With the recent “Wanna Cry” ransomware hack that affected hundreds of sites in the news, now is a good time to review your website to see if it has been hacked. Most businesses assume their sites are safe because they are sitting behind an encrypted firewall, but in light of recent attacks, many companies are discovering this is no longer sufficient.
In fact, no site is ever 100% safe from being hacked. There are new threats being developed and tested by hackers every single day. Granted, not all of these are ransom requests and some are just mischievous in nature. Knowing what to look for can help you determine if your site has been hacked.
Get into the habit of reviewing the technical performance of your website. This will help you identify problems should they occur. For instance, one such test is the amount of time it takes to load pages. If the average normal time is around three to four seconds, and suddenly it is now taking much longer, it could indicate a problem you need to look into further.
You notice there is new or altered content on your site pages that you did not write or post. This is a clear sign the site was hacked. Another telltale sign is if there are hyperlinks or popup ads to external sites you do not recognize.
Increased Page Errors
Does it look like content has been removed or you are getting a much higher number of errors on your pages? When a site is hacked, it is not uncommon for hackers to delete page code, make alterations to it, and do other malicious things to your pages.
Notification Your Site Was Blacklisted
Google and other search engines will blacklist sites and stop them from appearing in search engine results if their algorithms suspect a site was hacked. You may also even get a warning that pops up when attempting to access your site’s pages stating the security of the site might have been compromised.
New Plugins on Your Pages
One common hacking technique is to disguise malicious files, malware, or ransomware as plugins. If you discover the addition of new plugins that you did not load, it is an indication a hacker has gotten into the site.
Suspicious Server Processes
If you notice certain processes running on your web server that cannot be explained it might be a hacker. You should also review your server logs on a regular basis to look for strange activity.
If you suspect your site has been hacked, you will need to investigate further to determine if there was an actual breach. If so, then you need to clean up the damage, which could involve having to take the site down. You will also want to review your current security measures and make adjustments to help avoid future attacks.