Discovering that your website has been hacked can be an overwhelming experience. Whether you’re a small business owner, blogger, or run an e-commerce platform, a hacked site can lead to data loss, lost revenue, and damaged customer trust. The good news? There are clear steps you can take to assess, recover, and secure your site after an attack. In this step-by-step guide, we’ll walk you through exactly what to do if your website has been hacked.
Step 1: Stay Calm and Disconnect Your Site
First and foremost, don’t panic. Acting rationally and methodically is critical. If your website has been hacked, the first action you should take is to temporarily take it offline or put it into maintenance mode. This prevents further damage and stops visitors from being exposed to malicious content.
If your web hosting provider offers the option, disable public access or ask for temporary suspension while you investigate the breach. You can also redirect your traffic to a static HTML page that explains the site is undergoing maintenance.
See how Click Return can drive more traffic to your website
- Social Media Marketing: Amplify your key message, increasing traffic and sales.
- Search Engine Optimisation: Grow your SEO traffic and enjoy visible results.
- Pay Per Click Advertising: Smart paid strategies with guaranteed ROI.
Step 2: Notify Your Hosting Provider
Contact your hosting provider’s support team immediately. Reputable hosts typically have protocols in place for dealing with compromised websites and may offer assistance in cleaning up the hack. They might also provide logs and security scans to help identify the source of the attack.
In some cases, the host may detect the hack before you do and take preventive measures. Either way, involving them early ensures professional help and fast resolution.
Step 3: Scan Your Local Computer
Before you log into your website or web server, scan your local computer for viruses, keyloggers, or malware. Sometimes, hackers gain access through compromised credentials that were harvested from an infected device. Use a trusted antivirus or anti-malware tool to ensure your machine is clean.
Step 4: Identify the Type of Hack
Hacks come in many forms. Identifying the type can help guide the cleanup process. Here are some common symptoms:
- Defacement: Your homepage has been changed, often with hacker messages or graffiti.
- Redirects: Visitors are redirected to spammy or malicious websites.
- Malware: The site is flagged by browsers or Google as “harmful.”
- Phishing: Your site is used to mimic another and steal user credentials.
Use online scanners like Sucuri SiteCheck or VirusTotal to detect malware or blacklist status.
Step 5: Change All Passwords
Immediately change all passwords related to your website. This includes:
- Website admin accounts (e.g., WordPress, Joomla)
- cPanel or hosting control panel
- FTP/SFTP credentials
- Database passwords
- Email accounts associated with your site
Use strong, unique passwords and consider enabling two-factor authentication wherever possible.
Step 6: Restore from a Clean Backup
If you have a recent, clean backup of your website, now is the time to use it. Restoring from a backup can be the fastest and safest way to get your site back online. Be sure the backup is free from malware or backdoors before restoring.
If you don’t have a backup, you’ll need to manually clean the infected files, which may require professional help.
Step 7: Remove Malware and Fix Vulnerabilities
If a backup is not available, perform a thorough cleaning of your website files and database. This includes:
- Scanning and removing suspicious or unknown files
- Checking your .htaccess file for malicious redirects
- Looking for new or unauthorised admin users
- Examining the database for injected malicious code (especially in content fields)
There are many malware removal tools available, and some web hosts or security services like Sucuri or Wordfence offer professional cleanup services.
Step 8: Update Everything
Outdated software is one of the leading causes of website hacks. Make sure to:
- Update your CMS (like WordPress, Joomla, or Drupal)
- Update all themes and plugins
- Remove any themes or plugins that are not in use
Regular updates patch known vulnerabilities and reduce the chances of future attacks.
Step 9: Request Removal from Blacklists
If your site was flagged or blacklisted by Google or antivirus vendors, you’ll need to request a review after cleanup. Use Google Search Console to check if your site has been flagged and request reconsideration after verifying that it’s clean.
This step is critical to restoring search engine visibility and user trust.
Step 10: Strengthen Future Security
Once your site is back online, it’s time to harden your defences. Consider implementing the following measures:
- Install a web application firewall (WAF)
- Set up regular automated backups
- Limit login attempts and monitor login activity
- Use secure file permissions
- Schedule routine malware scans
See how Click Return can drive more traffic to your website
- Social Media Marketing: Amplify your key message, increasing traffic and sales.
- Search Engine Optimisation: Grow your SEO traffic and enjoy visible results.
- Pay Per Click Advertising: Smart paid strategies with guaranteed ROI.
Conclusion
A hacked website can feel like a disaster—but with a clear action plan, recovery is entirely possible. The key is to act quickly, thoroughly clean the infection, and implement stronger security to prevent future breaches. By following the steps outlined in this guide, you’ll not only recover from a hack but also build a more resilient website moving forward.
For more information on what to do if your Website Has Been Hacked contact Click Return.
For information on Google Pay Per Click Advertising check out our PPC Marketing Services.
To obtain more information on our Search Engine Optimisation Consultants check out our SEO Services.
For information on Website Design and Build check out our website design packages.
