Your customer calls you up and asks you if your site’s safe to visit. When you Google yourself, you see those five horrible words under your site’s listing: “This site may be hacked“. What do you do next?
Google’s decided your site’s hacked, but how do you find out why? Google Search Console. Google provides Search Console for website owners to get information about the health of their website and how it’s showing up in searches. Your issue might pop up in the “Security Issues” section (under “Security & Manual Actions” part of the menu) if you have the new design, or “Security Issues” in the old version.
Google search console really is the quickest way to find out why you’re getting “this site may be hacked” against search results for your website.
If so, that’s great. There’s a few must have plugins out there that can really help find and fix the issue. You might want to try iThemes Security and run a malware scan (which you can do in the free version on the homepage – the pro version allows you to run them automatically).
It’s not a bad idea to install iThemes Security anyway; it’s one of the plugins we install on all our client’s sites by default because it does such a great job of securing their website.
No problem! Securi offer SiteCheck. Just pop your website address into the box in the middle of the page, click “Scan Website” and Securi will check your site over and notify you if there are any issues. Securi also notifies you if your site’s software is outdated (if you’re using a known content management system, that is).
If you want to continue down the Google route, they provide the snappily-named Google Safe Browsing Check. Again, pop your website’s address into it and it’ll run through a series of checks to see if it’s aware of any issues on your site.
At this point, using some of the tools listed above, you may have narrowed it down to an issue in one sketchy-looking file. If that file can be deleted, great (but do make sure it’s not one you need!) But what if it’s more than that? Or a file you can’t find to delete?
At this point you might be uncertain. That’s totally OK; it’s time to call in the professionals. You’ve got a few options:
First and foremost, your hosting company may be able to help. Be careful here though; a lot of hosting companies may well see your site’s files as your responsibility and refuse to help. Some even go as far as to block access to a hacked site until they know it’s been cleaned. Additionally, their support staff may not be willing or able to help.
Long story short; choose whether to involve your hosting company carefully. If you’re not 100% certain they’re going to help, it might just be worth moving on to the next options.
There are a good number of cyber security specialist companies out there. In the WordPress space the front runners are Securi and Wordfence. Both also provide a “Site Cleaning Service”, which effectively means if your site’s hacked they’ll fix it.
Their service generally tends to be very thorough but very focussed; a cyber security company will generally clear the issue, set you up with some good security and send you away with a checklist of “you should also do these things”. Generally, they won’t be able to help you with the ongoing stuff, or things outside of security. That’s where our final option comes in…
Getting in touch with a WordPress support company to get some WordPress help might be the best option. Make sure they assess your hacked site first; giving them the information you found earlier and FTP access should be enough for them to give you a good idea of what they’ll do to fix the issue.
After they’ve fixed the issue you’ll have a support company on hand to help you with
Contact us now and one of our technical team will take a look at the issue for you today. We’ll be happy to advise you which plan you need to go for, what we’ll do to fix the issue and what we’ll do to stop it happening again. Just get in touch via our contact form, or live chat.