Well, first off, I’m not a hacker, so the ideas here are just those; ideas.  In some ways, hackers are the graffiti artists of the online world – some do it for ‘art’, some do it to deface property, some do it to make a political statement, and depending on timing and location and the actual work itself, you can get a pretty good idea of what someone was trying to achieve.  Some hackers can actually make a living doing it by promoting themselves as ‘Online Marketers’ who can drive traffic to a particular website.

What do you do when your website has been hacked?

Contact us right away!  Time is important, since the hacker may have erased part of your site, all of your site, none of your site, these things we need to find out right away!

Here are some of the most common symptoms that your website has been hacked:

Home Page Redirects to another site:

This is quite common to see a home page landing on an online hoping site of knock-off brand name products (ie. knock off coach purses, or Louis Vuitton products.)  The hacker is looking for a site with high traffic.  When someone types in your website address and gets automatically redirected to this other site, the hacker is trying to drive traffic to their online site, and knows they only have a short amount of time to do it, because once you visit your own site or a client calls to tell you what happened, the link is no longer valid and will get repaired. 

The probable back story: The hacker has been hired as an “online marketer” to drive traffic to the shopping website.  He or she doesn’t care where the traffic came from or how long it stays or if they end up making a purchase, just that when the link is clicked, the visitor sees the site – It’s not only malicious to hack the initial site, it’s ineffective for the receiving site who may believe they’ve paid for a genuine online marketer to drive traffic to their site.

Why this doesn’t make sense: When was the last time you went to visit a local restaurant’s site for example, ended up on a shopping site and decided to purchase a few things while you’re there anyway? Never?  


Menu Links Redirect to another site:

This is similar to the above strategy with a little more tact.  If you visit your home page and everything looks fine, you may not realize that your site has been compromised.  When you click a menu item (sometimes all of the menu items, sometimes a select few) the site redirects to another.  The most recent version of this we experienced was a single page on someone’s menu redirected to a website to purchase diet pills.

Variation: sometimes there are links to other sites hidden throughout your website.  The hacker is using the search rank you’ve created with your content and put in random links in your text.  Sometimes it looks like this:

This is a blog post on wordpress Louis Vitton about why someone would Coach Purses choose to hack a website and what you can do to reduce the FREE DIET PILL SAMPLE chances of it happening to you.

It seems obvious that there’s been a compromise, but if you haven’t looked at your past blog posts in a while, this could sit around for weeks or months.


Website has been erased or replaced completely:

Unlike the first 2, you can’t get on your website and the home page is replaced entirely by a hacker.  Sometimes this shows the hacker’s logo, and there have even been cases where the hacker will put up a logo and his screen name to tell you who hacked the site.  This hacker is doing this just to be malicious and for fame.  There’s no financial gain to be had.


What you can do to reduce the chances of your website being compromised:

  • Make regular backups to your website and content – regular like at least monthly, maybe weekly or daily depending on the frequency you add new content.  We use Backup Buddy for our clients. If your site is compromised, you can go back in the history of your backups to load up a site from before the compromise.
  • Store your backup on a secondary server.  If you’ve been making regular backups but storing them on the same server as your website, what do you do if your server is wiped clean? We use Stash and Dropbox Pro.
  • Change your wordpress login from the default “admin”.  If someone is trying to hack your website and your login name is the default “admin” they only have to find out your password.  You’ve given them 50% of what they need to know to login.
  • Use a service like iThemes Security Pro to block IP addresses that have repeatedly tried to get into your website.  If you’ve changed the login from the default “admin”, you can automatically block anyone who tries to login using “admin” on their first try.
  • Schedule a Malware Scan – regular scans of your website are key to catching compromises early.  iThemes Security Pro has this function included.
  • Don’t give out your wordpress password.  If you have someone who needs access to the site, setup a temporary user name with restricted access rights so they only have access to what they need.  Remove the user profile when they’re finished.

If your site has been compromised, or if you’d like us to help you reduce the chances of it happening, contact us here to discuss.

Share This