Today Google provided some tips, complete with case studies, on how to fix hacked sites.
After speaking with two webmasters who resolved some complicated hacked site issues, Google decided to share their stories to help other site owners who may be trying to fix similar problems.
Google will also be using these stories, and other feedback sent in from webmasters, to continue to improve its documentation on fixing hacked sites.
The following are condensed versions of the two case studies. I encourage you to visit Google’s original post for full details.
Case Study #1: Restaurant website
Problem: Multiple hack-injected scripts
A restaurant website built on WordPress was taken out of Google search after being reported as a hacked site. The owner of the site discovered links had been inserted into the source code linking to spammy terms such as “viagra” and “cialis.”
The site owner removed the links, but her reconsideration request was rejected. On second inspection she found new content added to her footer.php, index.php, and functions.php. Once that was cleaned up she submitted another reconsideration request and was informed her site was free from hacked content.
Following the hacking incident, this site owner has kept her site secure by doing the following:
- Keeping the CMS and plugins up to date.
- Having a difficult and unique password for the admin account.
- 2-step verification for login.
- Only installing plugins from a reputable source.
Case Study #2: Professional website
Problem: Lots of hard to find hacked pages
After being notified that her site was hacked the owner, named Maria, made many attempts to find the hacked content in her source code but came up with nothing.
She was then advised by Google to do two things:
- Verify the non-www version of her site, as hackers often try to hide content in folders that may be overlooked by the webmaster.
- Check her .htaccess file for new rules.
Maria discovered that once she verified the non-www version of her site she was able to successfully see the hacked content with the Fetch as Google tool. When she checked her .htaccess file she found some strange code that redirected search engine visitors to a file with hacked content.
When Maria removed the main.php file, the .htaccess file, and removed an unknown user from her FTP users area, she found that her site was no longer hacked.
Google’s Tips For The Future
Google has provided the following advice for site owners looking to keep their sites secure:
- Avoid using FTP when transferring files, since FTP does not encrypt any traffic. Use SFTP instead, will encrypt everything.
- Check the permissions on sensitive files like .htaccess.
- Be vigilant and look for new and unfamiliar users in your administrative panel, and anywhere else an attacker could log in to your site.
If your require further helped with hacked sites, you can always check out Google’s Help for Hacked Sites page.