Saved clients say
Usually, it looks like your site is either broken or has clearly been hijacked by someone else. Website may perform some unwanted actions including showing malicious verbiage on your website, sending spam, malvertising, malicious downloads, falling traffic, etc. The most noticeable sign of a hack is when you either receive a warning about it in your browser or notice something obviously wrong with your site like spam ads on your site or search results or noticeable defacement to the site. Another red flag is when your website tries to download something onto visitors’ computers when it’s not supposed to. All these symptoms indicate that your website is either broken or has been hijacked by someone else.
In addition, there are a handful of other signs that indicate a hacker may have invaded your website. The biggest one is when you start noticing odd browser activity including spam adds, unwanted downloads, strange unrelated warnings and verbiage showing on your screen. Here are some examples of warnings that can signal about potential website hacks.
- Google: “This site may harm your computer” or “This site may be hacked”
- Chrome: “Warning: Something’s Not Right Here”
- Internet Explorer: “This website has been reported as unsafe”
- Safari: “Warning: Visiting this site may harm your computer”
Try searching up your site on google and accessing it through the search results - if instead of your site you are redirected to 3rd party site, this means that your site has malicious code. This is just one of the ways how site can be hijacked. In other cases, we've seen 3rd party links injected into the site template, unnoticeable to the site owner or visitors.
Having your website hacked is a very stressful time. When the website hack happens, it makes a website owner feeling unsafe and troubled. The danger of hacking will strictly depend on the type of hack. The hacks can vary from simple unwanted actions such as malicious verbiage or temporary losing control over your website to something more severe that can threaten the whole integrity of your online presence. In any case, if this unfortunate event happens, you need follow some basic steps:
It is important to recognize the problem quickly and address it. While panicking is not the best approach, be aware that the longer the hack is prolonged the more potential harm it can cause.
Start collecting as much information as you can about what and when it happened. In addition, ensure you know your server login information. This all will be necessary information as part of the process of repairing the hack. Don’t waste your time looking for people to blame. It will only hold you back from solving the problem.
Don’t rely on easy fix
Be aware that site restore from a backup or automatic cleaning are necessary steps that are part of the process, but they don’t solve the root of the problem behind the hack. Don’t underestimate the problem if you don’t want to be hacked again.
The quick answer is “it depends”. It can be fixed within a couple of hours or it can take up to two days. If we deal with experienced hackers, it might take even longer to find out how they attempted to crack the code, block them and back online your website.
Most website hacks can be fixed and it doesn’t matter whether your website is built on WordPress, Joomla, Magento, or any other CMS system. The only problem that can’t be fixed is when the hack caused irreversible damage such as website complete destruction. In this case, you can only rely on retrieving all you can from backups.
When it comes to the cost of being hacked, it really depends on the hack, but it's always high. The repair can be as simple as to find and remove a file or code added by the hacker. But, if hackers ruined everything on your account, including your site, content and graphics or they infected server / host with malware, then it means you have to replace everything, and it can be much more complicated case. Our emergency recovery service includes malware removal, security upgrade and notification to Google about the hack repair for only $99. Then it makes sense to consider our maintenance service to ensure that this stressful and costly issue will not happen again.
Search engines do understand that getting hacked is not necessarily your fault, but they also have to protect the people they would otherwise send to your site. Google and other search engines can detect if your website has been hacked and in order to protect users, they will flag it to them. While it is not your fault, you need to act quickly to save your ranking and to ensure your website is not removed or blacklisted. Unfortunately, when the website is down, your ranking drops too. So if you don’t address the problem quickly, it may impact your rankings.
During the repair process there is a risk to be hacked. But once we detect the cause of the hack and block it, you are secured from further attacks. Also, to prevent attacks, we monitor and address any small issues ahead of time, so you can be worry-free about the security piece of your website.
You can, however, restoring your site from a backup will make the problem go away only temporarily. But if you don't determine how the hackers broke in and block them from getting in that way, you will typically just get hacked again within the day or two after you restore your site from backup. If your website got hacked once, it means your website is vulnerable and you will not remove this vulnerability by just restoring it.
Restoring from backup is a short term solution to quickly fix the defacement to avoid reputation damage, while you work on a proper fix.
While there are many automated services that can identify and repair the hacked website, the key problem – the cause of the hack – doesn’t go away. It means that your website remains vulnerable and hackers can attack your site again. At Bastion, we treat the problem from all angles and ensure your website is repaired and protected from potential attacks. Here is what we do:
- Provide initial clean-up and malware removal
- Detect the root problem that caused the hack so we can block the hackers from getting back
- Protect further the website to ensure there is no security gaps
Furthermore, majority of the hacks are automated - which means it's just a matter of hours when automated hacking tool will retry the same exploit which was found previously on your site.
What we provide differs as we not only clean up the initial damage and fine-tune the security of your site, but also determine the cause of the hack so we can make sure that the hack from the same issue won't repeat. Especially if you are running ongoing SEO or marketing campaigns, it is crucial to make sure you don’t keep getting hacked over again.
Malware Insurance Guarantee is your peace of mind insurance that while your site is under our maintenance you are fully covered in terms of malware/hacking.
We monitor your site and apply updates as they become available. If an update is an important security patch - it is our goal to apply the update in shortest possible time.
If, however, your site gets infected with malware before we apply the important security update - we guarantee that we will remove it asap without any extra charges.
Our system monitors your sites and as soon as update to the core or plugin becomes available - we know it and start preparing to apply the update. Our team determines how crucial are the changes in that update, whether it's a security update which has to be applied right away, or minor bug fixing for a website plugin.
A full site backup is then performed (files and database) before we actually start the update process, to ensure we can easily roll back, in case something goes wrong.
Our system will send you an email with all updates performed at the end of the day.
You must possess the required licenses for any commercial themes and plugins on your site. In order to update those for you, we will contact you to obtain the licenses for those commercial plugins, if an UPDATE requires the license key.
First of all, we read the changes (changelog) of every plugin/core release before applying them to your site. Following an update, we validate that your website still operates properly. In case of problem, we restore the previous backup which we did right before running an update for your site.
We then look into the problem and if it can be fixed within an hour - we will do that without any extra charges. If we see that it cannot be fixed within an hour - we inform you of that and provide a quote for fixes.
Sure thing! All you need to do is specify a 4-6 hour window when our team can perform the updates on your website(s) to our support team from within your account.
If your WordPress installation is a Multisite instance, you'll need a custom plan. Please contact us to get pricing for your particular case.
Once we detect the source of the hack, we can block it and protect you from hacks. As technology evolves very fast, other security gaps can emerge, so it’s crucial to keep an eye on the security of your website all the time. At Bastion, we offer ongoing maintenance service to ensure that your website is up and running 24/7 and let you focus on other business matters.
Yes! We've created a platform called "Citadel" for our customers to view real-time health of their websites.
In Citadel, you can see your website(s) health, all available updates, plugins & themes, the current status of our maintenance, SSL information, backups status, uptime stats & you can also purchase additional services from there including SSL certificates, dead link checking, penetrations tests, ad-hoc website updates.
You can contact us through your account - support section or by email.
You can expect a prompt response from 9:00 AM to 6:00 PM (EST) Monday through Friday. After office hours and during the weekend / holidays, we offer limited support.
We always monitor our support channels and ensure that emergency cases are dealt with regardless of the regular support schedule.
This does not apply to the update-windows. We maintain your website updates regardless of the regular support schedule on 24/7 basis.