How to protect your company's website from hacker attacks

One thing I know for sure is you don’t want your website to be hacked. Trust me, I’m talking from experience.

These unfriendly visitors can infiltrate your website, steal valuable information, damage your reputation and cripple your well-oiled online sales and marketing machine.

Let me tell you about my experience as a web entrepreneur who woke up one day to find my website had been banned by Google. To my horror, my beloved revenue generator had been repurposed into a virus distributor.

Discovering the facts

It all started when I went into my website trying to figure out why sales had been so low for the past few days. I logged into Google AdWords and found my account had been banned. I’d been accused of being a spammer, the absolute worst title you can give to a friendly web marketing guy like me. Google, you must be joking, right?

I typed my product name into Google to see if my website was still showing up as the top search result and indeed it was. However, there was a little note underneath the link saying: “This website may be hacked.” I knew this was bad, but I didn’t yet understand I was on the highway to hell.

My 100% web business was shut down and I didn’t know how to fix it. I’m a pretty good online marketer, but I’m no computer doctor.

The long road to a fix

Being unable to fix the problem myself, I hired a technical consultant.

I was fortunate enough to find a skilled team who was able to start working on the case right away. The first step was to see if restoring a back-up would solve the problem. It didn’t. The virus had contaminated the server as well, as it often does.

The team then started decontaminating every file on my website as well as the files on the server. This process took hours and after little sleep that night, they announced that my website was cured.

I called Google in the morning to let them know the website was clean and they could trust it again. They said their engineers would look into it and let us know in the next 24 hours. That evening I got an email from Google saying something to the effect “Nice try, but your site is still as dirty as can be.”

Taking a second try

Rats! I had to ask for help again. Luckily my cleaning crew was still available. So they spent another night cleaning the systems even deeper, finding help online and searching for backdoors that could spread the virus again after the clean-up.

The next morning I called Google again, with the self-confidence of a guy who had just climbed Everest twice because he forgot his camera at the top the first time.

Once again, Google said the engineers would look at it and let me know. I decided to use the downtime to plan how we would make up the lost time and get sales back to where they belong. That night, Google’s verdict came like a stab, “No dice!”

Finding the problem

After 10 days of painstaking work, we finally found the culprit. The hacker had infiltrated my AdWords account and inserted a link that re-infected my website as soon as someone clicked on one of my ads.

This was a super sophisticated attack on a website that held no value to the hacker other than the retransmission of a complex spamming scheme. What my website was about didn’t matter. In fact, it could have been your website for all the hackers cared.

Lessons learned

So what did I learn from this experience?

1. Malicious attacks are hard to recover from, even with the help of experts.
2. Malicious attacks cost a LOT of money.
   • You might not recover without the help of experts. They know it and charge accordingly.
   • You must include the loss of revenue while the website is offline in the total cost.
3. Popular, user-friendly content management systems like WordPress are great for allowing non-programmers like me to manage a website, but they must be monitored closely because they are targeted more often by hackers.
4. Security updates must be applied quickly to seal vulnerabilities.
5. Back-ups must be done, and tested, regularly.
6. Security plug-ins must be installed to protect the website setup.
7. Hiring a system administrator to monitor and update your website can be a lifesaver if you have limited computer skills. Your website hosting company or web development agency can probably provide this service.
8. Passwords must be complex and changed regularly. It’s also a good practice to use different passwords for each of your critical systems. That way, cracking one of your passwords won’t expose everything.
9. After recovering from a malicious attack you’ll notice your search engine keyword rankings will likely drop. This means fewer visitors on your website than before the attack.

A more serious disaster averted

With all the help, I was able to resolve the crisis. Many others aren’t so fortunate. Some of the clients I’ve worked with needed to scrap their website and start over. This means months of lost revenue and opportunities and thousands of dollars for a new website.

We all hear and read about horror stories of big companies being hacked and having client personal data stolen. You may think it only happens to them, but think again. Small and mid-size companies are targeted for various reasons, often unrelated to the business itself.

Make it difficult for hackers

While you can’t prevent a skilled and determined hacker from attacking your website, chances are your website is simply one among millions they could attack. If you make it difficult to crack your website, the hackers may decide to move on instead.

They’ll choose the path of least resistance. By applying the measures mentioned above, you minimize the chances the path leads to your website and your wallet.

Better safe than sorry, right?

Has this happened to you? How did you respond? We’d love to hear more about how you got through it so leave a comment.