So a client of mind, and his WordPress website that I didn’t build was hacked. He asked if I could fix it. Here’s what I learned throughout the process:
- If your site is hacked, you could get blacklisted by Google. This means when people visit your site, the site will have this big red warning telling visitors not to proceed. This actually happened to the client—he was blacklisted temporarily.
- If they blacklist your site there’s nothing you can do but fix the problem (that is: remove the hacked files that triggering the warning) and resubmit it to Google via their Search Console. Luckily, Google didn’t take too long and the site was removed from the blacklist.
- www.sitecheck.sucuri.net helps detect viruses, hacks and malware, but not everything. I used this to find the problematic files.
- In this case, the hacker placed javascript files on the site that redirected to another site.
- I fixed the site by first grabbing an older copy of the site from the Internet Archives because he had no backup and removed all the javascript from it just in case these were infected as well. Later I recreated the site and installed security. He was back up in running in two days.
- Google’s Search Console runs periodic scans and will notify you if something seems fishy. In this case, the client wasn’t connected to Google Search Console and so he never got warnings and eventually was blacklisted.
- Popular hosting companies are targeted for hacks because they know many of the users are uneducated and probably have no protection in place.
- Lessons learned: always have backups, use strong passwords, have security in place and use a monitoring systems like Google Search Console.