So, someone hacked your website, and you’re devastated. You’re losing business by the minute, and you’re not sure how to get your site fixed and back online. Hopefully, you’ve got plenty of backups so you can restore everything stat.
But first, you need to find out how your website got hacked in the first place and fix it so it’s less likely to happen again. That may involve performing a technical audit or hiring a vendor to retrace the hacker’s steps. Below we’ll outline the actions you should take if you discover your site’s been compromised.
Cybercriminals and unauthorized users sometimes gain access to websites through stolen passwords. A password manager program can help you simultaneously change everyone’s passwords. You should do this immediately after finding out your site’s been hacked. There’s a good chance one of your authorized users’ passwords became exposed through malware or a phishing link.
Some password managers will also let you force anyone still logged into your website’s admin console or content management system to log out. Forcing logouts and password changes will ensure hackers with compromised credentials won’t be able to keep damaging your site and reputation. Once you’ve terminated all sessions and logins, you can begin to scan your site for suspicious programs and codes.
Once you’ve shut down unauthorized access to your website, you can start the diagnostic process. Scanning your site’s codes, pages, plugins, and widgets for malware is a good place to start. Hackers can install malware and malicious programs that redirect your URLs, domains, and subdomains to inappropriate sites. Cybercriminals might also install malware to use your website as a bot or launch a denial of service or DOS attack.
Unfortunately, hackers can do this to any part of your site that contains code or software. That’s why you must scan every API or widget, such as Droit Addons that integrate contact forms and customer testimonials. However, not all antimalware programs pick up or quarantine every malicious program out there. It’s wise to run more than one complete scan using different antivirus or antimalware solutions.
Unless you handle all IT and technical work in-house, you’ll probably work with a vendor or two to fix your site and get it back online. These partners include web hosting providers, desktop-as-a-service providers, cloud-based solution developers, and SaaS vendors. You might even work with managed services providers that handle most of your IT and network functions.
All these partners will need documentation to help you. For example, you’ll want to hand over evidence that leads you to believe your site was hacked. Vendors will also want to know if you or a team member made authorized changes lately. Say you installed a different plugin or updated the version of your content management systems. These details can be crucial to vendors that are backtracking the hack.
In addition, some partners may need temporary admin access to your site and its software programs. They may also want to look at logs and backup files. Gathering these details and information will help expedite the recovery process. Furthermore, vendors will have an easier time identifying how the hack happened and closing any existing security loopholes and vulnerabilities.
Yes, cybercriminals can gain unauthorized access to your site via the cloud and cloud-based services. However, they can also install malware and keylogging software on local devices. These include laptops, servers, point-of-sale machines, and any devices that connect to your network or access your website software.
That means that the point of origin for your website hack may have come from a USB drive or a downloaded email attachment. Besides scanning your website software and widgets for malware, you’ll want to scan each of your devices. You can automate this with scripts or scan each device individually.
Sometimes it’s better to be thorough and do both. Use your regular antimalware program from the network and follow up with a separate program locally. If you find anything, you may want to run a backup for documentation purposes and reinstall the system’s software from scratch. Of course, this will depend on the extent of any malware problems.
It goes without saying that once you or one of your vendors find the source of the hack, you need to take corrective action. It may be something as simple as updating your client or content management software. Sometimes it’s easy to overlook or forget routine security patches and updates.
That said, the hack’s root cause might be more complex and extensive. In severe cases, you may need to reconfigure network access points and controls, including administrator dashboards. You may also need to restore most of the content from valid, safe, and scrubbed backup files.
The most complicated scenarios require shutting down your hosting and content management software while transitioning to an updated service. You may need a vendor’s assistance to create a temporary landing page and contact form while you restore your entire site.
Website hacks usually happen because of vulnerabilities in software and security controls. Sometimes it’s lax password management and rules. Other times, there’s a lack of documented security procedures, and employees aren’t sure how to handle specific situations. An example is any policies about vendor and non-IT worker access to network resources and devices.
After you and your team identify the root cause of the website hack, you should evaluate whether you can benefit from tighter security controls and procedures. You might want to implement biometrics as a means of multifactor authentication. Your organization and team may decide to restrict physical and virtual access to most network resources. You might also consider a stricter approval process for installing software and website add-ons.
It’s 100% natural to panic once you’ve discovered your website’s been hacked. However, it’s important to stay calm and think rationally to expedite the repair and recovery process. If you’re short on technical skills or knowledge, enlisting the help of a vendor skilled at diagnosing network and website intrusions is a must.
Nonetheless, taking some preventative and preliminary steps on your own can get you on the way to site recovery. These include shutting down access and scanning for malware. Once you identify the problem, implement measures to correct any vulnerabilities and tighten network security. Hopefully, you and your IT partners can prevent the next attack by documenting what happened and why.