This is what happens when a website gets hacked.


This is what happens when a website gets hacked. It’s not the end of the world, but there’s work to be done.

I got hacked. I’m not going to hide it. Sure, I feel bad about it, but I’d feel worse if I hid it. This is what happened to this very site when it got hacked late last month. I’m going to tell you about how it happened, how it got fixed, and what happened as a result with the traffic. This is so YOU can be aware of how it happens, what you can to to prevent it. Hackers are relentless, their hacks are automated and occur frequently towards all levels of computers, servers, websites, desktops and phones. When they get control of a website, they use the website to infect other people. Having this happen to your website can really mess up your relationship with your customers and tarnish the reputation of your business.

How did the hack that hit me occur?

This site got hacked via what’s known as an exploit, a hole in the security of a site that gets exposed among the hacker community. A WordPress Plugin that’s almost ubiquitous, called WordPress SEO by Yoast, had a certain flaw in it. Since the makers of the Plugin, Yoast, have released updates to the plugin that remedy the issue. For a short time window in March, before the new patches of the plugin remedied the hole, hackers were able to exploit a large number of sites, this one included.

How could I tell I was hacked?

I’ve been hacked before. At Massive Impressions, just a few months ago, we fixed a website that was scaring visitors away. Often the problem is evident when you look at the pages. Security scanning can detect problems that visual inspection misses. When I ran security scans on the site from outside sites like Sucuri Sitecheck, the presence of the hack was confirmed. Out of around 50 WordPress instances that I maintain personally, three came up positive from the same external scans. In the case of this site, an invisible IFRAME, a part browsers wouldn’t show to people, was placed at the head of the webpage code. Examining the source code of the sites revealed the presence of code that wasn’t supposed to be there.

Why do these hackers hack?

This flaw allowed hackers to inject code into the site that let them corrupt the output of the web pages. Some hackers place malware in the site, so site visitors download it. Often it ends up infecting the visitor’s computer with a virus or some kind of trojan horse that takes over the user’s computer. A hijacked computer can be used as a tool for hackers to do more hacking with – other times the hijacking involves some kind of blackmail where the victim is told to pay to get their computer back.

Did anyone get infected by this site?

Nobody who visited the site has reported to me that they detected the hack themselves. No external malware probing services red-flagged the site. In my case I’m pretty sure no malware was distributed, at least in a global sense, because when I looked at the content that was being served through that IFRAME, nothing was there. Either the hackers hadn’t readied their infection package yet, or their infection package was intended to only be shown to certain targets.

What did I do about the hack?

I took the site down. I scrubbed the directories and let the site stay down for a few days. During those days I spent the time hardening the security on sites that I maintain for clients, sites that are more mission-critical and had to stay running. One of those sites that had gotten hacked took a few focused hours to restore securely on the night I learned about the hack.We are now using a popular security plugin that will remain unnamed for now. We don’t have enough experience with it yet to provide recommendations, but we do feel more confident now that we’ve got a better overview and warning system for hack attempts.

This site was not so fortunate, I didn’t restore it immediately, because it’s not mission critical – I just publish it for testing, to educate folks like you, and to have fun with. About a week went by before I started putting this site back together from stored backups. The previous theme I was using was called Thesis, which I wasn’t a giant fan of, so it seemed like a good opportunity to switch the theme to something I liked better.

The effect on traffic from being down a few days.

A day or two after the site went back up I noticed the traffic to it had slowed to a trickle. Instead of the hundreds of visitors a day I would get from search engines, I was getting less than a dozen visits a day. Bad. I had no more traffic. A quick look into Google Webmaster Tools revealed why: their crawler noticed the site wasn’t up for a while and stopped sending folks to bad links. The slow traffic persisted for a while. It had me kind of bummed out, like my neglecting the site destroyed its relationship with Google. I wondered if it would ever come back and what it would take.

The Hack Recovery

I did some polishing, some theme switching, and some SEO tweaks. After a few days this site was in better shape than it was before it got hacked. The one critical thing that I did was made sure the site’s sitemaps were visible to the crawlers, and brought their attention to them. Shortly thereafter the traffic re-appeared. This was a big relief to me because I wasn’t sure how long it would take for the traffic levels return. It didn’t take long.

what to do if a site gets hacked - google analytics results

The bottom line is that if your site gets hacked, get it repaired as soon as possible. Get it back up as soon as possible if you take it down. Don’t get discouraged. Don’t abandon your site or your goals.

Don’t neglect the security.



Please enter your comment!
Please enter your name here