Restaurant Websites

A Case Study: How to Prevent a Restaurant Website Catastrophe

Old Chicago Pizza & Taproom Website

Would you know if your restaurant website has been hacked?

If it weren’t obvious on your home page, like what happened to some other Midwest restaurants recently, would you know how to discover whether this has happened to you?

It’s crucial, because even if it’s not apparent on your home page, it can have a catastrophic impact on your search engine visibility and harm your restaurant’s reputation. In fact, your restaurant could utterly disappear, or worse, give off the exact wrong impression to people who search for you.

Let’s look at what happened to Old Chicago

First of all, let me tell you that this discovery was accidental. I bear no ill will towards Old Chicago — its brand, its people, or its website for that matter.

Here’s how it began: I performed a search the other day to see if there was any news on Old Chicago Pizza & Taproom with regard to piloting or deploying tablets on tables.

That search yielded this page, below. (Quick note: With any of these screenshots in this post, you can click on the image to enlarge.):

Old Chicago Tablets

Yikes. The alarming thing about those pages is that Google thinks they all reside on Old Chicago’s website, though clearly they have nothing to do with the kind of tablets I was looking for.

We’re going to dig into this more and give you an action plan for your restaurant website. But first, a quick timeout.


We’re currently seeking a collaboration with five (5) restaurants who will grant us access to their Google Analytics for a short period of time, in order to look for insights, problems, and opportunities that those restaurants can capitalize on. There is zero charge or “upsell” involved in this study.

Your details will be held in strict confidence and will not be shared publicly — nor even that you participated. But we will share detailed insights with you via phone and email. If you’d like to participate, please use our contact form.


Back to our story.

The alarming results of the “old chicago tablet” search prompted me to do a “site:” search of the oldchicago.com website — where you can search all of the pages only for a specific domain or URL.

I wanted to see how rampant this is at Old Chicago’s website. Have you ever done this with your own domain? Simply go to Google, and in the search box type “site:yoururlhere.com”. No http or www should be necessary.

When you do this for Old Chicago, this is the first page you’ll see (at least for now):

Old Chicago Site Search

Google estimates there are 15,200 pages available across the entire oldchicago.com website. Now, you performing this search for your own domain gives you the chance to see which of those pages are crawled and indexed by Google — what pages Google thinks exist on your website.

If you are not well-versed in the magic of Google’s free Search Console product (formerly called Webmastertools) — and I know most of you aren’t — this is a very fast way to see if you’ve been hacked in the past. It’s not a comprehensive way, but it’s a fast way to check.

Most often when a site is hacked it’s done so that the hackers can inject outbound links to their spam-riddled website selling pharmaceuticals or linking to porn.


Side story that’s relevant and important here. I received a phone call from a law firm in Colorado recently who had a similar problem. If you visited their home page everything looked fine. But if you clicked on a link to ANY interior page, you got a 404 error — the error you get when a page doesn’t exist.

Meanwhile, if you did a search for this law firm, not even a “site:” search mind you, you’d see sub-pages for porn listed under the law firm’s home page on Google’s search result page. So to summarize here — you couldn’t access any page on the law firm’s website except the home page, and if you searched for the law firm you’d think they had sub-pages to view porn on their website.

Not good. Don’t let this be you.


Alright, back to Old Chicago and the lessons and action items for you.

If you look again at that second screenshot above, you’ll note the Google search engine result page shows the first 10 pages available at oldchicago.com, and all of those look fine, right? But just like any search you perform at Google, you can click the Next button at the bottom to see more pages.

Don’t think you’re in the clear because the first page of results is clean

Let me just tell you what you find.

Page two is fine, just like page one. Page three is where trouble arises. See below.

Old Chicago Site Search Page 3

Boom, here they come. And it continues on multiple additional pages.

The lesson here is that just because you don’t see that your restaurant website has been compromised doesn’t mean that it hasn’t been.

In a future post that we’ll publish very soon (as in, next week), we’ll give you more insight into how Google Analytics and Google Search Console can be used to ferret out these reputation time bombs. For now…

Here are 4 steps you can take today to get your restaurant website locked-in

1. Change the login details to your website frequently.

But don’t just change them, use login credentials that aren’t predictable. Dictionary words with simple number strings are no longer secure enough. Random letters, mix your lower case with upper case, add numbers, and add characters like @#&^$*(~ to your passwords.

Yes, they’re harder to remember. But yes, they’re harder to hack.

2. Create secondary and short-term admin access to others.

When a new member of your team or a third party needs access to your website, create alternative, short-term admin credentials for them. The more people who have login access to your account, the more your odds increase for a catastrophe.

You may keep your password secure, but that doesn’t mean they don’t write it down along with your URL in an unsecure manner.

3. Perform regular site: searches of your domain.

Listen, if that didn’t jump out at you early on in this article, then I don’t want to tell you other than this: you’re probably going to run into a problem at some point. If it can happen to a larger chain like Old Chicago, it can happen to you.

4. Create a Google Search Console account.

Google Search Console AlertsHere’s a link to the Google Search Console help center. Search Console addresses much, much more than the focus of this article, hence the reason you need to be using it. But among its many features are alerts that help you become aware of potential problems.

There’s an Alerts section in particular that can help you stay on top of these types of problems — and many other ones that can do significant damage if not attended to regularly.

Search Console gives you insight into how your site is being crawled by Google, how many pages have been indexed, what errors Google encountered when trying to crawl your site, what pages are producing 404 errors, a list of who links most to your site, and more.

Does this help or does it just scare you?

I hope this makes you aware of potential dangers lurking with your website. If you want some hands-on help with this, fill out our contact form and we’ll figure something out. Let us know if you found this article helpful in the comments below or by reaching out through Twitter.

Next week, we’ll tackle what to do if you uncover these types of unfortunate pages and links.

About the author

Brandon Hull

Brandon is the original founder of NextRestaurants.com. He has helped thousands of restaurants implement innovative marketing strategies, campaigns, and tactics by incorporating new technology, in order to attract loyal guests.

1 Comment

Leave a Comment