Another Big Reason To Watch Out for Malware and Your Site Being Hacked

No one wants their website to be hacked. I’m sure you don’t want malware and malicious code inserted into your web pages. It causes all kinds of headaches trying to find the entry point, secure it, and then the painstaking process of cleaning it up.

Up until recently, people searching Google for your website would have no idea your site was compromised unless their security software alerted them when they visited your site. Google’s latest update to their search results will no longer hide this fact…

Google tells the world you’re compromised

Just last month, Google posted to their webmaster blog that searchers will now see a notice for sites that are hacked. Here is how it looks in Google when a site is compromised:

Alerts now in search results (click to enlarge)

This makes it even more important to quickly detect and clean up any problems with your site.

How to detect if your site is compromised

Fortunately, as fast as Google will tell the world your site is compromised, they are just as fast to tell you when your site has malware. But a few things you must do to ensure you get alerted:

  • 1. Set up a Google Webmaster Tools account
    I assume you already have one for your site, but if not, get one right away!
  • 2. Make sure your email address is up to date with Google
    Make sure the email address registered with Google Webmaster Tools is up to date, and one you check regularly.
  • 3. Set up Webmaster Tools to forward you email of any issues detected.
    Right on the home page of Google Webmaster Tools once logged in is a dropdown. Make sure it does *NOT* say “Don’t forward messages”:

Change this dropdown (click to enlarge)

If you’re looking for something besides Google to alert you to issues on your site, you could purchase a VeriSign SSL Certificate which comes standard with daily malware scanning.

How to avoid Malware on your website

A few simple steps to keep your site free of bad code:

  • 1. Keep all site software up to date! (like WordPress, phpBB, etc…)
    This is the most common point of entry for hackers. I spent a good amount of time yesterday helping a client clean up compromised files from a hacked old version of WordPress. Keep up with these updates. You’ll thank me later.
  • 2. Install multiple scanners on *EVERY* computer you use
    The second most common entry point is a compromised computer/laptop that has your site’s FTP password on it. Viruses and malware search for these passwords, then use them to distribute their malware on your website. Besides a standard anti-virus package like Norton, McAfee, or Trend Micro, run a dedicated malware scanner such as Malwarebytes.
  • 3. Control your FTP password, and change it when appropriate
    Only give out your FTP password to those people you trust and actually require it to work on your site. I’m not going to preach changing your password all the time, but *DO* change it after a designer / developer / programmer is done working on your site. Their computers may become infected down the road, and you don’t want them being the point of entry for hackers.

What to do when your site is hacked

There are a number of things you can do to clean up your site and get it de-listed from Google’s compromised site list.

The important thing is to act swiftly, clean up the site, plug the security holes, and make sure Google is notified that your site is clean. Failure to take action these days may result in people never visiting your site.

Looking for a web host that understands ecommerce and business hosting?
Check us out today!

5 Comments

  1. I had one of my websites get compromised a couple years ago and it took quite a while to get my site ranking well again – about 15 months.

  2. Chris says:

    My site got hacked too. Good thing I setup Google Webmaster Tools for my site and I tracked the malware and deleted it before its too late.

  3. Bert says:

    This was the big deal for me – I had an outsource team doing all kinds of stuff for me and I can’t be sure but some weird things happened after I let them go.

    “I’m not going to preach changing your password all the time, but *DO* change it after a designer / developer / programmer is done working on your site.”

    Changing the password seemed to cure the problem.

    Thx,
    Bert

    • Bert,

      Thanks for the tip! Yes, changing your password after a developer/designer is done with your account is always a good idea. You can’t control how infected their systems are, and often times it is the 3rd party that opens up your site/account to hackers/spammers.

Leave a Reply to Chris