In hopes to provide help to other webmasters who have been victims of hacking, Google shares two different stories of websites that had been hacked and then cleaned up by their owners, one of a restaurant website with multiple hack-injected scripts and another of a professional website with lots of hard to find hacked pages.
Cleaning up a hacked website is usually an involved task that often requires hiring a professional. Google advises to void the hassle by following a few simple steps to minimize chances of being hacked:
- Avoid using FTP when transferring files to your servers. FTP does not encrypt any traffic, including passwords. Instead, use SFTP, which will encrypt everything, including your password, as a protection against eavesdroppers examining network traffic.
- Check the permissions on sensitive files like .htaccess. Your hosting provider may be able to assist you if you need help. The .htaccess file can be used to improve and protect your site, but it can also be used for malicious hacks if they are able to gain access to it.
- Be vigilant and look for new and unfamiliar users in your administrative panel and any other place where there may be users that can modify your site.