Sarah BerryWeb Marketing Consultant
- 9 minute read
- Sarah Berry is a Google Analytics-certified Web Marketing Consultant at WebFX. She’s written over 400 articles on digital marketing, covering topics like SEO, CRO, and Amazon. When she isn’t polishing her Time Magazine Person of the Year Award, she’s spending time with her flock of ducks.
The nail biting. The endless coffee. The sleepless nights.
You can’t keep it up, but you need to know: Is my site hacked?
Good news, you don’t have to stay up all night, grind down your nails, or consume all the coffee in the building to find out if your website has been hacked.
You have plenty of free (and trusted) tools that you can use to check your site. Keep reading to see if your website is still secure!
Plus, learn about the six different ways you can check for a hacked site. If you’d like to stay in-the-loop on how to create a secure website and build a site that gets traffic, sign up for our weekly newsletter: Revenue Weekly.
Is my site hacked: 6 ways to check if your website has been hacked
Asking yourself, “has my website been hacked?” We’ve got you covered. Here are six ways to check if your site has been hacked:
- View “Security Issues” in Google Search Console
- Use Google’s Sage Browsing tool
- Watch for notifications from hosting providers, browsers, and more
- Check search results on Google
- Investigate website files
- Check for cloaked hacked content with Google’s URL Inspection Tool
1. View “Security Issues” in Google Search Console
The most common answer to, “Is my website hacked?” is, “Have you checked Google Search Console?” Google Search Console is a must-have tool in your security toolkit.
No matter how you find out you have a hacked website, every guide will tell you to log in to Google Search Console (or create an account) to view the “Security Issues” report. Go ahead and view your report with these steps:
- Log in to Google Search Console: https://search.google.com/search-console/welcome
- Go to the “Security & Manual Actions” tab via the left-hand sidebar
- Select “Security Issues”
- View your report
Here, Google will summarize several security issues, including:
- Phishing and deceptive sites
- Cross-site malware warnings
- Code, content, and URL injections
- Server configuration, SQL injection, code injection, and error template malware infections
If you have any security issues listed in your “Security Issues” report, you must start working with your team to resolve the issue. Your site has been hacked, and you need to act fast to restore your website and protect any site visitors.
2. Use Google’s Safe Browsing tool
- Go to Google’s Transparency Report
- Enter your site URL
- View your results
For many webmasters, Google Safe Browsing offers the most up-to-date information on a site and its status. Google scans its index of sites daily, checking for malware. It also uses advanced statistical models to spot phishing websites.
If your site comes up as hacked or compromised in Google Safe Browsing, get started on fixing the problem.
Within 24 hours, Google should assess and clear your site as safe.
3. Watch for notifications from hosting providers, browsers, and more
Notifications can also alert you to a hacked site. A few examples of notification sources include:
In most cases, your hosting provider, like GoDaddy or HostGator, will notify you if your website gets hacked. When sites get hacked, hosting providers typically take the website offline and then email the owner.
Check your inbox for notifications from your hosting provider.
Your web browser, like Google Chrome, can also alert you to a hacked site. With Google Chrome, for example, a red screen will notify you about visiting an unsafe website and give you the option to go back to the previous page. Visit your site in your browser and look for an alert.
Google Search Console
If you have a Google Search Console account, you can also receive security alerts about your website.
Depending on your settings, Google Search Console may automatically send emails about security issues and manual actions to you. Check your inbox regularly to catch security alerts fast.
In rare cases, users on your website may alert your team to security issues. Someone may email or call your company, for example, to share weird behavior, requests, or content on your site.
Don’t ignore these users — check your website to verify their claims and fix any issues.
Websites with malware scanners can also catch cyberattacks. IsItWP Security Scanner, for instance, is a popular malware scanner for WordPress sites. While a malware scanner isn’t required, it’s a helpful tool for keeping your website safe and secure.
Research and download one to keep your site secure. Adopting a proactive approach to monitoring notifications, like from your hosting provider, Google Search Console, and malware scanner, helps you spot a hacked website fast. The sooner you learn that your website is hacked, the faster you can react.
