Imagine that tomorrow when you get to work you get a call from one of your customers and they tell you that they tried to get on your website but that the only thing that came up was a big reg page warning them that your site isn’t safe.
Your mind starts racing! Are they sure they have the right website? Why would your site not be showing up?
So, you jump on your computer and pull up your website. Yup, there it is, right where your website used to be. You’re staring at a bright red screen telling you that your website isn’t safe and you’re being blocked from being able to get to your site.
Unfortunately, this is when most people start to think about the security of their website. This is also when you realize exactly how much your website means to your business. If you have a commerce site, you’re losing sales, immediately. If you rely on your site to generate sales leads, your sales opportunities are getting hurt, and if your site supports your nonprofit organization, then you’re being impacted on multiple fronts such as donors and supporters not being able to engage with you.
There are a couple of things that you have to respond to immediately. First, you have to get your site fixed. Second, and possibly the most important, is you now have to start the process of regaining the trust of the people that use your site.
Hacked Site Clean Up
The day that you had planned just got changed. Your attention now has to shift to figuring out how to get your website back up. Then, once your site is up, then you need to figure out how it happened and how to make sure that it doesn’t happen again.
Let’s start with the first problem, that bright red warning that is stopping people from getting to your site. That warning page and the block put on your site is done by Google’s Chrome browser. I know, your first thought is “well, that’s not so bad, only the people using Chrome as a browser are being blocked.” Yes, but that is still bad. Google’s Chrome browser is currently dominating the browser market, with over 58% of all internet users using Chrome.
Backup. With any luck, you’ve been backing up your site regularly. If that’s the case, then you can restore your site from a previous backup and pretty much get back to business with a relatively minimal problem. If you haven’t been backing up your website, do it now, before you do anything else. Yes, your site has been infected, but if you backup your site now there’s a pretty good chance that you’ll be able to remove the virus or malware from the backed up files.
A second benefit to backing up your site now is that you’ll have a current version of the content that was on your site. This will prove to be amazingly beneficial as you won’t have to recreate all of that content as you try to restore your website.
From here, you’re going to want to contact a professional company that has experience in cleaning up infected or hacked websites. They are going to need access to your server and all of the source code for your website. You can expect the process to take anywhere from a couple of hours to a couple of days, depending on the severity of the infection.
An Ounce Of Prevention: Stop Hacks Before They Happen!
With everything that you have going on, making sure that your website is secure is probably way down on your priority list. However, there are some compelling reasons for you to reevaluate that and make the time to secure your site…for the sake of your company and your customers.
There are a number of reasons that hackers break into sites:
- Get your visitors data
- Infect your visitor’s computers (for a variety of nefarious reasons)
- Get credit card information (if you store that within your site)
- Use your site in a denial of service attack
- Use your site to distribute malware and SEO spam
- Use your site’s server power for cryptocurrency mining
- For fun
- And more
The Common Denominator
The one common denominator among all websites that get hacked is a lack of proper security procedures. That’s it. There is nothing else that is causing websites to get hacked. The challenge is that this lack of proper security procedures can happen in a LOT of places.
- Weak username and password combinations: stop using Admin as your username and 12345678 as your password!
- Social engineering: someone calls your site administrator and says that they are with your hosting company, or domain registrar and they need your username and password to stop a hack that is in progress (or any crisis that would get people to give up this information).
- Software Updates: If you’re on a CMS platform like WordPress Joomla, Drupal or any other platform, it’s very important that you keep your software updated. Outdated software can have bugs that hackers can exploit to gain access to your site.
- File Uploads: This feature on a website can be very convenient for both you and your visitors, however, if the process isn’t done properly then this gives hackers an open door for uploading malicious files to your website that could automatically run on their own and spread viruses or worse opens up your website to anyone.
- HTTPS: We’ve been talking about putting websites on a secure protocol for a very long time and so has Google. You really have to get serious and move your site to an HTTPS protocol, immediately.
- Web Hosting: Use a reputable hosting company to host your website. Make sure that they are diligent with applying patches to the operating system of their servers and have a thorough knowledge of how to protect the sites that they are hosting.
- Limit Login Attempts: One of the tell-tale signs of a brute force attack is the repeated attempt to login, incorrectly, in a short period. By limiting the number of times a user (or bot) can attempt to login will turn away a lot of potential hacks.
Google has already announced that with Chrome 68 (ver) they will be marking all sites as unsecure if they don’t have an SSL certificate (HTTPS protocol) effective in July of `18. This move demonstrates how serious they are about security on the web and it’s a definite motivator for site owners to get their site’s secure.
Securing your site is important as it goes directly to trust. Your website is more than just an online catalog of your products or services. It’s an extension of your brand and people will not do business with a brand that they don’t trust. Especially online!