WatchThatPage, Response Time & Hackers

We don’t build or manage all of our client’s websites here at Stem.  Sometimes it’s us at the controls, and sometimes we collaborate with the client’s in-house or local web developer.  It’s an arrangement that works quite well most of the time.

One situation where it can cause problems, however, is responding to a website that has been hacked.  Ignoring the fact that security measures should be in place prior (complex passwords, login lockdown protection, etc.), the speed at which you respond to a website that’s been hacked is absolutely critical. Especially when it comes to protecting that website’s search rankings.

Let me explain a bit more… One of the biggest hacking problems out there currently is a completely stealth operation; that is, once control of the website CMS is taken over by the hacker, hidden pieces of code are injected (or files uploaded that run outside the target site’s navigation structure). The intruder’s spam insertion is also completely invisible to site viewers without inspecting the webpage code.  The hacker’s motive? To strip off some of the target website’s trust & link value, and route it to another money making venture.

Now unfortunately, the way most Firms (& Webmasters) find out about this type of attack is that their pages almost entirely drop out of search engines.  Here’s a frequent scenario:

  • someone complains that they can’t be found in Google;
  • webmaster inspects & the hacked code snippets are found;
  • panic;
  • passwords are changed globally; and finally,
  • better security measures are put in place.

The bigger problem now? Google & the other search engines believe you run a spam website!  Suffice to say, you don’t want the headache of cleaning your site code, manually removing spam URLs from Google, and ultimately submitting a re-inclusion request explaining to BigG your remedies & new security.  So now – with context – finding out about any hack ASAP & responding before the search engines can index that spam code is … critical.

One helpful solution we came across recently, almost accidentally, is using WatchThatPage.  WTP is a tool we normally use to alert us about client news items & events (sans-RSS…). This time though, WTP identified that the client’s webpage had changed and alerted us within an hour of the attack. Rather than on-page text changes, the hacked-code insertion was detected.  The client was alerted, and their local developer had the site fixes in place a few hours later.

The end result?  Not one page dropped out of the search engines!

So two lessons I’d like to pass along:

  1. Website security needs be taken seriously: At the very least, do these two things: 1) add longer complex passwords (10 characters plus, no dictionary words); and 2) lockdown your CMS login – if you use WordPress, we highly recommend the plugin linked above.
  2. Get an alert service to email you when your webpage code has changedWatchThatPage proved to be a big help; and it’s likely we’ll expand it’s use to more client websites in the future.


  1. […] this, but the easiest I’ve worked with is the Limit Login Attempts plugin. I know we’ve written about this plugin before, but man! It’s pretty […]

    @ 9:06 am
Legal FAQ Collections