When it comes to hacking, we usually think of breaking in to security systems and deviant acts related to stealing, deceit and con men. There are cases where the internet itself is problem, but it can also be a place for us to find a solution. Google does indeed (almost) have the answer to everything if you look hard enough, including how to deal with and identifying a hacking incident.
Based on the Q3 Hacked website report by Sucuri it showed that WordPress gets about 74% hacked sites for Quarter 3 (Q3), although it decreases in Q3 we can see that it is still many in numbers. The worst case scenario of hacking can lead to business data theft which also leads to loss of money. For this post we are going to feature a WordPress site which has been detected through the search console as a hacked site.
Hacked Content Detected
Last January 10, 2017, we discovered a message from Netizensreviews.com search console. It’s particularly annoying if a site becomes a hacking victim, especially if we can see some malicious content injected in their page. Just take a look at below on the full message from the console. As a safety measure, Google keeps site owners up-to-date, so it is essential that you must connect your website with the search console as well.
If your site has been hacked, you can receive a manual action (either site-wide or partial matches) where you will be informed if the site may not perform well in Google results since it violates the search engine’s webmaster guidelines. You truly have to make sure that you are frequently checking your search console messages.
Once you perform a Google manual search, you will see this below. What’re the chances of your site getting some visitor lovin’ if it’s labeled with “This site maybe hacked”?
How to Fix
Here’s what we did to recover the hacked site:
1. Check Security Issues for the Details of the Hack
2. Find Out Why Your Website Has Been Hacked
We have checked the whole site and found out the following details about why the site was hacked:
Outdated Plug-ins– last update was on October 2014 and that’s why they have an easy access to the back door.
As reported, we have read that there are 3 plug-ins which is the main reason for hacking: RevSlider, GravityForms, and TimThumb.
According to sucupress, based on their clients’ statistics these are the following reason why a website was hacked:
You don’t know what happened
Your plug-in or theme is vulnerable to pirates
There is a WordPress vulnerability due to its core flaws
Host Provider Problems
Have Old installation files
Chmod fault or bad file permission
Due to other reasons e.g. no anti-virus, responded to phishing mail, or have outdated servers or FTPs.
3. Be Sure to Check the Entire Site
You can also use sites to find hidden links which suggest doing a Google search. i.e: “home loan” site:netizensreviews.com”
4. Remove All Malicious Content
In our case we have restored it using our older back up files. As Google suggested you can also contact your hosting provider for assistance.
5. Secure Your Website From Future Hacks or Attacks
Now that you know the real reason why the site was hacked, it’s time to make those pages or material immune to future attacks. In our case we have make sure that the plug-ins are updated, including changing the password. Additionally, Google also suggests that you ask the help of your hosting provider.
6. Recheck Website
After securing the site, it’s now time to make sure that no more malicious files have been injected. Recheck the site by doing a Google search or using sucuri. After scanning, make sure no malware, website blacklisting, injected spam, or defacements are detected.
You can also do a simple Google search by typing “site: [website URL]”. It’s considered clean if you can’t find any labels on it.
Check using Safe Browsing Site Status. We can see that the site is no longer infected or dangerous. No more malicious files have been detected.
Before filing up a reconsideration request make sure that you have answered Hacked sites Trouble Shooter.
7. Submit a Reconsideration Request
After making sure that the site is now clean, submit the URL for a reconsideration request.
After clicking the request a review button a text box will open which requests you to write the process on how you went about with your site clean-up.
And fill it like:
For netizens reviews, we have addressed it using restoring our older backed-up files and updating the plug-ins and password. We also make sure that the site is clean by using search operator, fetch as Google and even checked it using a third party tool. I am hoping that I can see a response from you soon.
8. Check Updates for Request
If they have determined that your site is free from hacking, they will notify you that your reconsideration request was approved. In our case, we received it after two days.
Hacking is almost considered a “talent” for our generation. It seems like the general stereotype that those involved in comprehensive computer work are hackers is slowly becoming true. With their own twists, recent films like Nerve, Eagle Eye and Blackhat even tolerate the act of hacking.
With just a few detailed steps though, your website can bounce back from a hack like it never happened. Remember, prevention is better than cure. Keep your sites well-maintained and protected – leave no room for hackers to wiggle through.