How To Tell If Your Website Is Dropping In Search Results Due To A Hack (A Real Story)

You’ve finally done it. You’ve picked your domain name. Hired a web designer. Worked with a copywriter to craft the perfect copy strategy. You’ve launched.

But your site isn’t ranking and something seems off.

Maybe you see spam content that you didn’t put there in your blog posts. Or weird malicious ads that you didn’t approve of…

Could it be? Is it hacked?! Did someone hack your website?!

Don’t stress. There are plenty of tools available to you, some even free, that will help you check if your site has been hacked.

Here are some tips on how to tell if your website has been hacked and what you can do about it.

Why Would Someone Hack My Website?

There are a variety of reasons why someone would hack your website. Being targeted by negative SEO is a big one.

Hackers take advantage of the “set it and forget it” mentality that a lot of people have surrounding their websites. Since they know that web designers have often moved on after designing a site, they will use that opportunity to pirate your unmonitored site and use it as a funnel to their chosen site. These chosen sites could be a competitor or one with malicious intent — such as obtaining access to your visitor’s personal information.

They could also hack into your site and mess with your robots.txt file.

This code is what tells Google and other indexing robots that they can, and should, crawl and index your site. If a hacker changes this file to tell these algorithm bots not to index your site, it won’t pop up in search engine results, and your ideal audience won’t see it. Instead, they will be drawn to your competitors’ sites.

Help! I Think My Website Has Been Hacked?!

If your site is showing the following symptoms, there is a pretty good chance that it’s been hacked.

• Your site is loading more slowly than normal
• A malware popup is shown prior to visiting your site

• You notice a sudden traffic spike, without having created content that would create one
• You receive a Google Search Console notification
• Your site is disabled by your hosting company
• Google Search Results flag your site as harmful

• Customers’ credit cards are getting hacked
• Emails from your marketing campaign are being sent to spam folders
• You notice strange Javascript in your website’s back-end code
• Ads & Pop-ups that you haven’t enabled are popping up when your site is visited
• Your website redirects to another site
• Your Google Analytics report is showing spammy keywords

If any of these symptoms are true for your site, keep reading to see how to tell if your website has been hacked — and what you can do about it.

How to Check if Your Site Has Been Hacked

While there is a lot of vulnerability involved when it comes to websites, we’re lucky to have access to a lot of tools to utilize when our sites face attacks from hackers.

You can use the following tools to check if a site has been hacked.

Google Search Console

The first is simple — check to see if you have any security issues in Google Search Console.

This free tool is so thorough that almost every single hacking resource out there will tell you to check Google Search Console first.

Once you’re logged in, follow the steps listed below to check if your site has been hacked.

1. Click “Security & Manual Actions”
2. Select “Security Issues”
3. View your report

In this report, Google will summarize a variety of security issues including hacked content, malware and unwanted software, and social engineering.

Hacked content is defined as “any content that is placed on your site without your permission”. This content can be entirely new content or it could look similar to content you’ve posted before but with the links changed to redirect your visitors to other sites.

You can get ahead of this problem using tools like Siteliner to crawl your site often to check for duplicate content. It will break any duplicate content to your attention so you could have the opportunity to deal with hacked content quickly before it does much damage to your site and visitors.

Malware and unwanted software will harm a device or its users by engaging in deceptive practices. It is often used to collect your visitors’ or company’s confidential information.

Social engineering is a way to trick your users into dangerous behavior. Phishing through email marketing is an example of social engineering.

These are all threats used by hackers to negatively impact your site’s visitors. It’s important to catch these threats before they do too much damage to your site, your company, and your visitors.

Google’s Safe Browsing Tool

Similar to Search Console, the Safe Browsing Tool is a quick way to answer the question: “is it hacked?”

By entering your website domain in the search bar, the Safe Browsing Tool will let you know quickly and accurately if the website you’re viewing is safe. Within seconds, you’ll get a transparency report such as this one:

If you receive an unsafe content notification, head over to the Google Search Console or StopBadware.com to start reviewing your website for the content that makes your site unsafe or dangerous. Once you have eyes on the unsafe content, you are in a better position to clean it up and eliminate the threat.

