My Website Was Hacked

by | Nov 19, 2016 | Web Design

Malware on WordPress

We recently had a client contact us about a WordPress website they were not able to log into. They said “I think my website was hacked!” and asked us to troubleshoot and repair the site. On our initial inspection we discovered not only could they not log in but the entire site was down.

What exactly is a “Hacked Website“?

A website can get hacked many times. When a site is hacked, the hacker will generally put malware on your website so they or others can access it later. They do this to spread spam, for clicks (if they’re running a CPC or CPM ad network), or for any other reason you can think of. They may even be doing it for fun, just to show off or create mayhem. A hacked website is not always malicious and as such does not have to be repaired immediately, but in our experience we are seeing an increase in hacked websites being looked into by our clients lately.

By definition a “Hacked Website” is one where files on a website have been changed to intentionally interrupt the normal operation of the site or its hosting server. In-depth analysis can suggest whether a hacker was looking to cover up their tracks, or just for fame and for glory.

Password Compromised

A hacked website is usually caused by compromised passwords. Once a hacker has your password they will try it out against a few other websites to see if they can gain access. The more complex your password, the harder it is for them to crack; even a shorter password can be secure if it’s complex enough. So make your passwords complex and unique, and change them regularly!

What Does a Hacked Website Look Like?

Here are some common signs of a hacked website:

  • A strange domain name in the address bar. This is a sure-fire sign that something isn’t quite right. While you don’t need to know how it got there, you should take immediate action to remove it.
  • Unusual messages when accessing your files. These may be phrases such as “404 NOT FOUND”, “this page has moved” or the message could even come from a different website.
  • Your files are damaged, or any other unexpected files appear within them. If you aren’t sure what the file is, try to delete it and see if that helps.
  • Strange error messages. Again, these may come from a different website or could be generated by your own files. Check to see if this problem persists before undertaking any urgent action.
  • Strange files on your website or strange changes to your files. These could be anything from a testing page from the hacker, to malware injected into your pages.
  • A lower ranking in search engines for certain terms than you normally expect. If you suddenly find that it takes longer for visitors to reach your site, check if this problem is being caused by a hacked website.
  • Your site appears to be “hanging” (stuck in an infinite loop). If it’s taking a long time for your site to respond, this may be the result of a hacker using malicious software or code that freezes your page and prevents visitors from reaching it.

WordPress is very popular and this popularity makes it a prime target for hackers and spammers. Sometimes the efforts of spammers are successful yet not really damaging but sometimes the results are devastating and can cripple your website. Regardless of how invasive the attacks are, they all cause huge problems for the owner of the website. There are some effective modifications you can make on your WordPress website to make it more secure and protect it from the people with bad intentions. Read our Website Protection Tips to learn more about how to lock down your site.


What To Do When You Realize…

My Website Was Hacked

Don’t Panic!

First, don’t panic. Slow down and resist the urge to start trying different things to try and fix the problem. Often you will make things worse.

How We Fixed This Website

After getting access to their hosting provider (whom shall remain nameless) we set up a new FTP account. When we looked at the files there were numerous .PHP files that had been renamed with the suffix .suspected. We tried renaming the plugins folder but that made no difference. We ended up deleting everything on the site except the wp-contents folder and the wp-config.php file. Then we uploaded a fresh WordPress installation.

Next we added the plugins back in 1 at a time with the exception of one folder which was named “normalstiil” that was in the plugins folder. The client didn’t recognize the name and it turned out to contain a file named bouncer that was infected with a virus.

Back In Business

The end result is that we were able to get the site back up and operational without losing any of the clients’ data. If you manage your own WordPress website you should review your site on a regular basis.

If you don’t have time or the inclination to take care of your website, check out our Website Management page.

This particular website had a ton of spam in the comments which we deleted and then turned comments off.

There were also several posts the client didn’t make. This further emphasizes the need to monitor your site regularly.

If you have any questions or would like additional information, please Contact Us.

0 Comments

About The Author

Team 218 Web ServicesHi, I'm Chuck Hersey. I'm a partner at Team 218 Web Services and I created this content. I've been building websites and working with SEO projects for over 20 years. I started Team 218 in 2014 with a goal of offering quality, affordable websites to Iowa small businesses and nonprofit organizations. I wanted to provide a complete website package solution to make getting a website easy and fun.

You can contact me by email (puhpx@grnz218.pbz), through our Contact Form or by text or phone at 319-333-0815.

You Might Also Like

Website Management Services – First Month Free

Website Management Services – First Month Free

#websitemanagementservices #webmasterservice #Team218 Save some money. Our Website Management Service is already a pretty sweet deal and now you can save a few bucks in the process. Sign up now and get your first month free. You read that right, $660 for a full year...

How Can A Nonprofit Website Be Used To Increase Volunteer Engagement And Recruitment?

How Can A Nonprofit Website Be Used To Increase Volunteer Engagement And Recruitment?

That’s The Question: How Can A Nonprofit Website Be Used To Increase Volunteer Engagement And Recruitment?

There are a number of ways that a nonprofit website can be used to increase volunteer engagement and recruitment.

First, it is important to have a solid web presence. This means having a well-designed and user-friendly website that is easily accessible and provides clear information about the organization’s mission and volunteer opportunities.

To create a solid web presence, it is important to have a website that is easy to navigate, visually appealing and includes all the important information about the organization’s mission, goals and volunteer opportunities. The website should also be optimized for search engines so that it is easy to find and user-friendly. Additionally, it is important to regularly update the website with new content, news and events to keep visitors engaged.

Another key strategy is to use interactive content to engage with potential volunteers. This can include asking questions, requesting submissions and nominations, and using polls or surveys to encourage participation from the community.

In addition, it is important to harness the power of technology to improve volunteer engagement at virtual events. This can include using customized and integrated software solutions to manage volunteer sign-ups, scheduling and communication.

In summary, a nonprofit website can be used to increase volunteer engagement and recruitment by having a solid web presence, using interactive content to engage with potential volunteers, and utilizing technology to improve virtual volunteer engagement.

If you have questions about your nonprofit website, please get in touch and we’ll be happy to help.

Significance of Website Performance and Speed

Significance of Website Performance and Speed

5 Tips For Website Performance and Speed To Boost SEO Website performance and speed are critical factors for search engine optimization (SEO) because they have a direct impact on user experience and the ability of search engine crawlers to index and rank a website. A...

Pin It on Pinterest