Finding out your website's been hacked is terrifying. That sinking feeling when you see unfamiliar content, warnings from Google, or visitors complaining about suspicious pop-ups.
Take a deep breath. Most hacked websites can be recovered. Here's exactly what to do.
Step 1: Stay Calm and Assess the Damage
First, don't make any rushed decisions. Deleting everything might seem logical, but you could destroy evidence or make recovery harder.
Check these warning signs:
- Unfamiliar admin users in your dashboard
- New files you didn't create
- Redirects to suspicious websites
- Google showing malware warnings
- Sudden drop in search rankings
- Visitors reporting pop-ups or virus warnings
Screenshot everything. You'll need this information later.
Step 2: Change All Passwords Immediately
Start with your hosting account. If hackers have hosting access, they can undo any cleanup work.
Change passwords for:
- Hosting control panel
- Website admin accounts
- FTP/SFTP access
- Email accounts linked to the site
- Any third-party services connected
Use strong, unique passwords. This isn't the time for "password123".
Step 3: Take Your Site Offline (If Necessary)
If visitors are seeing malware warnings or being redirected to dangerous sites, consider putting up a maintenance page temporarily.
Most hosting providers let you do this through their control panel. It's better to show "under maintenance" than let visitors get infected.
Step 4: Scan and Identify the Malware
You need to know what you're dealing with. Different types of malware require different cleanup approaches.
Free scanning options:
- Sucuri SiteCheck (online scanner)
- VirusTotal (upload suspicious files)
- Your hosting provider's security tools
Common types of malware:
- Backdoors (hidden admin access)
- Code injection (malicious scripts added to files)
- Pharma hacks (hidden pharmaceutical links)
- Redirects (sending visitors elsewhere)
- Defacements (obvious changes to your site)
Step 5: Clean the Infected Files
This is where it gets technical. If you're not comfortable editing code, skip to "When to Call Professionals" below.
For WordPress sites:
- Download a fresh copy of WordPress from wordpress.org
- Replace wp-admin and wp-includes folders
- Check wp-config.php for suspicious code
- Scan all plugin and theme files
- Look for recently modified files
Common hiding spots for malware:
- .htaccess file
- index.php files
- wp-config.php
- Theme functions.php files
- Plugin files with recent modification dates
Remove any code that looks suspicious or wasn't added by you.
Step 6: Update Everything
Outdated software is often how hackers get in. Update immediately:
- WordPress core
- All plugins and themes
- PHP version (through your hosting provider)
- Any third-party integrations
Delete any plugins or themes you're not using. They're just extra attack surfaces.
Step 7: Restore from Clean Backup
If you have a recent backup from before the hack, this might be your fastest route to recovery.
Before restoring:
- Make sure the backup is actually clean
- Don't restore the database if it contains malware
- Consider restoring files only and rebuilding content
Most hosting providers offer automated backups. Check your control panel or contact support.
Step 8: Harden Your Security
Once you're clean, prevent it happening again.
Essential security measures:
- Install a security plugin (Wordfence for WordPress)
- Enable two-factor authentication
- Limit login attempts
- Hide your admin area from bots
- Regular security updates
- Strong user permissions
Our website maintenance packages include security monitoring to catch issues before they become major problems.
Step 9: Request a Google Review
If Google flagged your site as compromised, you need to request a review once you're clean.
- Sign into Google Search Console
- Go to Security Issues
- Click "Request a review"
- Explain what you found and how you fixed it
This can take a few days to process.
DIY vs Professional Help
You can probably handle it yourself if:
- It's a simple defacement or obvious malware
- You're comfortable editing files
- You have clean backups
- The infection seems contained
Call professionals when:
- Multiple sites are affected
- Customer data might be compromised
- You're dealing with payment systems
- The malware keeps coming back
- Your business can't afford extended downtime
Professional cleanup usually costs £200-500, but it's often faster and more thorough than DIY attempts.
Prevention Checklist
✅ Keep everything updated ✅ Use strong, unique passwords ✅ Enable two-factor authentication ✅ Regular backups (and test them) ✅ Security monitoring ✅ Limit user permissions ✅ Remove unused plugins/themes ✅ Use reputable hosting with security features
Common Questions
How did my website get hacked? Usually through outdated software, weak passwords, or vulnerable plugins. Sometimes it's shared hosting vulnerabilities or compromised user accounts.
Will my SEO rankings recover? If you clean up quickly and request a Google review, rankings usually recover within a few weeks. The longer malware stays, the more damage it causes.
Should I pay the ransom? Never. Paying doesn't guarantee they'll fix anything or won't attack again. It just funds more criminal activity.
How can I tell if the cleanup worked? Run security scans regularly for the next few weeks. Monitor your Google Search Console for warnings. Check your site's behaviour and loading speed.
Can I prevent all future attacks? Nothing's 100% secure, but good security practices dramatically reduce your risk. It's like locking your front door - simple but effective.
When to Rebuild from Scratch
Sometimes starting over is faster and safer than cleaning up. Consider rebuilding if:
- The infection is deeply embedded
- You don't have clean backups
- Multiple attempts at cleaning have failed
- Your site architecture is outdated anyway
A fresh start lets you implement proper security from day one.
Getting hacked is stressful, but it's not the end of the world. Most businesses recover completely with the right approach. The key is acting quickly and methodically.
If you need help recovering from a hack or want to prevent future attacks, get in touch. We've cleaned up hundreds of compromised sites and can get you back online safely.