Learn from Google Case Studies of Hacked Sites Recoveries


Google released a pair of case studies on actual hacked sites and the steps site owners had to take to get their sites back on track. Some of their findings were especially helpful so we've outlined the most important points below.

Hacked Website Casey Study #1

The first site had hacked content within a WordPress site. After the bad links and text were removed from the source code a reconsideration request was sent in and rejected. The site owner was then instructed within Webmaster Tools to look further because hackers had also made changes to her PHP files and to her .htaccess file. The big take aways from the first case study:

  • Keep clean backups of your files for comparison
  • Don't be discouraged if your first reconsideration request is denied
  • Keep your CMS and plugins up to date with the latest versions
  • Use a unique and difficult password for your CMS administrative account
  • If possible, use a 2-step verification for login for your CMS
  • Only install plugins and themes from reputable sources

Hacked Website Casey Study #2

The second case study was trickier. The owner was notified of a hack through Google Webmaster Tools with an example of a hacked page provided. Neither the owner, nor the hosting company could find the added pages even after using a malware scanning service and the Fetch as Google tool. The reason being the owner had not verified the non-www version of her site and hackers had taken advantage by hacking her FTP, making themselves new users and putting a new rule in her .htaccess file. Big take aways from the second case study:

  • Google treats the www and the non-www versions of your site as different so verify them both, decide which you'd like to show and redirect the other as needed.
  • If you suspect a hack, check your .htaccess files for new rules.
  • Avoid using an FTP connection when transferring files to your servers because it's not encrypted. Instead use SFTP, and if you're unsure check within your File Transfer Protocol client under Connection Types for your site.
  • Check permissions on all of your sensitive files like .htaccess.
  • Keep an eye out for unauthorized users within y...

TO READ THE FULL ARTICLE

SearchEngineNews.com Logo

VIEW MEMBERSHIP OPTIONS




Related Articles & Guides