Website hacking — it’s getting worse. Reduce the risk with Google

Wordfence firewall blocked website attacks

A sobering announcement from Google this week that 32% more websites got hacked in 2016 than in 2015. Furthermore, Google doesn’t expect this trend to slow down, but to get worse.

If you have a website that’s worrying news.

However, there are things you can proactively do to reduce the risk of being hacked and the subsequent disruption to your business.

One of the key things to do is to register your website with Google Search Console (GSC). It’s a free service from Google which we consider absolutely essential for any website. The main reason being that GSC provides incredibly useful insights into website performance.

But additional to this is that if Google detects your website has been hacked they will notify you through GSC.

Yup, Google’s watching your back. But you need to be tuned in to get the message.

The alarming thing is that last year 61% of webmasters whose sites were hacked never received a notification from Google simply because their sites weren’t verified in Search Console. You’ve got to wonder how much damage they suffered before they finally realised their site had been compromised.

Certainly, traffic from Google search will dry up pretty quickly because Google labels hacked sites in search results as in the example below.

Google warning about website being hacked

If you see results like the above, don’t click on them to avoid the risk of your computer getting infected.

And if you see this warning on search results for your own website, immediately register and verify it in Google Search Console, if you haven’t already.

Then sign in to Search Console and check the “Security Issues” section to see details of sample URLs that might be hacked. Fix the security issue that allowed your website to be infected. Google provides detailed information on how to fix your website if it’s been hacked.

Once you’ve cleaned up the mess the next step is to request a review in the Security Issues section in Search Console. When Google’s satisfied your site is fixed, they’ll remove the “This site may be hacked” message. The good news is that last year 84% of webmasters who applied for reconsideration by Google were successful in cleaning their sites.

Of course, prevention is way better than cure and there are some simple things you can do to protect your website.

First and foremost – keep your website software and plugins up-to-date! So simple, and yet overlooked by way too many website owners.

Content Management Systems, such as WordPress, are being continually updated. While many of the updates are related to enhanced functionality, the main reason for updates is to plug holes that hackers have uncovered and are exploiting. The same applies to plugins.

It doesn’t matter what CMS system you use – you really should keep it up to date. In many cases, you can configure your site to automatically update itself.

It’s also a good idea to make sure you have a good firewall protecting your website. If you have a WordPress website we recommend using the Wordfence plugin which is available in both free and paid versions (the latter has more functionality). According to Wordfence, there are over 40,000 attacks happening every minute against WordPress websites.

The Wordfence plugin actively works to block attacks by hackers and it identifies any vulnerabilities on your site, such as out of date plugins. It also reports the number of attacks against your site that it’s successfully blocked. You’ll be astounded at the numbers (you may be getting hundreds every day).

Why should you care?

If you run a business website, the implications of the site being hacked can be catastrophic.

It’s clear from Google’s report that hacking is getting worse and so it’s more crucial than ever that website owners protect their sites. It doesn’t have to be complicated and, as noted above, there are some excellent free tools available.

Click here for more search marketing news.


The latest news about web marketing, SEO, PPC Advertising & Web Analytics. But only the stuff that matters from a New Zealand perspective. Delivered to your inbox each Monday.

If you found this useful, please tell your friends.

About the Author Mark Sceats

Mark is a Partner and Senior Consultant at SureFire which he founded back in 2002. Prior to establishing SureFire he worked for KPMG Consulting. Today Mark heads up SEO, embracing the challenges that can come with complex website implementations. Outside of work, his interests beyond his family are running, snowsports, diving and fishing (badly).

follow me on: