How to Know if Your Site Has Been Hacked
One of the unfortunate realities of doing business on the web is the threat of getting hacked. Hacking can take a number of forms, from injecting content or malware into your site, to simply redirecting your site elsewhere.
If you have a site that has been infected, Google will sometimes notify you via Webmaster Tools or add your site to their blacklist, showing you the “Warning: Something’s Not Right Here” page on Chrome. More often than not, Google won’t notify you so it’s important to always keep a backup of your site and update your CMS as often as possible.
What is Hacking?
Hacking is any technical and unauthorized effort to manipulate a computer network or database. Depending on the goals of the hacker(s), they may install malicious content or add visible or hidden content to pages on your site. New pages may be added to your site with the intent of phishing visitor’s personal information. In some cases, a hacker may redirect your site to a harmful or spammy page.
You can read more about hacking here.
What is Malware?
Malware is any type of malicious software used to damage or disrupt a system or gather private information. Malware includes viruses, spyware, trojan horses, and other types of software that can harm a user’s computer.
You can read more about malware here.
Malware & Hacking Checklist
While defending against malware may be beyond your skillset, here are the most common things to check for identifying site vulnerabilities and securing a server:
- Is WordPress updated to the latest version? Are all plugins updated as well?
- Is there any custom WordPress code on the site? This may make the site vulnerable to SQL injection attacks.
- Is the site running the latest versions of Apache, PHP, and MySQL? Newer versions patch old security vulnerabilities.
- Are all site passwords been changed?
If possible, you may also want to check the following:
- Check the Apache logs for a high amount of bad HTTP requests. This may indicate yet unsuccessful automated attempts to hack the site.
- Check MySQL server logs for a high number of attempts on port 3306. This may indicate that a hacker is trying to break into the site’s database.
- If using shared hosting, is anyone else using the hosting company getting hacked? If someone else got hacked on a shared server, you may be a victim too.
Monitor site changes with Google Alerts
If your site has been infected with malware, Google may notify you via Webmaster Tools or display the “Warning: Something’s Not Right Here” page for visitors using Chrome. However, Google often fails to notify you. You will want to proactively monitor your site so you can be the first responder in the event your site is hacked.
You can use Google Alerts to be notified any time compromised content has been added to your site. Here’s how to set it up:
1. Navigate to Google Alerts
2. Add your search queries
Be sure to select the following settings:
Volume: All results
Deliver to: Feed
3. Create alerts for high, medium, and low risk queries: