At yesterday’s Google Webmaster Team’s Open Office Hours, Eric and Ann from the Google Webmaster Outreach team held a Google live Q&A session about website hacking prevention and security.
Over the past year, Google noticed a 180 percent increase in the number of sites getting hacked and wanted to provide tips to website owners for keeping their site secure.
Throughout the Q&A session, they emphasized the need to keep your software updated.
It’s one of main ways hackers exploit your site.
5 Takeaways on Hacking Prevention and Security
Here’s what I learned:
- It’s far better to prevent than to clean a hacked siteSave yourself time and frustration by implementing prevention strategies on your website. Cleaning up a site is difficult.
Do regular site audits, check for extensions and plugins.
- Once your site has been fixed after a hack, you can decrease the time it takes to remove the “this site may be hacked” messageThe Google Webmaster team members recommend you go through the reconsideration process in Google Search Console.
Once you’re logged into Google Search Console, select the link for reconsideration request. The Google team will receive the message and review your site to see if there’s any outstanding issues.
If there are still issues, the Google team will send you tips to resolve the issue.
- Protect your site from Distributed Denial of Service (DDoS) attacksMitigate the problem by using a content delivery network (CDN), distributed servers (network) that deliver web pages, images, and other content. Examples are Cloudflare, MaxCDN, or others.
If you’re using WordPress, take advantage of Photon (WordPress’s image CDN).
Also, talk with your hosting provider about the DDoS. Your host’s customer support can help you track down the issue, block IP addresses, etc.
- It doesn’t matter if you’re a big site or small siteHackers don’t differentiate on sites.
- Recovering from a Pharma Hack (or any hack)Take your site offline. Contact your web host. Change your password for login.
Look at the content on your site, look for files that have been changed recently (but be aware the hacker may have changed the dates on the files).
Check your .htaccess file for any changes. Use free online website scanners (Qualys FreeScan, Sucuri SiteCheck) to check your site to identify things that you may have missed when you first reviewed the files.
Replace the entire site with a known clean version (if you can).
