Baidu SEO: How to Diagnose and Fix a Hacked Website
One of the most important facets of building a website on Baidu—or any search engine, for that matter—is ensuring it stays free from malware and vulnerabilities that may affect not just your user experience but your search rankings as well.
Hence, if your website has already been breached, you must fix it as the earliest opportunity to minimize the impact on your brand reputation and SEO.
In this article, let’s explore the symptoms of a hacked website and how to not only fix them but better safeguard your site from future attacks.
How do I know if my site was hacked?
Monitor How Your Search Results Appear on Baidu
One way to diagnose if your site was hacked is by checking how it appears as search results on Baidu’s search engine results pages (SERPs).
Search for brand- or product-related keywords associated with your site: If the search result appears beside a warning message in orange (“安全中心提醒您” meaning “security center warning”), it indicates that your site has already been or is in danger of being hacked.
Alternatively, you can use the site search operator to filter results by your domain name along with keywords associated with obscenity, such as “gambling” or “pornography”.
Warning message (in orange) beside a Baidu search result for a site at risk of being hacked
Monitor Anomalies in Your Site Traffic
Monitor your site traffic and keywords via Baidu Webmaster Tools to check for any anomalies in your data. Similarly, you can analyze the search terms users searched before finding your website for any mention of keywords related to obscenity and flag them.
Baidu Webmaster Tools: Traffic and Keywords
WANT DIGITAL INSIGHTS STRAIGHT TO YOUR INBOX?
How to Immediately Fix a Hacked Website
A hacked website points to security holes in your site, so you should fix them immediately and carry out maintenance practices to lower the chance it gets hacked again.
After you’ve sifted through your search results for suspicious activity, you can analyze and check your server’s access logs for the timestamp when your website was hacked. Then, with your original file modification timestamp on the server, you should be able to clear up the files uploaded or modified by hackers.
However, while timestamps can be acquired from access logs, hackers can modify the server’s access logs to show a different timestamp.
After you’ve deleted all hacked content from your site, set the hacked page as a 404 broken link and submit all broken links to Baidu Webmaster Tools so that Baidu knows not to index them.
3 Ways to Strengthen Your Website Security
Create a Backup of Your Website
If your site uses a content management system (CMS), opt for a system that can automatically create incremental backups of your website and detect changes made after each one.
Then, if your website has been hacked, you’ll be able to restore its previous version and remove any data and changes made since the backup rather than going for a complete backup every time.
Pro tip: Try storing your website backup files in at least two different places—one on the cloud and one on a portable hard drive.
Secure Your Web Server
Server passwords are often your first line of defense in protecting your server from hackers so ensure yours is complex and hard to crack. Deploy a combination of special characters, mixed cases, and numbers to improve your password strength.
Your server will need to accept data from end users for it to gather information, and while uploads are necessary, you should limit the amount of information going into the system.
To this end, periodically check server logs for suspicious access and use access controls to restrict who in your team can access the files or directories on your website and set their permission levels. This helps prohibit malicious file modification and the hiding or migrating of files outside the root directory.
Pro tip: Use authoritative website scanning tools to monitor your entire website for vulnerabilities and install a firewall.
Convert Your Site from HTTP to HTTPS
Migrating your website to HTTPS—using an SSL certificate—is vital for its security, particularly in its encrypted protection when processing payment or authenticating user logins. The encryption mechanism helps reduce the risk of website hijacking and counterfeiting.
***
Cyber-attacks are an alarming threat to any website on the web, so if your website has been hacked, learn to take immediate action and mitigate damage from future attacks.
