I was looking for your website, but Google reports that it has been hacked.
Have you ever received such an email or phone call?
It’s frightening and perplexing—where do you even begin? How did you get your account hacked? What exactly does it mean to be “hacked”? Are you in jeopardy? I’m not sure how I’m going to get the notification taken down.
Today, I can at least assist you with your last question.
We’ve had a number of customers join the Evermore platform and launch a new site while their previous site was still being investigated as hacked, and we’ve successfully removed the “This Site May Be Hacked” message. Because we know their new Evermore-powered site is clean and secure, this is a considerably simpler process.
Over the years, I’ve also assisted several others in dealing with this issue on their self-hosted websites. While removing the hacked piece first may seem onerous, it is a process you can complete.
Even more aggravating, many of the top search results for this process contain errors, don’t cover all aspects of the procedure, or aren’t particular to a WordPress site. I hope to provide you with a realistic path through this terrifying experience here.
What happened to my website?
In terms of what’s causing the problem Google is referring to, it could be a variety of things that are either evident to you or utterly concealed. More malicious code is sometimes placed on your website; other times, it may be producing extra spam links to get into the search results (e.g. yourdomain.com/spam-site-link).
Unfortunately, pinpointing exactly what’s going on or what caused it can be quite difficult. The most important thing is to keep your attention on the subject at hand. Later, I’ll discuss how you can keep track of this and prevent it in the future.
Check the Current Status
It’s critical to get your bearings and learn more about the current problem at this time. Examine the results from these two resources for your domain and read them carefully.
Sucuri SiteCheck is a free website scanner that “checks the website for known malware, blacklisting status, website faults, and out-of-date software,” according to the company’s website. It provides a lot of useful information in a short amount of time. You’ll also be in the proper place if you merely want to hire someone to fix it for you—simply click “Clean Up My Site.”
Google Safe Browsing Site Status
Google’s own site status tool may be able to provide you with more information on how the search engine and Chrome browser evaluate your site.
With both results in hand, you have a solid foundation for delving further and resolving the problem (s). If you’ve already resolved the issue, skip down to the “Request a Review from Google” section.
Fix the Issue(s)
Your next stages will be determined by your technical knowledge of your website and the actions you’ve performed thus far. It’s critical to be honest with yourself about this—now is not the time to attempt anything new or learn something new. You’ll need a lot of patience and attention to detail if you’re trying to expand yourself at the same time.
Check Existing Services
Send an email or a support ticket to your hosting firm, as well as any agencies or contractors with whom you have a good working relationship. Include the data you gathered in the preceding steps and ask for assistance.
While this will almost always result in nothing of value for you (since hosting companies are often unhelpful in this circumstance and agencies want to be paid first), it’s worth investigating.
I surely hope your WordPress provider is prepared to handle this for you if you have a “managed” account.
Pay Someone Else
Consider using Sucuri to clean up your site if it’s crucial to your business and you’re not sure how to do it yourself. They’re professionals who will give you the best opportunity of getting things back to normal as soon as possible.
If you’re short on cash, you may post what you know on Codeable and hire a WordPress professional to assist you. This will take a little longer and may be riskier (if you don’t know how to patch your own malware, you probably don’t know how to assess a developer’s security ability), but it’s a viable choice.
Restore from a Backup
If you’ve been using a backup solution, consider restoring your site from a backup that you don’t believe is “infected.” This is a good option if you know what the problem is right now and can check for it after your site has been restored.
Clear any caching mechanisms you may have and run your site through the status checkers from the previous step after the restoration is complete.
Try Common Fixes
Sucuri gives a nice summary on how to use their free plugin to effectively combat the problems. If it isn’t your cup of tea, I’ll give you a few things to think about.
In many situations, an attack was exploited by using an older version of WordPress core files, a theme, or a plugin. You may then discover that the PHP files in these directories have been infected as well.
To correct this, we must upload fully new versions of everything from reliable sources.
Before you begin, make a complete backup of your website, including the database and the wp-content directory. Yes, you could be backing up the hijacked data or files. However, not everything has been compromised, and it’s critical that you don’t lose any data in the process.
You’ll want to upload fully new versions of everything once you’ve validated your backup.
Start with the WordPress core files: download the.zip file from WordPress.org and overwrite everything but the wp-config.php file and the wp-content directory through FTP.
