Okay, so you receive a call from one of your clients… The news is all bad because what you are hearing is that your website is no longer coming up. Instead, and perhaps even worse, there is a red, “in your face”, warning saying that your website contains harmful programs! Disaster has struck and life as you knew it seems over… What the hack?

Your website was hacked. It could have been hacked some time ago because Google and potentially other organizations have now blacklisted your site; hence the red screen of despair…

What is a hack?

In essence, and in its most basic form, a hack is a successful attempt in accessing your electronic data without your authorization.

There are many reasons why your site may be hacked. For example,

1. Identity Theft – Access data such as credit card details, DOB, and other personal data.
   Result – Your sensitive data is now used in illegal activities and authorities are asking questions about your duty of care, negligence, and damages… (think Optus or Medibank Private)
2. Punitive or Idealism – Steal data to highlight security issues of a specific organization in order to give the entity a bad name. Or simply to highlight security vulnerabilities in a system (the hard way…) Or perhaps foreign Governments or militants trying to make “a statement”…
   Result – Your organization has taken a huge slump in public opinion and your PR department is putting in requests for overtime…
3. Nuisance – (the Thrill/Challenge mob) Someone trying out their hacking skills just because they can…
   Result – You need to spend time and money fixing the issues the hacker created and stopping them from not doing it again…
4. SEO – Search Engine Optimisation where the hacker installs code that inserts links in your page titles and content to increase the search rankings of third-party websites.
   Result – You are blacklisted with organizations such as Google. You need to clean your website and beg to be removed from their blacklists…

So, you may ask in a rational manner (more likely in a total pool of misery and panic); what do I need to do to fix this little problem? Let's assume we look at SEO-related hacks such as those described in point 4 above.

Often, the insertions of links are only “visible” to search engines and not your visitors. This means that your site could have been hacked months ago without you knowing anything about it; until the red screen of despair tells you otherwise.

This is what you need to do to get on the right path again:

1. Remove all evidence of any files associated with the hack. This means any files containing code that causes the links to be generated on the fly. These files often live in your plugin directory (but can live anywhere) and often include .cache, .bak, .old. Often the files are hidden so make sure you give yourself permission to view hidden files. Then simply delete any files that should not be there.
2. Unfortunately, your database may also be infected in fact it almost certainly will be. If you have any knowledge of phpMyAdmin then finding infected code is relatively simple. You should search for “wp_check_hash”, “class_generic_support”, “widget_generic_support”, “ftp_credentials”, fwp and “rss_%”. Then simply delete the infected fields.
3. You now need to plug the vulnerability to prevent this from happening again. 9 out of 10 times it is a weak password that did the damage. Edit your user account and let WP create a password for you. If your previous password was admin1234 then perhaps you deserved to be hacked.
4. Make sure you update your WP version to the latest available. WP updates often address known security vulnerabilities.
5. Install software that can mitigate hacking attempts in the future. There are lots of companies out there offering a range of products and services. We recommend BulletProof Security Pro.
6. Lastly, you need to tell Google and the other entities that blacklisted your site that all is good now. You need to submit your site for the removal of all the blacklists.

Alternative to the DIY approach, you can contact us for a full and comprehensive removal/maintenance service. We are after all; your Internet technology partner…