Being a leading digital marketing consulting company in India, SpiderWorks Technologies receive a lot of requests to assist our customers with this warning they find in their Search Console:
Hacked content detected on <site name>
On seeing this message, most customers come to the conclusion that their website has been hacked and they get into a panic mode. One of our digital marketing clients didn’t even wait for us to look into this but went ahead and deleted all files from their hosting account thinking their data security has been compromised.
In some other situations, clients have removed all the plugins thinking the plugins have caused their website to be hacked. Even though plugins may be a source of such message, we would strongly recommend our digital marketing clients to take a cautious approach and do not act in a hurry while they are in a panic situation.
How to handle Hacked content detected on your site situation
Here are some tips to address the message “Hacked content detected on your site” that appear on the search console.
1. First and foremost, relax. Do not panic. Do not act when you are nervous
Agreed, your site may have been hacked and data may have been compromised. But acting in a hurry while you are panic may cause more trouble than the problems in resolve. If your site is hacked, the hackers have already taken the data and that is how you came to know about it.
If you have a serious business and have sensitive data on your server, you need to act fast. If you are not an expert in dealing with such a situation, do not attempt to deal with it when you are nervous. Take help from an expert. Many digital marketing companies offer quick help in recovering hacked websites. SpiderWorks Technologies offer 24/7 services in recovering hacked websites through its Emergency Response services.
2. Verify your website in Google Search Console
It is important to make sure you have verified your business in Google Search Console. This is where Google communicates all the issues regarding your website with you. Once you solve the reasons behind the warning ” Hacked content detected on your site“, you will be able to make an appeal to Google to remove that message, provided you have verified your site ownership through Google Search Console
3. Check all users. Make sure there are no unknown users. Remove all suspicious users from the Search Console
Over a period of time, you or your team members may have added multiple users to your Search Console. Users with appropriate privileges may be able to perform certain unwanted activities on your website, which could be a potential reason for the hacking related message. Check the users in your Search Console and if you see any unwanted people listed there as users, remove them immediately.
4. View source of your home page. Check if there are any suspicious scripts or meta tags.
Sometimes there may be hidden scripts injected onto your website by the developer of your website, especially, if you purchased the site at a low cost from the unreliable agency.We strongly recommend you rely only trusted web design agencies for developing your business website. Cheap options may lead to serious problems like hacking in future.
5. Using FTP or a File Manager, look at all the files in your root directory. Check if there are any suspicious files that may look like a verification file for Google Search Console
There could be a lot of ways hackers accessed your hosting server and injected dangerous files to your folders. Such folders and files are accessible through the public URLs on your website. Even if those URLs are not linked anywhere from your website, hackers may be distributing such URLs claiming they are part of your website, thus taking advantage of your credibility and putting it at serious risks.
Look for unusual files on your hosting server. Check with your developers and remove all unwanted files, Before you permanently delete any files from the server, make sure you have saved a copy so that you can recover just in case you accidentally delete any important files.
6. Look for suspicious plugins. Disable them temporarily until you figure out the root cause of the issue.
Most of the websites use plugins to add functionality to their websites. However, some of the plugins from unreliable sources may be designed to inject virus or help them hack your website when they want. Review each of the plugins used on your website and remove any suspicious plugins. Avoid free plugins since such plugins may be collecting your data or helping intruders to get into your servers.
7. Enable 2-step verification for your account and change the password
Most of the authentication systems now support 2-step authentication. If you enable them, nobody can login to your servers without verifying through the phone number you have used. Enabling 2-step verification will protect all hosting environments to a great extent.
8. Change password for your WordPress admin section
If you are using WordPress or other CMS platforms, change your passwords. There is a good chance that your CMS password may have been compromised. Change it to a complex password that includes letters and special characters.
9. Expert review of your website
It is possible that your website has issues that are not obvious to you since you have been looking at the website for a long time with the perspective of the business owner. A third party expert consultant can review your website and find major problems that may lead to hacking and other security issues.
You can hire a third party trusted agency to audit your website. SpiderWorks Technologies has been in the digital consulting business for more than a decade and is run by people who have audited hundreds of websites, since 1998.
If you like to hire SpiderWorks Technologies to audit your website or resolve the “Hacked content detected” issue, contact us today.