The nail biting. The endless coffee. The sleepless nights.
You can’t keep it up, but you need to know: Is my site hacked?
Good news, you don’t have to stay up all night, grind down your nails, or consume all the coffee in the building to find out if your website has been hacked.
You have plenty of free (and trusted) tools that you can use to check your site. Keep reading to see if your website is still secure!
Plus, learn about the six different ways you can check for a hacked site. If you’d like to stay in-the-loop on how to create a secure website and build a site that gets traffic, sign up for our weekly newsletter: Revenue Weekly.
1. View “Security Issues” in Google Search Console
The most common answer to, “Is my website hacked?” is, “Have you checked Google Search Console?” Google Search Console is a must-have tool in your security toolkit.
No matter how you find out you have a hacked website, every guide will tell you to log in to Google Search Console (or create an account) to view the “Security Issues” report. Go ahead and view your report with these steps:
- Log in to Google Search Console: https://search.google.com/search-console/welcome
- Go to the “Security & Manual Actions” tab via the left-hand sidebar
- Select “Security Issues”
- View your report
Here, Google will summarize several security issues, including:
- Phishing and deceptive sites
- Cross-site malware warnings
- Code, content, and URL injections
- Server configuration, SQL injection, code injection, and error template malware infections
If you have any security issues listed in your “Security Issues” report, you must start working with your team to resolve the issue. Your site has been hacked, and you need to act fast to restore your website and protect any site visitors.
2. Use Google’s Safe Browsing tool
Google offers one of the fastest and most effective ways to see if your site’s been hacked. With its Safe Browsing tool, you can check your website’s status instantly. Just follow these steps:
- Go to Google’s Transparency Report
- Enter your site URL
- View your results
For many webmasters, Google Safe Browsing offers the most up-to-date information on a site and its status. Google scans its index of sites daily, checking for malware. It also uses advanced statistical models to spot phishing websites.
If your site comes up as hacked or compromised in Google Safe Browsing, get started on fixing the problem.
Within 24 hours, Google should assess and clear your site as safe.
3. Watch for notifications from hosting providers, browsers, and more
Notifications can also alert you to a hacked site. A few examples of notification sources include:
- Hosting provider
In most cases, your hosting provider, like GoDaddy or HostGator, will notify you if your website gets hacked. When sites get hacked, hosting providers typically take the website offline and then send an email to the owner. Check your inbox for notifications from your hosting provider.
- Internet browser
Your web browser, like Google Chrome, can also alert you to a hacked site. With Google Chrome, for example, a red screen will notify you about visiting an unsafe website and give you the option to go back to the previous page. Visit your site in your browser and look for an alert.
- Google Search Console
If you have a Google Search Console account, you can also receive security alerts about your website. Depending on your settings, Google Search Console may automatically send emails about security issues and manual actions to you. Check your inbox regularly to catch security alerts fast.
- Internet user
In rare cases, users on your website may alert your team to security issues. Someone may email or call your company, for example, to share weird behavior, requests, or content on your site. Don’t ignore these users — check your website to verify their claims and fix any issues.
- Malware scanner
Websites with malware scanners can also catch cyberattacks. IsItWP Security Scanner, for instance, is a popular malware scanner for WordPress sites. While a malware scanner isn’t required, it’s a helpful tool for keeping your website safe and secure.
Research and download one to keep your site secure. Adopting a proactive approach to monitoring notifications, like from your hosting provider, Google Search Console, and malware scanner, helps you spot a hacked website fast. The sooner you learn that your website is hacked, the faster you can react.
4. Check search results on Google
Google search results is another common way for businesses to discover that their site’s been hacked. Look for a hacked site via Google search results by following these steps:
- Go to https://www.google.com/
- Enter “site: domainname.com” and search
- View the results
The search results should all come from your site. If not, make sure you’ve used the search operator (site: ) and spelled your domain name correctly because that limits Google’s search to the specified domain name — your website. Under the first few search results, look for the statement, “This site may be hacked.” If you see this message, then Google detected malware or phishing activity on your website.
Again, alert your team and get started on fixing the issue. For more information about what Google found on your site, log in to Google Search Console, and view your “Security Issues” report. Once you fix the issue, you can request Google to re-check your site.
5. Investigate website files
Critical site files, like your .htaccess and .php files, can also alert you to a hacked website. If you don’t have a developer background, don’t worry about this tactic. You can use Google Search Console, as well as Google Safe Browsing, to detect and uncover hacking.
Only use this strategy if you understand what you’re looking at — otherwise, it won’t help you.
Within these files, you or your developer can look for malicious code and unsafe links. Developers can find unsafe links by looking for new pages on your site.
Hackers create these pages to house spammy links, and then redirect other pages on your website to these link-filled pages. While developers can uncover unsafe links fast, malicious code will take longer since it looks like regular code.
6. Use the Hacked Sites Troubleshooter
The Hacked Sites Troubleshooter, from Google, is a final way to check for a hacked site. Google recommends using this tool when you’re:
- Trying to find all the hacked content on your site
- Looking for any remaining issues following a hack
You can, however, use the Hacked Sites Troubleshooter when you’re investigating whether you have a hacked site. The free tool will walk you through the various steps and strategies for finding hacked content.
How to fix a hacked website
If your answer to, “Has my site been hacked?” is yes, then it’s time to get to work. When it comes to repairing a hacked website, you have two options:
- In-house: If your company has the team and expertise, you can restore your site in-house. In most cases, your team will need to analyze the situation before determining if you can fix the problem in-house or require the expertise of a specialized third-party.
- Outsourced: If your business doesn’t have the team size or skill to fix your website, don’t hesitate to outsource the issue. Work with your hosting provider or another experienced company to remove the malicious code and repair your site.
Every website hack is different, which is why there isn’t a direct or simple approach to fixing a site. Your solution will depend on several factors, like the hack itself. What matters is that your team responds fast to the issue and starts repairing your website as soon as possible.
You should also notify any affected parties, like customers, without delay.
Protect your website from hacking with WebFX
Your website can get hacked fast. Whether due to easy-to-break passwords, malware software, or unsecure websites, a hacker can quickly take advantage of your site and the security of its users.
That’s why your business must secure and protect its website as much as possible.
At WebFX, we offer website maintenance services to keep your site’s security up to date. From monthly to hourly to after-hours, we provide a complete package for protecting your website throughout the year.