Recovering from a hacking attack on your website
Hacking attacks are one of the harsh realities of life. While you should, of course, aim to prevent them from happening in the first place, it’s also strongly recommended to have a recovery plan in place in case hackers do get past your security.
Here is a quick guide to five points you should cover:
Quarantine your site
Even if your site appears to have retained some level of functionality, take it offline and keep it offline until you are sure it is totally cleaned up. If you need any more convincing of this point, your site may have been rigged to spread malicious content to innocent people accessing it and that could land you in all kinds of worse pain than just taking your site offline in the first place.
Inform your hosting platform
This is more than just courtesy, as they may be in a good position to help you. For example, they may know of other people who have had the same problem and be able to advise you what actions they have taken.
Even if they don’t, there’s a good chance they have specialist staff who will be able to guide you to recovery.
Find and fix the damage
This can take hours, or even days, to do. Frustrating as it may seem, do not be tempted to rush this part and remember the information about the dangers of allowing your site to be used to damage innocent parties.
Many hacks are not visible to visitors, and you may only know that you have been under attack because you received an email from your host telling you about suspicious files in your logs. You need to identify every single suspicious file and delete them, checking for damage as you go.
If you have a recent back-up of your website, you will be able to compare your back-end information and see what is supposed to be there and what, if anything, is missing. You may be able to simply upload the recent back-up to your server, depending on your circumstances, but don’t skip any of these stages if you want to keep yourself and your visitors safe.
Identify and fix the vulnerability or vulnerabilities that led to the attack
Although we’re listing this as a separate point, there’s a very good chance that the vulnerability or vulnerabilities that made this attack possible will be uncovered as you go through your clean-up operation. You need to fix them and learn from them.
Conduct an internal and external review
You will need to let Google know about your hacking experience to ensure you do not harm your SEO by getting marked as a spammy/insecure/low-quality site. Using Google Webmaster Tools, check that there are no new, active warnings about spam or hacking and, if there are, follow their instructions about how to let them know you have updated and fixed the problem.
You are highly recommended to conduct an internal review of what happened and what you learned from it. This will involve looking at how your website was vulnerable, the impact this had on your business, and how you can prevent it from happening again in the future.