Case Studies: Fixing Hacked Sites

In hopes to provide help to other webmasters who have been victims of hacking, Google shares two different stories of websites that had been hacked and then cleaned up by their owners, one of a restaurant website with multiple hack-injected scripts and another of a professional website with lots of hard to find hacked pages.

Cleaning up a hacked website is usually an involved task that often requires hiring a professional. Google advises to void the hassle by following a few simple steps to minimize chances of being hacked:

  • Avoid using FTP when transferring files to your servers. FTP does not encrypt any traffic, including passwords. Instead, use SFTP, which will encrypt everything, including your password, as a protection against eavesdroppers examining network traffic.
  • Check the permissions on sensitive files like .htaccess. Your hosting provider may be able to assist you if you need help. The .htaccess file can be used to improve and protect your site, but it can also be used for malicious hacks if they are able to gain access to it.
  • Be vigilant and look for new and unfamiliar users in your administrative panel and any other place where there may be users that can modify your site.

Lessons I Learned When My Blog Got Hacked

This is one artist’s story of getting hacked, cleaning her blog after the hack, and what she learned in the process: Lessons I Learned When My Blog Got Hacked. Although Lori’s site is powered by WordPress, most of her article can be applied to any web site.