May 23, 2016 7:27 AM / by Joshua Ballard
You are going to be ok.
If you don’t believe me just yet, that is completely understandable. You have just found out that your website has been hacked after all.
However, you need to remember that when you are panicking, you are pushing yourself further and further into a state of shock.
When you operate in a state of shock, you make quick, poorly thought out and often rash decisions.
Take a moment to draw in some context to the situation, and focus on the perspective.
Yes your website has been hacked.
No, it is not the end of the world.
Yes, this is a serious inconvenience.
No, it is not something you cannot recover from.
You may feel all alone at the moment, and as though the whole world is against you.
This will pass.
You need to understand that being hacked is almost like a rite of passage for website ownership.
At the end of the day, if you weren’t building a good quality website, they would not have hacked you anyway.
I wrote this section so that you would be able to:
- Get some context
- Understand the why and what
- Have some solid objectives to act upon
Remember, your webhost, your co-workers, and your SEO provider are all in this with you. Everyone is going to have to play their part from here on.
You may find yourself asking who’s fault is this.
Trying to rigorously assess who in your team let you down by leaving a door open, or who was supposed to have set up the web security protocols, and what not.
This is not a helpful attitude for you to embrace today.
When everything is resolved, you will most likely be writing up reports, and then you can work out where the intruders gained access, or where your defense was lacking.
For now, you need to focus on the task at hand, getting your site clean and back up.
Note: allocating blame is a separate process to figuring out how they got in. It may very well be that you discover they gained access through one particularly vulnerable employee’s credentials. This is not the time to blame that employee however, this is the time to get your site clean again.
Are You Losing Money
This is one of the first things that may be going through your mind. For many people and businesses, their website plays a strong part in their livelihood.
I will however begin by saying, before you start asking if you are losing money, you need to ask yourself:
“is my site compromising credit card details or the online safety of my users?”
If the answer is a yes, then you need to switch your focus from your own financial impact for the short term, and make sure you:
- have the site quarantined and
- begin the process of working out what data has been compromised and
- who you need to contact.
Once you are sure that your site is no longer posing a clear and real threat to the larger online community as a whole, then it is time to start figuring out whether you are losing money from this hack.
How does your site generate revenue?
There are a few ways that a website can be a revenue generator, and depending on how your operation has been set up, you may stand to lose more from the hack than others.
Sites may be generating revenue from:
- Affiliate Programs
- Advertising Displays
- Being the online presence of a real world business
- Selling Links or advertorials
Each of these revenue streams will be interrupted in their own way.
Affiliate programs and advertising displays require a user to trust the links on your website enough to click on them and be taken to a vendor’s site. If your site is suddenly filled with spammy links for Viagra, this will reflect badly for all other advertising that is placed on your site.
Not only that, depending on the contractual arrangement you have with your vendors, they may learn of your hack and decide that they do not want their sites advertised on yours any longer.
Being the online presence of a real world business is a complex issue once again. The level of financial loss is dependent on how reliant you were on your website to generate leads for your sales team, how quickly you respond to the hack, and what type of hack it was. The website I was managing when I was hacked was this type of website.
E-Commerce potentially stands to lose the most, as your site is the actual place the users have gone in order to purchase something. When it comes to deciding if you trust an online vendor enough to give them personal AND financial information, their site being compromised may play a serious deterrent in their decision making process.
Selling links or advertorials
I am not here to judge you. You are already breaking the Google webmaster guidelines and one would assume that you knew this when you began operating. The chief problem you will be facing now, is that your site’s hacking has generated serious attention to it and is likely exposed for what it is. Not only that, if you relied upon having a quality Domain Authority and Trust Rank, then this is likely to be damaged at least in the short term. Having damaged metrics will mean you can no longer request as large a payment for your links, as they have just become less valuable.
Traffic Loss and Its Relation to Revenue
Losing traffic is the first way that this hack stands to reduce your revenue. Less people viewing your site means less advertising money, or less customers who may decide to purchase from you.
Organic Traffic Loss
Assuming your website is not compromised with malware (in which case a red page will come up for any user about to access, warning them that they should reconsider), then you primarily stand to lose out on organic traffic to your website.
As users find your website listed in the SERP they will see the warning that the site may be hacked, and they may reconsider going to your site.
Not only will this affect the click through rate (CTR) of your listings, you will also find that your website is slowly (or maybe even quickly) declining in the rankings for your key words.
In my experience, I was honestly surprised that the CTR did not drop further whilst we were displaying the “this site may be hacked” message on the SERP.
I am unsure if the average user either did not notice it, or did not care.
I suspect this may be the reason that for very serious malware threats the user is presented first with a SERP warning, and then if that is not enough to keep them safe, they are presented with a giant red page telling them that it is a horrible idea to continue.
Note: If you are not serving malware, and a majority of your traffic is coming from social media, you do not stand to lose as much of your traffic as if you were relying upon Google search results for traffic generation.
We went from sitting at the 1st position for our main keyword, and then sunk to about the 7th position very quickly.
The rankings loss was only temporary and once we cleaned the site and did our own version of requesting a review (We did not have a Search Console Security issue warning), everything went back to how it was before the hack.
It helped that we acted quickly, and it helped that I had spent an entire day working out exactly what we needed to do.
One of the actions I needed to take, was to clean up a massive group of spammy backlinks that were now pointing directly at us.
The hackers had decided that even though we had some great Domain Authority and Trust metrics, that it wouldn’t hurt to give it a little nudge with some additional inbound links.
They had pointed a reasonably large amount of really low quality links at our home page.
The Google Search console has a tool that allows you to go in and manually disavow any spam links that are directed at you. If you have never used the disavow tool, then treat it with caution. You may want to consider having an SEO professional assist you with the link audit and disavow process.
Potential Trust Loss
There is no denying it, when a member of the public finds out that you have lost control of their personal (or god forbid financial) data, they will lose trust in you.
The way you conduct yourself after this hack will play a large role in whether people go on to trust you again, or if they simply move on and find a new supplier or website to engage with.
If you have lost personal data, notify people. It is better than having them find out from some other means, and it will help to show that you are a transparent and honest webmaster who fell victim to a crime.
Let people know what steps you are taking to ensure that this is not going to happen again.
If you can afford it, perhaps consider gaining some assistance from a professional PR firm.
If you cannot afford a PR firm, then you just need to show people that you were a victim, and that you are working your hardest to make things right.
Direct Costs Associated with Detection, Quarantining, Cleaning up and Recovering from the Hack
As much as a healthy dose of retrospect is not what you want to hear right now, prevention is always better than a cure.
I am sure that next time you are going to be more prepared and that you will now realise the importance of preventative maintenance and infrastructure.
In the mean time, think of it like this.
If you drive a car, and do not regularly make sure that it is serviced, topped up with oil, and generally maintained; you may feel like you are saving money and effort.
However, when the car finally does break down, the costs associated with towing it from wherever it let you down and then fixing it, will be considerably higher than the costs that would have been associated with keeping it maintained from the word go.
I learnt this exact lesson about cars when I was a teenager. It was not until I suddenly had to send a car to the wreckers rather than foot a giant bill to fix my neglected engine that I finally realized the cost benefit scenario of preventative maintenance will always beat the cost benefit of only having an expert investigate after a problem.
If you do not currently have anyone looking after your website security, there is a good chance that this has helped the hackers win this time.
Paying someone to come in and fix it will always be more expensive than paying someone to help make sure this doesn’t happen in the first place.
Likewise, even if you are not paying for someone to help fix it or paying someone to help prevent it, think about your time.
A small commitment each week to maintain security on your site will likely be less time consuming than the process you are about to commence.