Help! My site has a security violation

By Anand D | Friday, 8 July 2016

The warning that your site has a security violation means that suspicious activity has been discovered there. This means that somewhere in all of the files that make up your website, there is a piece of code that is performing a malicious function – serving spam pop-ups, redirecting your users, stealing their data, or any of a number of other possibilities.

When this happens, it can be overwhelming. Luckily, there are ways of solving the problem – and, better yet, there are ways of making sure it doesn’t happen in the first place. In this article we’ll be looking at all of these things.

The first set of instructions is what to do if you have a working backup of your site. If you don’t have one, skip to the next set of instructions. Please note that if you do not have a working backup, cleaning up your site is going to be far more difficult and may require a level of technical expertise. For this reason, we urge you to always create backups.

What to do if you have a backup of your files

Many site owners think that if they have a working backup, then all they need to do is re-upload it after their site is hacked.

The problem with this approach is that while it repairs the damage that has been done, it doesn’t repair the vulnerability that was exploited in the first place.

So, after you upload your site from a backup, you have to check a few things.

First, check all of the passwords that you use to log into your site. This includes CMS passwords, FTP passwords, and your hosting manager password. Any of these may be the weakness.

Second, make sure that no extra accounts have been created – again, this refers to CMS accounts, FTP accounts, and any other services you use to log in. Often, hackers create backdoors when they exploit a weakness that allows them to infect sites again once they are cleaned. Make sure that all of your accounts are under your control with fresh passwords.

What to do if you do not have a backup

If you do not have a working backup of your uninfected site, then the process of cleaning it is much more difficult. Because each hack is performed differently, there are no standard solutions – the number of solutions is vast, and beyond the scope of any article.

The solution offered here is triage – it is fairly ugly, but it will solve the problem.

First, you need to create a backup of your site. Then take it offline.

You can do this by deleting the contents of your hosting account. We recommend setting up a temporary page that says you are doing maintenance while it is unavailable.

This may seem extreme, but it is better than having your users compromised because your site is not secure, especially if you conduct ecommerce.

Next, you will need to find the malicious code. This is not simple, and can involve a great deal of rooting through every file that makes up your site.

Then you will need to re-upload the cleaned version on your site, and change all your access passwords as outlined above.

If you do not have the technical expertise to delete the malicious code on your own, we recommend hiring a technical specialist to do it.

Alternatively, you can use our Site Protection service, which scans your site for malware and deletes it. This is cheaper than hiring a technical specialist.

Additionally, using it you can avoid taking your site offline, as it will clean the files in your hosting account.

How to avoid future hacks

Now that your site has been cleaned, you are probably wondering what can be done to avoid this in the future.

There is good news on this front.

Most of the hacks that are performed by a person (or, often, a group of people) sitting in a room looking for security flaws are against government or large businesses. Small websites are more likely to be targeted by automated bots – programs that search for well-known security flaws and try to exploit them in predictable ways.

This means that as long as you close these well-known holes, you are most likely going to be safe.

The best way of keeping up to date with security is to always use the latest version of any plugins, themes, and content management systems. Out of date versions of this software are some of the most common security risks. You can check out our WordPress-specific article on security for more information.

Second, you need to avoid responding to phishing emails. These emails ask you to log into a known service using a particular link, or simply ask for your password. Never answer these emails directly or use the links they provide. They are almost always disguised and lead you to copies of sites that you use, where you enter your password, which is then given to attackers.

Lastly, make sure that your passwords are secure and high-quality. Check out our previous article on this topic.