How to know if your website has been hacked

If your website is hacked, you might have received a notification that your site has been hacked or is compromised.

If you received an alert that your site has been hacked but it looks normal, a hacker could be using a technique called cloaking which makes it harder to tell that a site has been hacked. You can check for cloaking using Google’s Hacked Sites Troubleshooter.

What does it mean for me and my business if my website has been hacked?

If your website has been hacked, there are a few potential problems you might run into, including:

  • Data might be compromised. This could include your data, your employees’ data, and any data that has been entered onto the site (e.g. customer payment details).
  • Depending on what country you live in, you may be required to disclose to customers that their details and payment information may have been compromised.

Hackers typically have motives. Usually, they are trying to access information, steal money, or simply just antagonise others. Hacks can be detrimental to a business and sometimes cost hundreds of thousands of dollars to remedy, so it’s best to stay on top of security as a preventative measure.

What to do if your website has been hacked

There are a few steps you should take if your site has been hacked, but these are the four most important initial steps:

  1. Contact your website hosting or IT support team.
  2. Gather access to information you’ll need including CMS login, hosting login, web logs, FTP/sFTP access credentials, and backups of your data. 
  3. Take your website down until you’ve solved the situation.
  4. Scan your systems for malware.
  5. Change your passwords.

Next, you’ll need to properly clean up your site. In most cases, you’ll need to get a professional on board. A programmer or web developer will have the best knowledge on how to check for any compromises and clean up your site.

How to prevent being hacked in the future

Even if you haven’t been hacked, it’s good to stay on top of website security. The following are some great security tips to keep your website’s defenses up:

  • Update your software regularly.
  • Proactively work with your web team to protect against attacks (e.g. XSS attacks).
  • Register with search engines to receive realtime alerts of supicious activity (e.g. Google Console or Bing).
  • Work with a web development team that has a experience and a trusted reputation when it comes to safety and security.
  • Validate information on both sides (browser and server sides).
  • Use hard-to-guess passwords, update them regularly, and keep them secure.
  • Only allow website file uploads if absolutely necessary.
  • Use HTTPS instead of HTTP.
  • Make sure your website has an SSL certificate.
  • Look into website security auditing and monitoring tools.

Have any questions about your website security?

Digital Bridge is a web development company based out of Fitzroy. We help clients with website hosting, website management, and more. If you want to find out how to keep your website secure, you can contact us at hello@digitalbridge.com.au or give us a ring at +613 8658 2434.