Why Google is Saying That Your Site May Be Hacked and How to Fix It

Site May Be Hacked-Google Answer
Oct 20

Why Google is Saying That Your Site May Be Hacked and How to Fix It

Have you ever searched for a particular company, product or service and found a result that said “this site may be hacked?” For those that have, it doesn’t exactly make you inclined to click through to the website. It’s similar (and you might get this notification too if you do click through) to visiting a site that is “not secure” and you get a notice on the screen telling you to “go back to safety.” Bottom line, if your website is hacked, you need to fix it immediately. This is especially true if you have an ecommerce website (for more obvious reasons.) Why do you need to fix it immediately?

  • Client information (emails, card information, etc.) can be compromised
  • Your rankings will be harmed
  • People won’t click through to your site as often if at all
  • You’ll start to appear in search for irrelevant searches
  • Your site, forms and email will be subject to heavy amounts of spam
  • More…

You might be wondering, how do I know if my site is hacked? Even if I did know, how in the world would I go about fixing it? Not to worry, we’ll clear up those questions in this post.

If you know your website is hacked and you’d like us to fix it ASAP: Contact Us

If you’re unsure if your website is hacked, you’re being proactive, or just want to learn, read away!

How To Know Your Website Is Hacked

There are a few ways to know your site is hacked. Sometimes is easy to tell, but other times you end up finding out in a roundabout way.

The first way is the easiest. You’re checking in on your website or someone visited your site and saw this:

Site May Be Hacked Example

 

 

 

 

Google says it “may” be hacked, because sometimes your site may have some issues, but it’s not technically hacked. For example: Let’s say your website has a blog and people can leave comments on it. If you’re not moderating the comments, someone can put various links into the comments section, linking back to a particular site. That site can gain temporary strength and then you can also appear in search for the items relevant to those links. Often times it includes “essays” (for example: domainname.com/something-something-essay,) pills for ED, and fake government document related verbiage. Of course, this is no good. The biggest takeaway here, moderate your comments! When comments like this appear, they get cached, and they enter the root directory of your website files. While this doesn’t give hackers access to the files most of the time, it’s not a good thing.

Another way to identify a hack or something that is viewed as a potential hack is by monitoring your websites activity from organic search. There has been an occasion or two where we’ve reviewed a client’s organic activity in Google Search Console, and found that they were appearing in search, receiving clicks, and having landing pages created through a hack or cached comments. Generally these are essay or education related. If you review the last 90 days of data and see a unreasonably large spike out of nowhere that comes back down (or maybe does not), that’s a sign. From there, you’ll likely review the search phrases and landing pages, and find essay/education related landing pages that are irrelevant and not something you created on your website. You can likely see this fluctuation in site activity in Google Analytics too.

The last way we’ll discuss that indicates your website is (truly) hacked, is when you visit your site and it redirects to another. This means that someone got access to your .htaccess or web.config file, which means a hacker has access to your website files. If you’re on a shared server, you’re not only putting your website and client information in danger, but also other businesses. This can prompt Google’s warning in search, harm rankings, and make it impossible for people to see your website. It’s something that needs to be addressed the second it’s found.

We’re not going to dive into the specific vulnerabilities in this post, but if you’re interested in learning about them, read this common WordPress Malware Infections article.

How To Fix It

Now you know you have a hack, or something that is being viewed as a hack. Where do you go from here?

Assuming you’re seeing the Google notice, we can request a report from Google in search console. This report shows the type of hack, the URL’s associated with the hack, the dates it was detected, and other details.

SERP-TSMBH

 

 

 

 

 

 

 

 

From there, the source of the hack, or what appears to be a hack can be determined, and the files can be deleted. In this particular case, the files were being created and stored in the WordPress includes section of the file directory, in the cache (/cacheRANDOMSTRING.) Once the files were deleted, the hack was resolved. Prior to deleting them, if you test the URL’s you’ll find a 310. Once they are removed, those URL’s will 404.

Once the hack is resolved, we can let Google know that it’s been resolved, and give them a short explanation of how it was resolved.

If you’re dealing with a site file hack, that is an entirely different beast. A professional is necessary to resolve this, and we’d need to review your particular situation.

How To Prevent Your Website From Being Hacked In The Future

The primary way to avoid hacks is by working with a hosting company that proactively implements security measures, takes backups and monitors your website. Explore webFEAT Hosting

We primarily work with WordPress websites, but have worked with most CMS’s, and started with custom HTML and ASP websites. With WordPress websites, one of the biggest ways to prevent hacks and malware is by keeping your website up to date. This includes WordPress updates, theme updates, and plugin updates. You can keep up with WordPress core updates, here. You can usually expect 1-3 updates a month, and these updates influence developers to make plugin updates, which also occur regularly. When selecting plugins, be sure to find ones that have a reputable developer, many installs and reviews. With all of this updating, it’s important to be careful. Updates can create issues with functionality and layout.

We also recommend that your comments require moderation prior to posting, which can help you avoid “hacks” in the cache.

We’ve all heard this last one before: change your passwords! You certainly don’t want to create one that a hacker can guess, and a weak password creates a vulnerability.

Consider webFEAT Hosting

Our network administrator and technical team have over 35 years of combined, professional experience. If you want to prevent your website from being hacked and resolve any existing or surprise hacks quickly, consider webFEAT Hosting! We’ll provide you with reports on how we’re proactively maintaining your site, and you can talk to a real person any day with any concerns or issues.


Also published on Medium.

About The Author

Ray is the SEO and AdWords Manager at webFEAT Complete. He's passionate about improving the visibility of businesses online through their websites. When out of the office, he's probably traveling, eating or exercising.

Leave a reply

Your email address will not be published. Required fields are marked *

webFEAT Complete