
(just in case you were wondering)
- The Ultimate Guide to Writing the Perfect Blog Post - March 14, 2023
- 8 Questions Your Web Developer Should Have Asked - April 27, 2021
- Slack, Chat or Discord? - April 6, 2021