It's not uncommon for sites - even large ones with lots of protection - to get hacked. Security is a major problem these days. And if your site gets hacked, it can get damaged in a number of ways. You could lose all your data, or lose its ranking due to malicious activity. So while you can take periodic backups, you cannot prevent someone from hacking into your site. The best and most practical thing to do in such an event is to recover your site as fast as possible so that the effect of the attack is neutralized/minimized.
Here are some tips shared by Google for getting your website back on track after it has been hacked.
Clean up malicious scripts
Hackers can target your site for any number of motives. From taking down
your website and deleting its content to simply adding backlinks
discreetly, there's a lot that can be done. If you notice suspicious
content appearing on your website, delete those unnecessary pages
immediately. However, don't just stop there.
Hackers will often insert malicious scripts into your HTML and PHP
files. These could automatically be creating rogue backlinks or even new
pages. Make sure you check your website's source code and see for any
malicious PHP or JavaScript code that could be creating such content.
Maintain your CMS
Websites often get hacked due to vulnerabilities in a CMS that get
patched with updates. If you're running an older version, your site is
more susceptible to attack. Make sure you keep your CMS updated, and use
a strong password for login. If possible, enable two-step verification
to secure the login process.
www vs. non-www
www and non-www URLs are not the same. http://www.example.com is not the
same as http://example.com - the former refers to a sub-domain 'www',
whereas the latter is the root of your site. When checking for malicious
content, verify the non-www version of your site as hackers often try
to hide content in folders that may be overlooked by the webmaster
Other useful security tips
- Avoid using FTP when transferring files to your servers. FTP does not encrypt any traffic, including passwords. Instead, use SFTP, which will encrypt everything, including your password, as a protection against eavesdroppers examining network traffic.
- Check the permissions on sensitive files like .htaccess. Your hosting provider may be able to assist you if you need help. The .htaccess file can be used to improve and protect your site, but it can also be used for malicious hacks if they are able to gain access to it.
- Be vigilant and look for new and unfamiliar users in your administrative panel and any other place where there may be users that can modify your site.
No comments:
Post a Comment