The most recent versions of your theme and plugin files can be downloaded from the appropriate locations. Download the plugin from the WordPress plugin directory if it is available. If it’s a premium theme or plugin, get it from the developer’s website. Then, much like with the WordPress core files, upload them to your server.
Note: if you intentionally instal themes or plugins acquired from official sources to save a few dollars, or if you don’t update your WordPress site, you’re looking at the most likely perpetrator of this entire situation. Purchase premium themes and plugins directly from the developers, and keep everything up to date in a timely manner. Later, I’ll go into prevention in greater detail.
After you’ve finished updating everything, make sure your file permissions are set correctly. This is a crucial last step.
Again, if these processes are absolutely unfamiliar to you, do not attempt to complete them. There’s no need to feel bad if you don’t know what you’re doing right now; the most essential thing is to get your site clean and secure.
Finally, if you suspect you have the “pharma hack,” Sucuri also provides a tutorial for you.
Look at the Files
More than often, I’ve found myself in a scenario where the only option was to manually search through files and directories. You may not always be able to find a clean version of something to post.
Take the time to browse over each file and directory in that situation. If you’re even a little bit familiar with coding, you’ll be able to spot the oddities—they’re usually at the very top or bottom of a file, or they’ve added an extra file with strange code.
Request a Review from Google with Google Search Console
Using Google Search Console to check security vulnerabilities and seek a review is the best and fastest approach to ensure problems are solved.
Verify your site’s ownership by adding it to the list
Yoast’s SEO plugin includes a nice tutorial on how to add your WordPress site to Google Search Console. If you don’t want to (or can’t) utilise their plugin, use an alternate verification method for step 3.
Look for Security Issues and Verify Fixes
Following Google’s recommended actions for confirming your Google Search Console account hasn’t been compromised and analysing the security vulnerabilities after your site has been confirmed. Please feel free to click through their article’s next stages to acquire even more technical insight into what’s going on, including their advice for completely cleansing your site. It isn’t special to WordPress, but it can be useful!
If you have a sitemap, (re-)upload it to Google Search Console so that Google may re-index your site with clean pages.
Request the Review
If you see a button that says “Request a Review” under “Security Issues” in Google Search Console, click it to get started. If you don’t have one, you can request one here.
Resolution can take anywhere from a few days to several weeks, in my experience. But don’t lose heart—this is the quickest route to resolution, and you’re trying your best.
Preventing Future Issues
Let me be clear (because many others aren’t): there is no absolutely perfect method of preventing hacking. It’s extremely complicated and ever-changing. It happens far more frequently than you might imagine, and it’s practically impossible to spot.
Paying for Services
Your preventive tactics should be scaled to fit the value of your website to your business. It doesn’t make sense to leave your security to chance if it’s mission-critical for you. You should pay for a tried-and-true solution or a reputable service/contractor.
For ongoing services, we highly recommend Sucuri and SiteLock. They all offer different packages for monitoring, scanning, and protection via firewalls and other mechanisms. That degree of protection might provide you a lot more peace of mind that you’ll be taken care of in the future.
There are a few more methods that can augment your services or assist you defend yourself from potential hacking difficulties.
As I previously stated, you must keep your website up to date. When greater security vulnerabilities arise, WordPress can often update itself automatically, but maintaining old versions of themes and plugins on your server is very dangerous. Keep an eye out for new updates and instal them as soon as possible.
If you’re using FTP to upload something, be sure your file permissions are reset each time.
Also, do not download premium themes or plugins from unofficial websites.
Try out these tried-and-true security plugins. There are numerous alternatives available to you, but here are a few:
- Sucuri Security
- iThemes Security
- Jetpack by WordPress.com (requires a WordPress.com account)
- Wordfence Security
Follow their instructions to set up the system the way they recommend.
Cloudflare provides a free level of DNS security and performance. It monitors activity “before” it touches your site to give you an extra layer of protection, similar to the firewall feature I outlined with Sucuri and SiteLock.
Monitoring Google Search Console Activity
Finally, be aware that in some cases, hackers may be able to become confirmed users for your website in Google Search Console. Consider the suggestions in that post and check in on a regular basis.
We’re sharing this on the Evermore blog in the aim of becoming a more trustworthy and up-to-date resource for this terrifying circumstance. Please contact us if you notice anything that is out of date or incorrect so that we can keep this article up to date and useful.
Evermore would love to have you if you want to avoid this entire problem by hosting your site on a fully managed platform. To get started, send us an email.