7 Things to Do If You Think Your Website Has Been Hacked
Your website is taking forever to load. Maybe it’s just your internet connection, or maybe you need to clear your browser cache, or maybe… you’ve been hacked.
After a bit of forever, a message appears: “This site contains malware.”
Don’t panic. Here’s what you can do…
1. Check if your website has been hacked.
Aside from a lagging or an explicit message on your browser, other signs you may see when your website’s been hacked are:
- Your site is suddenly offline for an unknown reason.
- Your emails are ending up in the Spam folder.
- Your anti-virus detects a malware.
- You notice unusual account activity.
- You experience unusual device behaviour.
- Someone suspiciously asks to access your device.
- Your files are inaccessible, and someone is demanding payment from you.
You can quickly verify if your site’s been hacked by doing any of these simple steps:
a) Use Google Search Console.
- Log in to Google Search Console.
- Go to the “Security & Manual Actions” tab.
- Click on “Security Issues,” which will show you if there are any.
b) Do a Google search.
- Type in “site: [domainname.com]” and click search.
- Look for a “This site may be hacked” statement in the first few results.
c) Call your website developer or IT support to run a health check on the website.
Once you’ve confirmed the hacking, you or your tech team need to quickly do this:
2. Backup your website.
To prevent data loss, you can backup your site before making any changes. You could do a manual backup or download a full backup and use one-click restoration when available.
3. Change all passwords.
To prevent further damage, make sure you immediately replace all your passwords, including for:
- Primary FTP
- Secondary FTP
- WordPress, Joomla, or similar apps
If you’re not sure how to change your passwords or which ones to change, call your tech person and have them do it – but be fast.
When you change your passwords, make sure you use a different one for every account. Use strong passwords and use a password manager if necessary.
4. Inform your web hosting provider.
Unless they are already aware of it, inform your hosting provider that your website has been hacked. Ask them for any help they can provide. They might be able to help you find how your site was hacked and what else you can do about it.
5. Discover and remove the culprit.
Have your website or IT security provider find out what kind of attack was done on your website.
- Check your website files for malicious code.
- Scan your databases for anything suspicious such as unfamiliar entries and deleted data.
- Review the security logs associated with your website hosting provider.
Once you know the technical details, remove the malware used to do the crime. Make sure you create a backup of your website before changing making any changes. Again, if you’re not familiar with doing any of these, seek help from a website developer or IT professional.
6. Restore from backup.
Choose the last clean backup of your website to restore it. Some recommend doing this before fixing infected files, which could take some time to do.
7. Avoid future website hacks.
Once you have everything back to normal, make sure you take steps toward better website security. Below are some things you can do to minimise the probability of your website getting hacked again:
- Update all your software to the latest version – and do so regularly.
- Remove unused or obsolete plug-ins or extensions from your website.
- Set up regular (daily) website backups.
- Use the web application firewall.
- Enable security monitoring.
- Limit the number of website administrators.
- Install SSL to securely transmit data.
- Use strong passwords (you’ll hear this advice every time).
Website Protection: Do you want an “unhackable” website?
Ah, who wouldn’t? But as you may have already thought, nothing is 100% un-hackable. What you can do is strengthen your website security and always be on the lookout for new solutions. As we all know, prevention is better than the cure so take the proactive approach and look at our website maintenance and security packages.
But what if it’s too late…
Sometimes the damage is done and without the right security in place, unfortunately it may mean there’s no turning back. And now it’s time to re-build your website (or build a new one). But this time, make sure you have a security-first approach and implement a website security solution to help protect it against cyber threats, hacking, and malware.
Turn to the Website Security Experts
Just when you thought websites were confusing enough, throw in security and it can be a world of it’s own.
As passionate marketers and website developers who care about security, we’re here to help! Drop us a message if you need help securing your website – it’s never too late to start.
Subscribe to our newsletter mailing list today