8 Signs Your Website has Malware- Know How to Fix it if Your Site is Hacked
Picture this: You’ve just launched your website for the first time. It’s looking sleek, packed to the gills with amazing UX, and you even commissioned some artists and designers for gorgeous logos and assets. For most of the week, you juggle your business while checking your metrics once a day, every day. Come Monday morning, you hop on for your routine check to find that someone’s locked you out of your account. None of your credentials work. And the worst part? They’ve defaced your logo with a big, fat—- problem.
Does any of this sound familiar?
For many business owners, your website is your pride and joy. And typically, you’d place it everywhere! Your LinkedIn, calling cards, email signature, Facebook Business Page, and for some, even on their personal Bio. Your website is your ticket to making a good first impression on someone finding out about your business for the first time. The last thing you would want is for them to open up your site to see it compromised. Breaches are inevitable. Around 30,000 websites are hacked or infected with malware daily before they get notified by a customer or shot with Google’s “Red Screen of Death”. This number only continues to grow, since over a million new website malware threats are created every day.
To prevent this from costing you customers and your website’s reputation, it’s best to catch tell-tale signs that your website malware is early on. Read this blog “8 Signs that your website has malware and how to fix it” on to brush up on those signs to see what you can do to verify your website safety, and what can be done to fix it.
Website Malware Breach Checklist
If your metrics have taken a dip or if suspect that your website has malware and is been compromised, keep an eye out for the following red flags.
1. The Red Screen of Death
As mentioned earlier, this type of warning typically occurs if the malware threats have gone unchecked for some time. When customers access your website, Google actively warns them of the security threats that visiting your site might pose. While the warnings may vary on the type of malware Google finds on your site, you can check for such warnings by searching your site on Google or entering the URL. This also means that your website has already been blacklisted by Google Safe Browsing.
Most mainstream browsers besides Google Chrome (such as Firefox, Opera, and Safari) use Google’s Blacklist as a guide for dishing out warnings. Possible messages include but are not limited to:
- The website ahead contains malware
- Danger malware ahead
- The site ahead contains harmful programs
- The site ahead contains malware
- This website has been reported as unsafe
- This site may harm your computer
2. Visual Changes and Dubious Pop-Ups
Images not displaying properly? Has your content been revised since you last saw it? Or is your website now host to several unwelcome pop-ups? Whatever the visible change in your website, be sure to note these down immediately. If possible, try to assess what’s causing the change, or contact your web developer if you’re unsure. Remember that though these types of breaches are common, they are also the ones most likely to put off potential customers that visit your site and may tarnish its reputation if left unchecked. Act swiftly to take these down.
3. Account Lockout or Invalid Credentials
Ask anyone with access to your website to try logging in with their credentials. If you find that anyone has been locked out or is met with an invalid login message, immediately change their permissions or ask them to apply for the ‘Lost Password’ option to cut off the intruder’s access.
4. Stranger Danger
While getting locked out of an account is not a prerequisite to this red flag, it usually precedes it. Mysterious changes in page roles and the number of persons authorized to make changes is a sure sign that your website may be tapped with malware. Whether it’s new users registered as admins or switched page roles, this kind of breach has the dangerous potential to spiral into the succeeding signs listed below if you don’t act fast.
5. Crack that Code
This type of Malware breach is a lot more subtle. Code inserts are a lot like ninjas. Inconspicuous, sneaky, and effective. A less obvious type of breach would be harder to tackle, and are only detectable through the Google Safe Browsing and Google Search Console—usually after some type of flagging has already commenced. Code Inserts are one of the more insidious kinds of Malware breaches, specifically because while UX and visuals don’t suffer, your website performance definitely will. Remember that when dealing with a code insert, and hard work that you have put into building your SEO performance can quickly go down the drain.
6. Strange Activity on Your WordPress
Have there been any strange changes to your website since you were last on it? New, unapproved content and new user passwords are only a few of the possible changes that can be made to your WordPress should it have been infected with Malware or hacked. Unfortunately, such breaches and activity logs are not automatically tracked by WordPress, unless you installed a WordPress activity log plugin pre-breach. If you have been keeping your audit of website activity, it will be easy to tell you and your registered users’ activity apart from the suspicious kind.
