Of Malware and Men

While testing out this website’s new design for 2019, Google gave me the message that everyone hates to see: This site may be hacked.

Luckily, I have a lot of systems in place to dig into the guts of a website’s code and find out when evil operators have inserted malicious code.

First, I recommend signing up with Google’s Search Console & Verification service. They crawl your site and let you know when any problems are found. They were the ones who alerted me that I had a problem.

On my site, which uses a WordPress framework, I ran a “high sensitivity” scan via the free version of WordFence. It found malicious code (which I trashed) and some broken files (which I fixed). High sensitivity scans can return false positives, so it’s important to use care when deleting any files marked as problematic.

If you use GoDaddy as your host as I do, I recommend buying one of their Website Security plans. The “Essential” version performed scans, some cleanup, and a final report, after I was hacked.

At the end of all this—it took the better part of a day for the tests to run—GoDaddy gave my site a clean bill of health and I reapplied to Google’s Search Console to have them remove the warning message on my site’s search results.

Your website may have a different framework and a different host, but the three basics—a Google Search Console account, your web host’s security plan, and a strong malware application for your website—can help dilute the horror of being hacked and get you back up and running.

If you’d like me to install any or all of these systems and applications on your WordPress website, as well as run the tests, let me know. My charge is $100, less for current clients.