source (www.google.com)
It's not uncommon for sites - even large ones with lots of protection - to get hacked. Security is a major problem these days. And if your site gets hacked, it can get damaged in a number of ways. You could lose all your data, or lose its ranking due to malicious activity. So while you can take periodic backups, you cannot prevent someone from hacking into your site. The best and most practical thing to do in such an event is to recover your site as fast as possible so that the effect of the attack is neutralized/minimized.Here are some tips shared by Google for getting your website back on track after it has been hacked.
Clean up malicious scripts
Hackers can target your site for any number of motives. From taking down your website and deleting its content to simply adding backlinks discreetly, there's a lot that can be done. if you notice suspicious content appearing on your website, delete those unnecessary pages immediately. However, don't just stop there.
Hackers will often insert malicious scripts into your HTML and PHP files. These could automatically be creating rouge backlinks or even new pages. Make sure you check your website's source code and see for any malicious PHP or JavaScript code that could be creating such content.
Maintain your CMS
Websites often get hacked due to vulnerabilities in a CMS that get patched with updates. If you're running an older version, your site is more susceptible to attack. Make sure you keep your CMS updated, and use a strong password for login. If possible, enable two-step verification to secure the login process.
WWW VS. NON-WWW
www and non-www URLs are not the same. http://www.example.com is not the same as http://example.com - the former refers to a sub-domain 'www', whereas the latter is the root of your site. When checking for malicious content, verify the non-www version of your site as hackers often try to hide content in folders that may be overlooked by the webmaster
Other useful security tips
- Avoid using FTP when transferring files to your servers. FTP does not encrypt any traffic, including passwords. Instead, use SFTP, when will encrypt everything, including your password, as a protection against eavesdroppers examing network traffic.
- Check the permissions on sensitive files like .htaccess. Your hosting provider may be able to but it can also be used for malicious hacks if they are able to gain access to it.
- Be vigilant and look for new and unfamiliar users in your administrative panel and any other place where there may be users that can modify your site.
Got any questions? Feel free to leave a comment or in our discussion forum. You can read the post from Google along with a couple case studies here. Good Luck!