Sooner or later, it's bound to happen in some way, shape, or form...
Sooner or later, it's bound to happen in some way, shape, or form: your website gets hacked. No matter how secure you think your site is, it's been compromised and is spitting back malware warnings. Worse, search engines have detected the bad code and automatically issued their own warnings that pop up whenever someone tries to access your site. It seems like the end of the world--and it is serious, especially for e-commerce or sites containing time-critical information--but with the right help, your web presence and online reputation can be restored. The first and best thing to do is immediately call your web developer. Dealing with a website hack is a relatively technical thing to do, with many steps that may not occur to the average user, especially those who don't know how a database or web server works. Your developer will probably tackle the problem with 1) damage control and 2) prevention, in that order. Damage control will usually involve:
- Change all access passwords to the site: content management (Wordpress, Joomla, Drupal etc.), FTP, everything--and engage the host.
- Take down the entire site; it's an inconvenience, but an inaccessible site is a much lesser evil than an active, spam-generating site.
- Back up the hacked version of the site, then restoring the site from a previous backup. Previous backups are helpful because otherwise the hack must be removed manually, which addresses its symptoms instead of root causes.
- Update the site's components to their latest versions. This may include, but not be limited to: all site files, database software, CMS software, design themes or templates, plugins, etc., and then auditing those components for potential vulnerabilities.
Prevention will usually involve:
- Setting up a regular file backup system if one is not already in use
- Regular security audits to make sure all the site's components are working properly
- Setting up virus scans on all computers that are regularly used to manage the site
- Generating strong passwords ("password" or "123456" are not strong passwords)
Website hacks are stressful, potentially destructive situations that require methodical action, not reactive mole-whacking, and immediate action is important. Hiring a professional to diagnose the problem and work toward a solution will be, in the long run, much less expensive and time-consuming than muddling through the issues yourself. If your site hasn't been hacked, count your blessings! If it has, don't despair--call the professionals at BBM&D.