7. Monitor Your Files
Hosted files are one of the easiest ways for hackers to inject malicious code, and can pose a threat to your webpage visitors if left unattended. Hackers can deposit malware directly into your files by changing their source code. Even payment skimming via hosted images can take place on your site. If you have noticed any new, revised, or deleted files that you’re suspicious of, flag this immediately. Make a habit of reviewing file changes and double-checking with other users who have access to the files if they have made any recent modifications.
8. Unusual Website Traffic and Metrics
If you have been keeping tabs on your site activity on Google Analytics or Google Search Console, chances are, you would have a feel for the normal trends, such as the highs and lows of traffic, the usual locations of your visitors, standard page speed, and the most popular pages among users. Sharp spikes or dips from your usual traffic, as well as user activity outside of the usual geographic locations, are red flags that should be taken seriously and investigated as possible signs of a breach. Keep tabs on your site traffic, metrics, and ranking via Google Analytics to assess the damage.
Did any of these red flags seem familiar to you? Whether it was just one or all of them, any sort of Malware breach should be taken seriously.
The best method to tackling these red flags can be summed up in 5 steps:
1. Assess the Damage
If you read through the eight signs, chances are, you’ve already begun your assessment. Assessing the Damage by studying your website metrics, trends, ranking, and code will enable you to better understand the kind of breach and the steps necessary to fix it. Whether you are savvy with website management or you have a trusted developer, it is a good idea to keep a record or audit of any changes you make to your site, as well as the activity of any user with access to the page. Gathering this data will be integral to identifying where the breach is coming from, such as a file, or a malicious code insert. The sooner that you can identify the source, the better and easier it can be tackled.
2. Secure your Site
Make sure to disable access to your website in the meantime and put it on maintenance mode so that your customers or site visitors can be protected from any possible phishing or threats that might arise from the attack. After assessing the damage and tracing its source, it may be best to bolster your website’s defenses against future breaches. CMS Hardening, SSL, a Website Firewall (WAF), and WordPress plug-ins such as Sucuri and Wordfence are only a few of the possible things you can equip your website with so it can stand its own against future malware attempts. Or you can also use Sucuri Website Malware Scanner or Website Malware Checker tool to analyse the threats on your website. Make sure to completely change your passwords and advise the rest of your team who have access to the site to do the same.
3. Clean up the Mess
After you isolate your site from clients, clean up unnecessary and cached files from your site ASAP. Chances are, these files may have been used as a vehicle for a malware attack. Keeping your files clean, tidy, and up-to-date is the key to easier and faster file management in the long run while mitigating malware attack risks in the process. You can also take a help of Website Malware Cleaner to clean up the mess on your website.
4. Review your Loadout and Team
Go over the plug-ins that you have enabled on your site and list down each of their purposes. Curate what you still need for your site to run smoothly and do away with what you don’t. Always remember to keep your remaining plug-ins up to date so they are ready for whatever new threat is thrown at them. Repeat the process when reviewing the registered users on your website, as well as their page roles so you can delete inactive users from the list and switch around roles if need be. This will also be integral when considering stricter file permissions to prevent breaches from originating there.
5. Decide on a Course of Action
If you have enforced all solutions listed above and still find that your website is too severely compromised then it may be time to decide on your course of action. For extreme cases, website termination is the only option. This is a very rare and final resort; however, this option may need to be considered, especially if hosting is also compromised. Changing hosting providers entirely is also worth considering. A website is like a good car- – it may the best you have ever had, but as parts of it break down it may be cheaper and wiser to simply get a new one.
Keep in mind that when dealing with malware attacks, the best offense is a good defense. Prevention is always better than a cure. Having a trusted web design company handle your website usually means that all of these problems have already been planned and prepared for as part of your website’s design and development process, and usually no longer escalate to website termination. An effective web developer would also have equipped your website with additional security from the get-go, and would also be in charge of maintaining your website’s logs, files, and plug-ins, ensuring that all of these are up to date and as effective as possible for attack mitigation.
And should an attack ever occur, a good web developer would be able to provide the best recommendations on how to move forward most conveniently and cost-effectively, leaving you to focus your energies on what you do best: breaking boundaries and running your business.
This is a guest post by Marc Bartolome, a strategist and enabler of hundreds of successful digital marketing campaigns. Always looking out for the little guys, he specialises in helping SMEs create a bigger impact online – which is why he writes blog posts like this.