In most cases, it looks like your site is either broken or has clearly been hijacked by someone else. In many cases, it will also be advertising or doing something you didn’t ask it to like advertising offshore pharmaceuticals, sending spam, or downloading viruses onto visitors’ computers.
What are some common symptoms of a hack?
The biggest sign of a hack is when you either receive a warning about it or notice something obviously wrong with your site like spam ads on your site or search results or noticeable defacement to the site. Another red flag is when your website tries to download something onto visitors’ computers when it’s not supposed to.
The most common warnings about suspected hacked sites are:
Google: “This site may harm your computer”
Google: “This site may be compromised”
Google: “This site may harm your device”
Google: “This site may be hacked”
Chrome: “Warning: Something’s Not Right Here”
Chrome: “Danger: Malware Ahead”
Firefox: “Reported Attack Site”
Internet Explorer: “This website has been reported as unsafe”
Safari: “Warning: Visiting this site may harm your computer”
What kinds of hacks are there?
There are several kinds of hack including (but not limited to):
SQL injection – Where a hacker either inserts bogus content or user accounts into your site or pulls data they should not have out of the site (e.g. user accounts)
Spam hacks – Spam hacks involve using your site as a marketing tool for something else like pharmaceuticals (called the “pharma hack” or “pharma injection”), watches, or services in other languages. Sometimes this comes in the form of spam comments. Other times it’s in the form of content on your site (pages, parts of pages, etc).
SEO or Google hacks – SEO hacks are when the hackers only display their hack to Google so they can improve their own SEO rankings or site traffic. Typically the first sign that you’ve been hit with this hack is a warning like “This site may be compromised” or “This site may harm your computer” next to your website links in Google.
Base64 hacks – This hack allows a hacker to run whatever code they want to run on your website in a well-hidden way because they are “obfuscating” their code so it’s not easily readable. Usually between hiding the code and clever naming of the files that they infect, they are able to hide what they are doing making it easy to notice that you have been hacked, but hard for most webmasters to find the hacks. These base64 hacks using base64_encode or base64_decode functions from PHP are some of the more common hacks and span the realm of hack types from spam hacks, redirection, unauthorized downloads, back doors, botnet server control, mass emails and more.
Eval hacks – While some hacker code tries to hide via base64 encoding, some of the newer breeds of hack use alternative methods of hiding their hack code like displaying their code in reverse order so you can’t search for it manually, breaking up the code into blocks of say 5 characters at a time and then combining those, or downloading the code they use from a hacker’s website when the page loads so that the hack code largely isn’t even on your site.
Server rooting – While many hacks target holes in the security of the website, some hacks target vulnerabilities in the the server. In some cases this is related to unapplied security patches to your server’s hosting software or operating system. In other cases, the hacker finds a way to upload “rooting” tools to your server so they can take over the master user account on the server and completely control your server – not just your website.
Brute force hacks – While newer hacks use more sophisticated methods of detecting security flaws, modern computing power has made it still feasible to try brute forcing your way into a website. In some cases, the hacker will try brute force to log into your WordPress admin. In other cases, they’ll target your FTP, registrar, hosting, or SSH logins to gain some larger control over your site, your domain, or your hosting control panel.
Vulnerability probing – In the same vain as brute force attacks, there are also brute force methods of searching for security vulnerabilities. Either through freely available hacker software or their own custom written malware, if you notice a spike in 404 errors on your site for pages that do not nor ever have existed, it’s likely that your website is being probed for security holes so that a hacker can find one to break into your WordPress site.
Core WordPress or plugin direct targeting – In many cases, you can determine whether a site is running WordPress by simply viewing the source code of the website. That’s the double-edged sword of the openness of the Internet. What makes it easier to target WordPress and other CMS systems, however, is their tendency to also display the software version you’re using in that code. In just a few moments a hacker could determine not only that you’re using WordPress but also what version you’re using so they can go look up the known vulnerabilities in that version and attack those on your site.
Denial of Service or “DDoS” hacks – DDoS hacks are intended for one purpose: to bring your site down. While not the most common type of attack, a DDoS can be devastating for a site owner who does not know how to combat it because a distributed list of requests to your website from all over the world simply overwhelm your site and keep it down until the DDoS is over or you find a way around it.
Botnet or mass email hacks – Botnet hacks are hacks intended to control multiple servers or websites to distribute some sort of content (emails, website spam, malware, etc). In some cases, a hack will also take over your server by sending thousands of emails out to distribute spam or phishing emails to as many people as possible. Frequently such hacks will find your website and/or email addresses blacklisted and your webhost will often shut down your site when they detect such hacks.
Vanity hacks – Vanity hacks are when a hacker hacks your site for prestige to show that they can hack sites. Usually these are denoted by messaged that say “hacked by…” and the name of the hacker.
Fraud or data theft hacks – For sites with large lists of users or that contain e-commerce or donation components, hackers may also try to break into the site to steal user or credit card data, put a tap on credit card forms to steal credit card info on the fly as your site processes credit cards, or even in some cases to buy from or donate to you using your online e-commerce or donation components to test a bunch of stolen credit cards.