Google’s Hacked Sites Troubleshooter

With all of it’s free tools, Google makes it really easy to see if your site has been hacked and how to fix it.

The Hacked Sites Troubleshooter will crawl your site to locate all of the hacked content on your site. After you clean up the damage from the hack, it will also look for any remaining issues.

Like all of Google’s other tools, this one is free so use it often to ensure that your site is safe for your visitors.

SEMRush

Known as a popular SEO tool, SEMRush can also come to your rescue when you need to check if a site has been hacked.

SEMRush’s Site Audit tool has the ability to check over 140+ website issues. While all of these issues will help improve your SEO ranking, some of them will also help point you to problems of hacking. Broken or changed links, unapproved pop-ups, and malware can all be detected by SEMRush.

Unattended websites are the most vulnerable to hackers, so make sure to run audits, whether with SEMRush or another tool, often. Not only will this help to protect against hacking, it will also prevent the need for reactions to a hack in the first place.

If hackers see that the backend of a website is being accessed frequently, they will tend to move on to find another website that doesn’t get as much attention from the webmaster or owner. The more attention the backend of a website gets, the more likely it is that someone will discover and address the hack quickly — which does not give hackers the results they want.

What to Do If You’ve Been Hacked

Now that you’ve discovered that your site has been compromised, you’ll want to move quickly to clean it up. It’s important that you act quickly to keep your visitors’ information and your company’s reputation intact. No one wants the publicity of a data leak or a dangerous website!

In fact, 61% of users are unlikely to return to a site that they had trouble accessing, and a giant malware popup is definitely going to give your users trouble accessing your site!

There are two approaches you can take to achieve your cleanup: in-house or outsource.

If you or someone on your team has the skills to clean up the hack and its damages, you can handle the cleanup in-house. But sometimes the hack is too sophisticated for your expertise.

If this is the case, you’ll want to outsource the cleanup responsibilities. Check with your hosting company or find another security company that will work to remove the malicious code and/or content and clean up the mess that the hackers left.

How to Proactively Prevent Hacking

The internet can be a wild place, and it’s impossible to guarantee any tips or tricks that will keep you entirely protected against hackers. However, there are some things you can do to protect yourself.

The first and easiest way is to be hands-on with your site.

Whether it’s you, your web designer, or another team member, someone needs to keep up with your website’s maintenance and check into the backend of your website often. By checking often, you’ll become familiar with the code and content, making it easy to point out when something is out of place or incorrect.

Installing a security plugin as part of your website maintenance is also important.

This plug-in will crawl your site every day, cleaning up any hacks it comes across during the process. It will also help to protect you and your website against future hacks. However, it is critical that you only download plugins or themes from trusted marketplaces.

This one may seem simple, but it’s a problem for a lot of internet users — use strong passwords! Easy-to-break passwords to the backend of your site make it easy for hackers to quickly take advantage, and control, your site.

Another good idea is to redesign your website every few years. Keeping your website fresh and up-to-date is good for business in a variety of ways but it’s also important to prevent problems.

All of the things you need to do to update your site — creating new content, checking loading speed, checking URL links — are all things that need to be checked when looking for hacks. The more secure this information is, the less of a chance of a hacking attack.

Following these tips will help you to take a proactive approach against hacking so you won’t often find yourself saying the words: “my website has been hacked!”

Stay Hands-On and Aware

If you find yourself running to Google to find out how to tell if your website has been hacked, don’t panic. While dealing with a hack is definitely not ideal, and can leave a mess to clean up, there are plenty of free tools online that will help you answer that question and find a solution if you have been hacked.

Learn to utilize the free, and safe, resources on the internet to protect yourself, your site, and your business.

If you want help developing or redesigning your website, reach out to one of our expert designers. Let us create a beautifully secure website for you!