As an online business owner, one of the most important services you require is a secure website – you must provide it for your customers and you must maintain security for the protection of your business.
Protecting your customer data is more important than ever. In the EU, you must comply with the GDPR to protect the privacy of your website traffic. But how many people pay attention to the security of their website sales, databases, and interface when it isn’t as obvious to detect as a Denial of Service (DoS) attack or malware attack?
There are 6 simple ways that you can check the status of your website – and you should on a regular basis – to ensure that it is the safe and secure eCommerce site that you believe it to be.
Google’s Safe Browsing tool
Google’s Safe Browsing tool is one of the fastest and most effective ways to see if your site’s been hacked.
Using the tool, you can check your website’s status instantly. Just follow these steps:
- Go to Google’s Transparency Report
- Enter your site URL
- View your results
Google scans its index of sites daily, checking for malware. It also uses advanced statistical models to spot phishing websites. This means that the information is up to date and reliable.
If the site status shows that your website has been compromised, you need to fix it immediately.
After you have cleared the hack, you can ask Google to check your site status via the Google Search Console to ensure that your website is safe for operation again.
Check “Security Issues” in Google Search Console
The first step to checking your website security is to check your Google Search Console.
Google Search Console is a security tool that will report issues with your website. You need to register an account to gain access to the reports.
To view your report follow these steps:
- Log in to Google Search Console:
- Go to the “Security & Manual Actions” tab via the left-hand sidebar
- Select “Security Issues”
- View your report
Google will summarize security issues, including:
- Cross-site malware warnings
- Phishing and deceptive sites
- Code, content, and URL injections
- Server configuration, SQL injection, code injection, and error template malware infections
If the report shows that you do have issues, you need to act fast to protect your business and your users from the attackers. The report only tells you what the issue is, not how to fix it.
Check Search Results on Google
You can check your Google search results to find out if you’ve been hacked.
- Go to https://www.google.com/
- Enter “site: domainname.com” and search
- View the results
The search results should all come from your site. If not, make sure you’ve used the search operator (site: ) and spelled your domain name correctly because that limits Google’s search to the specified domain name ie. your website.
Under the first few search results, look for the statement, “This site may be hacked.”
If you see this message, then Google detected malware or phishing activity on your website.
Read Your Notifications from Hosting Providers and Browsers
Notifications can also alert you to a hacked site.
A few examples of notification sources include:
- Hosting provider
Your hosting provider will usually notify you if your website is hacked. When sites are hacked, hosting providers typically take the website offline and send an email to the site owner. Check your inbox for notifications from your hosting provider.
- Internet browser
Your web browser, like Safari or Google Chrome, can also alert you to a hacked site. If your website has been hacked, when you visit your site in the browser it will alert you with a warning page before you enter the site.
- Google Search Console
Opening a Google Search Console account will ensure that you are sent security alerts about your website. Depending on your settings, the console will automatically send you emails about security issues.
- Internet user
Sometimes it is your customers who find out that your site has been hacked before you do. They might send an email or contact you in other ways. You should take any alerts seriously and check if their assertions are correct.
- Malware scanner
Websites with malware scanners can also catch cyberattacks. They are a good way to keep track of any viruses that might otherwise go undetected.
Investigate Website Files
Critical site files, like your .htaccess and .php files, can also alert you to a hacked website.
Within these files, a developer can search for malicious code and unsafe links. Developers can find unsafe links by looking for new pages on your site, which hackers have created to house spam links, which then redirect other pages on your website to these link-filled pages. While developers can uncover unsafe links fast, malicious code takes longer as it looks like regular code.
Use the Hacked Sites Troubleshooter
Google’s Hacked Sites Troubleshooter is another way to check your website security.
Google recommends using this tool when you’re:
- Trying to find all the hacked content on your site
- Looking for any remaining issues following a hack
The free tool offers instructions on how to find issues and what to do to resolve them.
Fixing a Hacked Website
If you detect an attack on your website, you need to fix it straight away. You might need professional help if you are an independent business, or if you have an internal IT team, perhaps they will have the know-how to stymie the issue. However, attacks can be challenging even for professional teams.
You should also notify any affected parties, like customers, without delay. This is a vital step, which could also mean alerting the authorities, banks, and even the media if your attack is likely to greatly damage your reputation.
Protect Your Website
The best way to avoid a hack is to be diligent and protect your website using software that can detect and eliminate threats, check your site regularly and ensure best-practices are followed when it comes to data storage and the handling of customer data.