Last year, two of our clients had their websites hacked. I’m not sure if that’s a representative proportion of how many commercial websites are compromised in this way, but it’s evidence that it can happen to almost anyone.
If you run a security system (such as the Wordfence plugin for WordPress), you’ll have been horrified when you installed it to see how many unauthorised attempts to get into your website are being made every day. This blog alone has over 100 every week, and that’s not particularly high.
Once upon a time when your website was hacked, you visited the site to find it had been replaced by a page full of pirate symbols or something like that. Today, things are much more subtle. Many successful hacks don’t reveal themselves for some time. They might be set to serve up specific information to a small number of visitors, so they may not be noticed by the website owner for days or weeks. Our clients’ sites which were compromised both started to show pop-up messages advertising a scam. But the clients only discovered what had happened when they got a message from Google Search Console (always a great monitoring tool).
Obviously if this happens to you, it’ll be important to sort it out quickly. Do you know what you would do? It’s worth thinking about. Many people panic and have no idea. If you would need someone technical to help out, why not identify them now?
Not for the first time, Google has produced some very good introductory information to the topic.