I just want to share one of the emails I had received over the weekend. It is an email from one of my clients who happened to have a not so good weekend. He is asking for help on how to fix his website ASAP, wherein he has experience the following:
• His site was listed by Google as suspicious
• Someone verified into his webmaster tool using a Gmail account
• After the verification with webmaster tools, malware was injected into his site
• He can’t unverified the hackers email while it is currently logged on into the Google Analytics account and Google cannot let him change the ownership as long as there is someone logged in into his account.
When Google listed a website being suspicious, it will lead to vulnerability and soon being compromised. Given the above condition, here are some actions I have taken to direct the issue faced by the site before things get worse.
Webmaster Tools and WordPress Hack Action Plan
It is important to verify first how the website appeared to Google. Before doing further actions, consider its condition to truly understand and realize level of “healing process for the website”. So, with this kind of situation, I tried to check if his website was truly compromised and I tried using the fetch as Google feature from the Webmaster Tool:
“When I tried fetching the site, no response was returned, which means that there is truly a problem on the website.”
When the problem is acknowledged, assess the level of damage through Tips from Webmaster Tools.
Know how hacking become possible
How the site was hacked?
• Its WordPress was outdated. Yes, this one is actually the most common reason how a website can be hacked. Since his site was using an outdated version of WordPress, his website was easily hacked. That’s why upgrading or updating a website is essential. Since if you failed to update your website it can lead to injecting spammy links on your site, it can also lead to Cross site scripting and Cross-site Forgery (CSRF) wherein they can add new admin wherein they can add some files and even can make changes.
• Low level of security. Hackers will always find a way to get through a website. As you can’t tell when and who they are, you must be prepared all the time. It is a preemptive strategy to change passwords occasionally. Some suggestions to enhance security status are listed below.
Application and Cleaning Up Process
If your site has been hacked you need to consider some of the good suggestions by Google.
In the case of the client’s site:
• Making the website down immediately in order that it can prevent further infection.
• Assessing the damage through using Search diagnostic, you can find the following:
• You can see that the site was infected with malicious software which includes Trojans, and exploits. Therefore it was listed as suspicious.
• Using Fetch as Google to see if there are malwares that cannot be detected by the browser but can be seen by the bot.
• Site Cleaning up through updating of the WordPress site and changing stronger passwords.
• Scan again the site if it truly clean, if it is a yes, you can now make your website back online.
• Request for a Malware review through Google Webmaster Tool.
How to Prevent Hacking?
Being hacked is prone to every website in the World Wide Web. As hackers tend to do such illegal practice to feed their personal interests either to boost their own business or simply to harm you as their competitor, it is important to safeguard your website with preventive actions to avoid vulnerability and compromises.
Here’s my advice to tighten the security for your site, I have actually been doing this on my site, where in I am doing the following measures:
• Assign an IP address or restrict an IP address for your wp-admin account.
• Have limitations in terms of accessing your WordPress account.
• Have your site back-up and always recheck the status of your updates or plug-ins that you have installed if they are still in an updated stage just like the theme that you are using. Always get the latest version.
• Make sure that your computer is free from malwares, viruses, spywares or all bad wares. You must regularly scan your computer since it can lead to infection if it not treated immediately.
• Always check also if the hosting site is vulnerable to hacking.
• Strong Password Practice. Using stronger passwords is truly helpful in order to avoid hacking plus you can also plan to change your passwords depending to the date you have set.
• Use Simple FTP encryption OR SFTP, since this one is asking for authentication, therefore cannot be immediately accessed.
• Securing File Transfer or editing permission.WordPress has one feature that can allow web server to write on the file of the website which is therefore can truly be very dangerous. It is best if you are going to locked down the access and loosen only the restrictions if there is only a time set in writing for changes or like uploading files.
• You can add server-side password protection, where in they cannot immediately access you admin account area since it adds second layer which can make a hacker attacks only the second layers instead of your admin account area.
• It is also essential to secure your scripts or wp-admin/includes/ wherein not all users can have the access or cannot see your scripts.
• Always have a regular monitoring with your site this is the best action if hacking has been done to your site. It can make you think on what actions must be done immediately. And also it is the best way to get informed. All you need to monitor:
o The logs or attempts in logging your sites
o Edited version or file changes done
o Web server
There are many other ways of enhancing your website security, WordPress gave out some tips.
I know how hacking can be dangerous to a website. As always “prevention is better than cure”. So to eliminate possibility of being hacked, one must always keep an eye to his or her website while maintaining safety and security prevention techniques.
Maintaining a website and a Webmaster tool account is truly essential to monitor your success with local SEO marketing . It is essential that we need to have some preventive measure against hacking and if you have experienced this kind of situation, please not this one since it is one of the great learning experience in website optimization.
Thoughts? Share it below.