This post first appeared on Flying Solo.
“I’m sorry to inform you that your website has been hacked.” These are some of the hardest words that any business owner ever wants to hear (right up there with, “I am not paying your bill.”)
Your business website is your pride and joy when you launch it, and you excitedly show everyone, and their mother and the random person you sit next to on the bus, your new site in the same way you share baby photos of your firstborn.
Sure, after a few weeks the shiny excitement wears off, and you sort of take your website for granted, but you expect that it will be staunchly standing in the corner doing its thing until you are ready to notice it again.
But then it goes and gets itself hacked, and you are left dealing with shame, confusion and a never-ending chorus of, “How did this happen?” It’s the online equivalent of your teenage suddenly telling you they are pregnant.
Unfortunately, unlike teenagers, websites themselves can’t tell you when they are in the hacked way, so you need to know the symptoms to look out for.
Common hack symptoms
Here are some of the common ways you find out that your website has been hacked.
1) You get a phone call from a client
The most common way you find out your site has been hacked is your best client, the one you have spent months trying to impress, rings to tell you that your site is suddenly displaying never-ending videos of athletic people not wearing very much and making a lot of noise while they are doing it.
They may also ring to question when you joined a Jihadi movement as there is a big dirty flag and hacked slogan right across your site.
If it is a visible hack, then it is guaranteed your clients will see it first.
2) Your browser has warnings when you visit your site
Chrome, Firefox and other browsers have reserved a particularly nasty shade of red to paint your screen if they spot your site has been filled with Malware or if your site is now being used in phishing attacks.
3) Your host removes your site
A good host will give you the heads up that your site has been hacked and help you restore your site from pre-hack. A bad host will remove your site off their hosting faster than a toddler who spots a rain puddle removes their clothes.
4) Google flags your site in search results
If you put your domain name into Google, you may see the dreaded “This site may harm your computer” message in the search results.
5) You can’t log into your site
You try logging into your site with your usual username and password, only to find they no longer work. If you are able to get a password reset through to your email, you find your username has been changed to admin or something more exotic that you can’t pronounce.
6) Google Search Console tells you
If you have had a good web designer build your website for you, right after they set up Google Analytics for you, they set up Google Search Console (previously known as Google Webmaster). If set up correctly, GSC will drop you an email when it spots a problem a bit like a canary in a mine.
7) Your security plugin spots a problem
If you use a security plugin on your site like Wordfence, All in One WP Security or Securi, you may get an alert that your site has suddenly become infected with stuff you would rather not talk about in polite company.
8) Unknown admin users have been added
Get into the habit of checking the users on your website. If you suddenly start seeing the names of people with admin privileges that you don’t know, assume your website is having a wild party that was crashed by an outlaw motorcycle group.
9) Random files appear in the file’s manager of your website
Not all hacks are obvious at the front end. Many hacks raise no flags at all, and the only time you know is if you are aware of the files that are supposed to be in the back end of your site, and you spot unexpected files when you log into your hosting control panel. If you aren’t sure about a file, ask your web designer or host what is in that file and if it supposed to be there before pulling it out like a weed.
10) Your website takes ages to load or won’t load
Hacked sites often have so much going on code-wise, that your hosting cracks under the strain. It means that your site becomes super slow to load or won’t load at all, and it’s not just because you have a 15MB picture of a cat on a Roomba on the slider on the home page.
11) Your website is unstable
Some hacked websites flicker up and down in the same annoying way that a fluoro tube does when the starter is broken. If you are constantly getting alerts from your Uptime Robot monitor (free to set up – every site needs it), then assume the worst.
12) Your website starts sending stacks of email by itself
If your website takes up writing pen pal letters to a few thousand of its closest friends every minute, you can assume something dodgy is happening.
13) You have extra pages or blog posts
Your hackers may add in extra blog pages or posts that appear empty when you look at them but are full of malware or other code.
14) You become suddenly popular in Brazil or Romania
If an old post you wrote has suddenly become super popular in obscure countries, and your traffic spikes in your Google Analytics, it is probably not for the right reasons and means you need to dig a bit deeper and not just pat yourself on the back.
According to our security reports, even the smallest of our WordPress web clients battle off a few hundred hack attempts each week, with larger or more attractive targets battling a stack more.
Every business owner needs to watch for the signs of a hack on their website, know if they are covered by the Mandatory Reporting of Data Breaches legislation, and have a hack repair company on speed dial. With the volume of attacks happening, for most business owners it is a case of when not if they get that horrible call.