Advertisement

What Ruto’s official State House website currently displays after being hacked

What Ruto’s official State House website currently displays after being hacked
President William Ruto/@WilliamsRuto/X

Google continues to display previously indexed pages from President William Ruto’s official website even as the live pages remain unavailable following a cyberattack.

A check on Sunday, July 19, 2026, found Google listing the website under its previous title: “The Official Website of the President of the Republic of Kenya – H.E. William Samoei Ruto.”

The search results still display information captured before the attack, including links to presidential statements, government offices, and the Office of the President.

However, clicking the main Google result opens a temporary maintenance page instead of the normal presidential website, while attempting to open internal links returns errors.

Why Google is still showing old pages

Google search results do not always reflect the real-time condition of a website.

A screengrab showing indexed pages of president.go.ke that now throw 404 errors. PHOTO/Screengrab by People Daily Digital from Google by @davidnthua

The search engine records, or indexes, information when its automated systems visit a webpage. The title, description, and web address can remain in Google’s index long after the live page has been altered or taken offline.

This means a page can continue appearing in search results even when it is no longer accessible to the public.

Google’s current listing of the presidential website does not mean its normal content has been restored; it simply reflects what was available when the site was last indexed.

The results are expected to update once Google revisits the website and processes its current status.

What the homepage currently displays

The homepage of president.go.ke Currently displays “State House Kenya” at the top and notes that the platform is under the care of the Information and Communication Technology Authority (ICTA).

The official notice reads:

“Maintenance in Progress. We will be back Soon. Service Update In Progress.”

No menu leading to the website’s usual sections is visible on this maintenance page.

Instead, visitors seeking information about ongoing government tenders are explicitly directed to the Electronic Government Procurement portal at egpkenya.go.ke.

The homepage also provides the official State House inquiry telephone number, +254 (0) 20 2227436, for citizens requiring assistance.

What happens when users open the old links

A page of the homepage of the president.go.ke. PHOTO/Screengrab by People Daily Digital by @davidnthua

While Google continues to list several internal addresses belonging to the presidential website, attempting to open these indexed sub-pages produces a blank screen with a stark message:

  • “Not Found. The requested URL was not found on this server.”

The server also displays an additional message stating that it encountered another 404 error while attempting to use its designated error page.

This indicates that the server cannot locate the requested webpage and is simultaneously unable to display the customised layout normally used to explain errors to visitors.

What a 404 error means

A 404 error is a standard response sent by a website server when it cannot find the specific page requested by a visitor.

It proves that the user’s browser successfully reached the server, but the requested address itself was unavailable.

This error frequently appears when a page has been removed, renamed, or moved to another location. It can also occur when website routes, links, or underlying server rules are malfunctioning.

Websites under technical maintenance often return 404 errors when administrators temporarily withdraw internal pages from public access to protect the system.

A 404 error does not automatically mean that the data contained on the page was deleted, stolen, or permanently lost.

Homepage no longer shows hackers’ message

The current maintenance page is a significant shift from what appeared during the cyberattack on Saturday, July 18, 2026.

During the initial breach, the normal homepage was defaced and replaced with unauthorised messages targeting President Ruto.

The altered page also displayed a Bitcoin wallet address and demanded a ransom payment of five Bitcoins, warning that unspecified information would be leaked if the payment was not made.

Those extortion messages are no longer visible. The homepage now carries official State House and ICTA branding, confirming to visitors that authorised restoration work is actively in progress.

CS Kabogo during the ongoing Connected Africa Summit 2026 held in Nairobi: PHOTO/@honkabogo/X
CS Kabogo during the ongoing Connected Africa Summit 2026 held in Nairobi: PHOTO/@honkabogo/X

The government continues investigating the incident

Information, Communications and the Digital Economy Cabinet Secretary William Kabogo confirmed the cybersecurity incident on Saturday, July 18, 2026.

Kabogo stated that ICTA immediately activated its cybersecurity incident-response procedures after detecting the breach.

Access to the website was temporarily restricted to allow containment, forensic examination, and system restoration.

Preliminary findings show no evidence of unauthorised access to sensitive information, data removal, or loss of information.

Furthermore, Kabogo assured the public that other government systems and digital services remain entirely secure and operational.

ICTA is working alongside relevant government agencies and technical partners to establish the circumstances surrounding the breach through an ongoing forensic investigation.

The government has not yet disclosed who was responsible for the attack or how the hackers obtained access to the website, and no specific timeline has been provided for the full restoration.

Author

For these and more credible stories, join our revamped Telegram and WhatsApp channels.
Advertisement