When your website gets hacked

What steps do you need to take to get back on track quickly?

If you look through search engine results you won’t need to go too far before finding dental websites which have been hacked. Google in particular, is now quite adept at identifying hacked sites and flagging these with a warning message advising you not to click.

Modern browsers and anti-virus software are also better than ever when it comes to blocking hacked sites and reducing the risk of the malware spreading. However, it’s clearly best not to be in that situation in the first place and not get hacked. But what steps should you take if you are unfortunate enough to be compromised? Before we step in, let’s take a quick look at the type of websites which get hacked and why it happens so you can determine the risk.

Which types of websites are most prone to hacking?

It’s very hard if not impossible to hack a traditional website which is built in flat html and any hacks of this nature tend to come where a server has been compromised i.e. not via the “front end” of the website itself. The huge majority of hacks occur with database driven websites, so information sites which have content management systems or ecommerce systems.

The most hacks occur with the WordPress platform which although popular, needs a significant amount of maintenance to stay secure. However, even well-maintained WordPress websites have fallen victim to new hacks which have happened in a very short space of time. Other content management systems also need maintenance but WordPress is historically more prone to compromise than any other.

So if you have a website which fits into one of those categories, your risk is higher than if you have a website which is built with traditional “flat” html and consequently you need to take extra precautions.

Unfortunately most hacking occurs where a designer delivers a website but then fails to maintain it. This can happen for a couple of main reasons, 1) they can’t be bothered even though you paid them and 2) they delivered a website built with a pre-made template and/or plugins which then became incompatible and couldn’t be supported. Both of these scenarios are much more common than you might imagine and many dentists fall foul of the hackers who check constantly for vulnerabilities which can be exploited.

What do you do if your dental website gets hacked?

The first thing that tends to happen is panic and understandably so. Where we have been called to help dentists, often they didn’t even realise they’d been hacked until one of their patients called in to advise. Usually they try to call their original designer who typically also panics and then walks away, leaving the dentist to look for support elsewhere and feeling thoroughly abandoned. To be frank, it’s not a good situation, but one that can be recovered depending on the scale of the problem.

In the case of a compromised content management system, it should be that your hosting service holds sequential back-ups of your website and hopefully a version which has not been compromised. In this circumstance, it should be possible to reinstate the back-up and then patch it to stop the hack from happening again. However, as mentioned above, if the system has not been maintained, simply updating the core files and plugins may not be as easy as it sounds and can actually completely break the website. Each case will be different depending on the hack, the type of website and how badly it was compromised; but the key action is to find a trustworthy expert to evaluate and assist.

Depending on how long the hack has been in place (some are sneaky and it’s difficult to notice) then Google may have picked it up and flagged the website as noted in the introduction above. In this case, you need to ask Google to conduct a malware review after you are sure that your website is clean again. Only then will they remove the warning messages which they display in the search results.

What if my website cannot be recovered?

Sometimes it is not possible or cost-effective to recover a hacked website and in this circumstance, you need to start again with a new design as quickly as possible. A well-ranked website is a critical tool for securing new dental patient enquiries from the web and to lose it can create long-lasting difficulties. Whilst a new website can be re-established reasonably quickly, perhaps within a couple of weeks, Google ranking results can be lost very quickly and may not easily be recovered. So again you have to act quickly.

In this scenario, as a minimum you need to ask your designer to establish a holding page on your domain with all of the usual contact details in place and an appropriate “new website coming soon” message. At least this way your patients still have a good chance of finding and contacting you. Your designer should also be able to help you get the Google warning messages lifted, although this can take several days unfortunately.

Summary

Website hacking is prevalent and the risks for some sites are significantly greater than others, even where you think your web company is staying on top of your maintenance. In many cases they aren’t, although you won’t know unless you have some experience and know how to check. So be aware of these risks and make sure to check carefully with your provider before you sign up. Put the onus and responsibility on them formally if you are paying them to do it. This way you’ll be mitigating most of the risks as long as they keep to their contract.

If you are unlucky enough to be compromised by a website hack, they key is to act quickly and seek advice, quite possibly with an alternative supplier. The hack is likely to have occurred because your current designer was not on top of the job, so would you trust them to make it right sustainably? Hopefully your site is recoverable, but if not, you need to act quickly to get a replacement up-and-running to avoid losing new patient enquiries and lost Google ranking results.

If you suddenly find your dental website has been hacked and you need assistance, please call the team at Dental Media for advice on 01332 672548. We will be able to determine what happened, assess the recovery options and get you moving again. If you haven’t been hacked but need an independent audit to make sure your web designer is doing the job you’re paying them for, you can also get in touch and we’ll be pleased to assess your website free of charge.