4. Check search results on Google
Google search results is another common way for businesses to discover that their site’s been hacked. Look for a hacked site via Google search results by following these steps:
- Go to https://www.google.com/
- Enter “site: domainname.com” and search
- View the results
The search results should all come from your site. If not, make sure you’ve used the search operator (site: ) and spelled your domain name correctly because that limits Google’s search to the specified domain name — your website. Under the first few search results, look for the statement, “This site may be hacked.” If you see this message, then Google detected malware or phishing activity on your website.
Again, alert your team and get started on fixing the issue. For more information about what Google found on your site, log in to Google Search Console, and view your “Security Issues” report. Once you fix the issue, you can request Google to re-check your site.
5. Investigate website files
Critical site files, like your .htaccess and .php files, can also alert you to a hacked website. If you don’t have a developer background, don’t worry about this tactic. You can use Google Search Console, as well as Google Safe Browsing, to detect and uncover hacking.
Only use this strategy if you understand what you’re looking at — otherwise, it won’t help you.
Within these files, you or your developer can look for malicious code and unsafe links. Developers can find unsafe links by looking for new pages on your site.
Hackers create these pages to house spammy links, and then redirect other pages on your website to these link-filled pages. While developers can uncover unsafe links fast, malicious code will take longer since it looks like regular code.
6. Check for cloaked hacked content with Google’s URL Inspection Tool
Google recommends using their URL Inspection Tool to check your site for cloaked hacked content if you suspect that your site has been hacked.
Cloaking is a hacking technique that makes cleaning your site more difficult by showing different content to different types of users. As a result, you might visit one of your site pages to see your content missing, which could lead you to believe that the hacked content is gone.
However, when a search engine like Google accesses your site, it will see spammy content and links.
When you use the URL Inspection Tool, you’ll be able to view a rendered version of the page. In other words, you can view a screenshot of the page as Googlebot sees it.
As a result, you can check for any cloaked content and ensure the correct content is displaying as you intended for yourself and Google.
How to fix a hacked website
If your answer to, “Has my site been hacked?” is yes, then it’s time to get to work. When it comes to repairing a hacked website, you have two options:
- In-house: If your company has the team and expertise, you can restore your site in-house. In most cases, your team will need to analyze the situation before determining if you can fix the problem in-house or require the expertise of a specialized third-party.
- Outsourced: If your business doesn’t have the team size or skill to fix your website, don’t hesitate to outsource the issue. Work with your hosting provider or another experienced company to remove the malicious code and repair your site.
Every website hack is different, which is why there isn’t a direct or simple approach to fixing a site. Your solution will depend on several factors, like the hack itself. What matters is that your team responds fast to the issue and starts repairing your website as soon as possible.
You should also notify any affected parties, like customers, without delay.
Our digital marketing campaigns impact the metrics that improve your bottom line.See More Results
WebFX has driven the following results for clients:
In client revenue
Leads for our clients
Client phone calls
Protect your website from hacking with WebFX
Your website can get hacked fast. Whether due to easy-to-break passwords, malware software, or unsecure websites, a hacker can quickly take advantage of your site and the security of its users.
That’s why your business must secure and protect its website as much as possible.
At WebFX, we offer website maintenance services to keep your site’s security up to date. From monthly to hourly to after-hours, we provide a complete package for protecting your website throughout the year.
Sarah Berry is a Google Analytics-certified Web Marketing Consultant at WebFX. She’s written over 400 articles on digital marketing, covering topics like SEO, CRO, and Amazon. When she isn’t polishing her Time Magazine Person of the Year Award, she’s spending time with her flock of ducks.
WebFX is a full-service marketing agency with 1000+ client reviews and a 4.9-star rating on Clutch! Find out how our expert team and revenue-accelerating tech can drive results for you! Learn more
- Is My Site Hacked: 6 Ways to Check if Your Website Has Been Hacked
- 1. View “Security Issues” in Google Search Console
- 2. Use Google’s Safe Browsing Tool
- 3. Watch for Notifications from Hosting Providers, Browsers, and More
- 4. Check Search Results on Google
- 5. Investigate Website Files
- 6. Check for Cloaked Hacked Content with Google’s URL Inspection Tool
- How to Fix a Hacked Website
- Protect Your Website from Hacking with WebFX