Does getting hacked affect my search engine ranking?
It can. Google and other search engines do understand that getting hacked is not necessarily your fault, but they also have to protect the people they would otherwise send to your site. Once they find out that you have been hacked, they warn people about that before letting them visit your site. If you don’t address the problem quickly, they may also dock your search rank.
How long will it take to fix?
That depends on the hack. In most cases it can be fixed within a day or two. But when you’ve been hacked by a savvy hacker, it can take more time to determine how they’re breaking in and to block them.
What will it cost to fix it?
It depends on the hack. If the hackers simply added some code or files to your site, it’s usually pretty quick to remove that. If they have done damage to the content or appearance of your site or if they have infected your server/hosting with malware also, it’s a much more complicated fix. In many cases, the hack can be removed, your site can be upgraded to more modern security practices, and Google can be notified about the hack repair for $349 or less. Once you submit your site information to us, we can investigate provide you with a more exact estimate based on your unique situation.
Can't I just restore my site from a backup?
Yes and no. Yes, restoring your site from a backup will make the problem go away temporarily. But if you determine how the hackers broke in and block them from getting in that way, you will typically just get hacked again within the day or two after you restore your site.
What are the common causes of these WordPress hacks?
The most common causes of WordPress hacks is running old versions of WordPress, old or unsupported plugins/themes, or shoddy customizations done by another freelance “WordPress expert”. That said, WordPress core intentionally leaves a number of security vulnerabilities in place (as do all CMS systems) because plugging those security vulnerabilities is either a different process for different hosting platforms or will likely cause side effects with a common collection of plugins and themes. If you’re afraid to run updates because it can break things as well or don’t know what to do, we can also maintain that for you with our WordPress maintenance plans.
Aren't there automated tools for cleaning out hacks? How is this any different?
Yes and no. Yes, there are tools that can identify and remove hacked files, but those tools won’t also fix the source of the hack and that means the hackers will be back and will just hack your site again. What we provide differs as we not only clean up the initial damage, but also stick with you to determine the cause of the hack so we can block the hackers from getting back into your site again. Especially if you’re running ongoing SEO or marketing campaigns, it is crucial to make sure you don’t keep getting hacked over again.
Won't I just get hacked again after you repair everything?
During the repair process, it is possible to get hacked again, but once we’ve identified the cause of the hack and blocked it, you won’t be able to be hacked again unless another cause arises that is not quickly addressed. In addition to repairing the hack, we can also monitor and address such issues for you on an ongoing basis so you don’t even have to think about the security components of your site.
Is there a way to prevent this from happening again?
Yes. Once we have identified the cause of the hack, we can block it. As technology changes, though, other security holes may pop up, so it’s important to stay on top of the security on your site all the time. If you like, we can handle that ongoing maintenance for you as well so you can focus on what matters most to you – running your website rather than fixing it.
Do you have an ongoing WordPress security and maintenance program?
Yes we do. If you have a clean/unhacked WordPress website and just need someone to ensure that it stays that way, we can take over the routine maintenance and security of the site. Our maintenance plans include:
Monthly WordPress, plugin, and theme updates
Tweaks to your site and theme to fix small incompatibilities or breakages that arise from installing updates
Monthly WordPress backups
Ongoing hack and malware monitoring
Free hack repairs during the life of the maintenance program
Pricing varies based on the type of site you have (blog, full website, e-commerce). Call us today for pricing.
I own a marketing, design, development firm. Can I resell your services?
Yes. A lot of our clients have coupled our security and maintenance services with their own maintenance, marketing, development, or design services. Others simply need someone to turn to if their clients websites get hacked. For questions about reselling our services or to get a copy of our maintenance agreements for use reselling our services, contact us at email@example.com or call us at 405-562-6360.
I think my WordPress site is built in a shoddy, insecure way. Can you guys reconstruct it the right way?
Yes. One of the more common things that we do here at UnHack.Us is rebuild websites in the “WordPress way”. Frequently self proclaimed “WordPress experts” will try to extend WordPress by building custom WordPress plugins for features that already exist inside WordPress, by using raw PHP code to “shell WordPress” for a custom theme, or by sandwiching WordPress into another part of a custom site they have built for you. Most of these methods are completely unnecessary and amount to an insecure website that feels like a “house of cards” even for the people using your site that know nothing about WordPress or coding.
If you need a quote for a site rebuild, email us at firstname.lastname@example.org or call us at 405-562-6360.
Can you guys do a security audit for me?
Yes. We can run security audits for your website, your server, your web application, or any combination of those. For help with a security audit, email us at email@example.com or call us at 405-562-6360.
THE UnHACK.US TEAM
GET HELP NOW
WHAT OUR CLIENTS SAY
"In 10 years, I've never found someone who both can and does do exactly what they say they will do. Until now..." - Coggan Creative
Same day repairs and security lockdowns
Flat rate fees
Reach us by phone… not just by email
Money back guarantee
WordPress core and WordPress plugin updates
iThemes Security (formerly Better WP Security) protection and lockdown