Web Security is one of the hottest talk topic these days. This is because many people have got their website hacked. Not only ordinary website, even Government and Famous websites have experienced this. This is already proven in many times it got reported in newspaper and television.
This web security issue have a very important relation for your business. These days, a website can be said to be the modern form of a Storefront for a business.
What will you do when one day, your Store is ransacked by unknown people all of a sudden?
Will you do nothing and let them be?
Or will you call the police and other authorized party to catch those people?
I think you will agree with me that doing the latter is better for your business in most cases.
Unfortunately, calling 911 to solve your problem will only works in Real Life.
What about your Digital Storefront, your Website? Do you know what you should do when someone come and ruin it?
Most people can’t do anything about it because they don’t know what to do in the first place.
But here, in this article, I will give you some things you can do when your website got hacked.
Web Security Step 1 : Make Sure that Your Website is Really Hacked
One of the first thing you should do is to really make sure that your website is really hacked, or is it just the problem of your browser and internet.
Sometimes when your website display changed, it’s not always because someone changed it, but it can be because of your browser not finished loading the page yet, or it’s still taking the previous version of the website (Website history and cache).
The easiest way of doing this is to Delete the History of your browser (you can search in Google using keyword “How to delete browsing history for [your browser name]”), do it twice, then open Private Browsing for the browser you are using (Incognito for Google Chrome, Private Window for Mozilla Firefox, etc.)
This will ensure that the page you are opening is taken from the latest version. After you have done this, start checking your entire website (Frontend and Backend) and note down what are the things that changed.
When you have done this, and the website still return error or the negative changes still persist, then you can start assuming that your website is hacked by someone.
Go to all of your website pages and take note of what has changed in your website. You will need it later for making an Error Report.
Web Security Step 2: Put a Maintenance Page in Your Website
When you enter a website, and the website returned error, what do you feel? Did you feel bad, annoyed, or you don’t care and just click on the next website in the list?
What if the website give you “Under Maintenance” banner and ask them to wait for a few hours or days? Do you feel differently?
Most people will feel less annoyed when they saw the second case.
It’s because the Maintenance Screen show that you already know that there is a problem in the website and is taking the steps to fix it, while the first one shows that you don’t know about the problem or even already thrown away the website entirely.
Giving assurance to your visitors is one of the first thing you need to do when you encountered this kind of issue. By giving them assurance, you can prevent them to have negative opinion about your website and reduce the erosion of visitors coming to your website because of this problem.
Another reason you have to give this Maintenance Status is because it’s bad for Search Engine Optimization. This is because Search Engines like Google actively crawls your website every day, and if it discover a downed website that is not being repaired, it will give minus points. On the other hand, if you give it Maintenance Notice, then it will postpone the markings and goes to the next website. In other words, Maintenance Notice can preserve your place in Search Engine Rankings, provided you are not leave it in that state for too long.
Web Security Step 3: Check Your Website Log and Error Report
Have you registered your website in Google Webmaster Tools?
Google Webmaster Tools is a Free Web Application provided by Google for Webmaster to register their website in Google Database so Google can know their website better.
Other than making Google calculate your website position faster, registering in Google Webmaster Tools also help you to detect any abnormalities found within your websites when Google scanned it. These abnormalities also include unregistered people that trespassed into your website system using illegal means.
When Google detected this issue, it will send you a notification regarding this problem and give some tips on how to fix it and prevent it from happening again in the future.
When you didn’t see any notification in Google Webmaster Tools, but you are certain that your website got hacked, you can use the second method..
Website Activity Log
What is Website Activity Log?
Website Activity Log is a log created by system when the system detect any activity concerning the website. This log includes any login activity, what the person changed in the website, when this happened, the IP Address of the person, etc.
You can access this Activity Log by Login to your website server and search for this log document.
By accessing this log, you can see who is the one that trespass into your system and what they have done inside your website.
Other than Activity Log, you should also have an Error Log, which displayed all Errors occured in your website. By checking this, you can know the extent of the damage done to your website better.
The downside of this second method is that if you are not an expert at programming, you may have a bit of problem reading the log. So it’s better to ask the programmer’s help concerning this second method.
Web Security Step 4: Change All Login Data and Report to Server and Webmaster
After collecting all the information using the methods above, the next step is to change all the login information you and other people that can access your website have. If you find other username that you don’t recognize, immediately delete it. It may be the person’s username he used to hack your website.
Deleting the unrecognized username and changing all the password you used can prevent near future re-entry of the person.
While changing Login informations, you can submit a report to the server or the webmaster that did your website before. Give them the informations and changes you have noted down so they can work faster and more efficiently.
There should be a reply to you from them after a few days. If there are no replies, you should chase them because this is a very important matter concerning your website business.
Web Security Step 5: Get Better Protection for Your Website
Lastly, you need to prevent future attempt at illegal entries. The best way to do this is to get better protection for your website. When the result is worth less than the effort, no one will want to hack your website.
To get better protection, there are 2 ways. The first one is to search for yourself, and the second one is to ask the webmaster to do it for you. Both have their own plus and minus.
If you search for yourself, then you can rest assured that you will not get tricked and it cost you no additional funds other than the security itself. The downside is that you will be limited by what you know and what you find. Sometimes, a good security also need some programming and if you can’t do any programming, you can’t use it and have to search for another method.
Leaving it to the Security Team can net you a better security because they are the ones with experiences in doing security measures for a website. They usually already have a good preventive measure for cases like these. The downside of this method is that usually you have to pay high price to get a really good and guaranteed Security Team to work on your website. On the other hand, you can also risk getting tricked if you hire an obscure Security Team, they can ask you for high prices but only give mediocre protection.
So it’s up to you on how you want to improve your web security. My recommendation is, if you have money to spend, it’s better to hire the best quality Security Team you can find. But if you don’t have the money, you can search on many Web Security forums what is good enough and affordable for you to use. It’s slower, but cost less money.
If you have trouble getting Good Web Security Service with affordable price, you can contact us in Kreacio Media. We have a group of programmer that can safeguard your website, or if your data already beyond saving, you can use our Data Destruction Service to erase your data cleanly and totally so people can;t use it to sneak into your database anymore. You can read our article on why you need Data Destruction to erase your stolen data and not just using regular means.