For enterprise owners, webmasters having your site has been hacked messages in search results is trouble some as they have to begin all over again for this. When yours site is hacked which simply means that one or many persons have gained access to yours site. In actual only administrators should have fundamental access to website. Then, question arises how do I know that your site is hacked?
First and foremost you receive from Google about this information. When you search your website in Google or any other search engines and if you see the poster nearer to your website about your site is being hacked. If you all by yourself found that your site can be hacked or suspect about it.
If you find that your website is incorrectly specified as being hacked in Google searches then you register your website with Google search console or web master and then verify it through various methods and then after some days move to web master and then go to security and issues and verify it thereafter.
If you find that after scanning of website from Google webmaster tools and then see that your site is still hacked then you need to be serious about it. You can hire a security theme or can contact your web host about it to set up a theme to delete all of these external access without yours permission.
Tell your web host that yours site is compromised and help you to set up a team to solve this. Read reputable online resources and articles and try your experience with it to solve this. I recognise two such resource such as articles of ‘stopbadware.org’ and Google’s sub-forum in this specialised subject, Malware and hacked sites .
It is important to read both the resources even during normal times to have the most clear-cut phenomenon of understanding about it. If you feel cleaning of website is not an easier task then it is better to contact designated security experts and for this you might have to pay some money.
Immediately take your site to offline so that it should not be available for public viewing. Stop DNS settings of yours site. So that yours site should be offline. It might take some time to DNS to stop and for this it is important to understand that, you should do it at first.
If you have verify yours site through Google Webmaster tools, then re verify it through all of these available methods such as DNS, Google Analytics, Meta Tag, HTML file upload and through Google Tag Manager so that Google slowly scan your site. http://www.google.com/webmasters.
Check out all of softwares of hosting account and find out any apps or software is out of date or not. If so then contact web host to update it immediately. If anything sort of redirects of any web page inside of yours website is found then stop it and delete it immediately.
Look out for any instances of SQL injection to your database and it occurs when hacker successfully installs any rogue commands, into database and it is important to immune from these syndrome of your database. Check whether there is any discrepancies in user input with that of other elements and if found that it is yours duty to immediately delete such SQL injection instances.
Check for all instances of yours back up and remove most of these back ups and after cleaning your website start the back up again. In some cases before Google blacklisted your site, you might have situation when the host offline your site and then you can contact your host about this.
After knowing about your site is being hacked, do no panic. Keep calm, stay calm and look at the situation mildly and wisely. All is not lost. You can revive your site for sure. Be confident. Write down the time when yours site is hacked or offline from host. Find out the works and the log files during that course of events.
Find out what are plugins and customisation through third party sites you have done recently and try to scan all of these incidents. With these course of events you are creating the incident report so that you could know in detail what are the elements or improvements you have taken so far.
Scan yours website through application based scanners as well as through remote based scanners. Then scan your local environments. It include, host files, yours local computer, or any other remote FTP protocols to be used to send and receive files. If you have shared hosting, then the hack can come from other shared sites so check out and contact your site and then go to hosting provider, as they can offer to help you out if this infections come from external sources.
Check out Google, and other search engines which provide blacklisting of website and check it regularly. Do register for webmaster tools from, Google Search Console, Bing Webmaster , Yandex Webmaster , Norton Webmaster .
It is important to improve access control of yours website such as using of complex passwords, Use hosting password generator to have the stronger password implementation. Also asked every subscriber to update their respective passwords to provide stronger password implementation for access control. Use a two factor authentication tool to log in to WordPress administration. It also provides these factors to make it more secure. I prefer Two-Factor WordPress plugin and you can use some other two factor authentication plugin such as, Authy, Duo, Rublon.
Once you have cleaned your website completely, then it is important to reset all of information especially the right to access information or passwords of websites. Use Force Strong Passwords plugins to reset all passwords which are weaker. It is important to keep regular and updated backups of your database files. If any such security issues happens again then you can revert back to best session.
Always watch out for any change of index.php, header.php, footer.php, function.php files, of yours theme and if you find any change then do keep track of it and clean those traces immediately. Always update WordPress as soon as it provides update, change administrators passwords periodically. Try to see the hacked process in terms of eyes of the forensic that is to understand the entire processes in clear cut civilised manner so that this should not be happening again.
Go for recommended WordPress security measures such as, least privilege principle, use of content delivery network, defense in depth, limit access, functional isolation, backup, secure your working environment, find out vulnerabilities in themes and plugins, web server security and last not the least is to implement strict database security to make your website secure and free from Google Blacklisting.
Sources & References: