Finding out your website's been hacked is like discovering someone's broken into your house. Your heart races. Your mind goes blank. What do you do first?
Take a deep breath. We'll walk you through exactly what to do, step by step.
First Things First: Assess the Damage
Before you do anything else, figure out what you're dealing with.
Check these warning signs:
- Your site displays content you didn't create
- Visitors see warnings about malware
- Your Google rankings have suddenly dropped
- You're getting complaints about spam emails from your domain
- Your hosting provider has sent security alerts
Screenshot everything. You'll need this evidence later, and it helps track your recovery progress.
Immediate Action Steps
1. Change All Your Passwords
Right now. Don't wait.
Change passwords for:
- Your hosting account
- WordPress admin (if applicable)
- FTP accounts
- Email accounts associated with your domain
- Any third-party services connected to your site
Use strong, unique passwords for each account. Yes, it's tedious. Yes, it's essential.
2. Contact Your Hosting Provider
Most hosting companies have security teams who've seen it all before. They can often:
- Temporarily isolate your site to prevent further damage
- Provide server-level logs showing how the attack happened
- Help with initial cleanup
Don't be embarrassed. They deal with this stuff daily.
3. Take Your Site Offline (If Necessary)
If your site is serving malware to visitors or sending spam, take it down temporarily. A maintenance page is better than a hacked site damaging your reputation.
You can create a simple "under maintenance" page that explains you're fixing a technical issue and will be back soon.
WordPress Recovery Steps
If you're running WordPress (most hacked sites are), here's your action plan:
Scan for Malware
Install a security plugin like Wordfence or Sucuri. Run a full scan. These tools can identify:
- Malicious files
- Suspicious database entries
- Compromised user accounts
- Backdoors hackers left behind
Clean Infected Files
You have three options:
Option 1: Automatic cleanup - Premium security plugins can remove most malware automatically. Not 100% reliable, but worth trying first.
Option 2: Manual cleanup - Compare your files against clean WordPress installations. Delete anything that doesn't belong. Technical knowledge required.
Option 3: Restore from backup - If you have clean backups from before the hack, this is often the fastest route.
Update Everything
Hackers often exploit outdated software. Update:
- WordPress core
- All plugins
- Your theme
- PHP version (through your hosting control panel)
Delete any plugins or themes you're not using. They're just extra attack surfaces.
Beyond WordPress: General Recovery
Check Your Email
Hackers often compromise email accounts to:
- Send spam
- Reset passwords for other services
- Intercept security notifications
Scan for suspicious sent messages. Check your email forwarding rules haven't been changed.
Review User Accounts
Look for:
- New admin users you didn't create
- Existing users with elevated permissions
- Suspicious login activity
Remove any accounts you don't recognise immediately.
Monitor Your DNS
Hackers sometimes redirect your domain to their servers. Check your DNS settings haven't been changed, especially:
- A records
- MX records (email)
- Any unusual subdomains
Preventing Future Attacks
Getting hacked once is bad enough. Getting hacked twice is embarrassing.
Essential Security Measures
Keep everything updated. Set up automatic updates for WordPress core and enable plugin notifications.
Use strong passwords and two-factor authentication. Make hackers work harder.
Regular backups. Store them somewhere separate from your main hosting account. You can't restore what you don't have.
Security monitoring. Many website maintenance packages include security monitoring that catches problems early.
Limit login attempts. Stop brute force attacks before they succeed.
DIY vs Professional Help
You can handle this yourself if:
- You're comfortable with technical tasks
- The hack is straightforward (defaced homepage, obvious malware)
- You have recent, clean backups
- You have time to learn and implement security measures
Call in professionals if:
- Your site handles sensitive customer data
- The hack is sophisticated or recurring
- You can't identify how they got in
- Your business depends on your website being online
- You don't have time to become a security expert
Professional cleanup typically costs £200-£800, depending on complexity. That's often cheaper than the business you'll lose from an extended outage.
Quick Recovery Checklist
- [ ] Change all passwords
- [ ] Contact hosting provider
- [ ] Screenshot evidence
- [ ] Scan for malware
- [ ] Clean infected files
- [ ] Update all software
- [ ] Remove unused plugins/themes
- [ ] Check email accounts
- [ ] Review user accounts
- [ ] Verify DNS settings
- [ ] Set up monitoring
- [ ] Create fresh backups
When to Get Professional Help
If you're reading this while your site is currently hacked, and you're feeling overwhelmed, that's completely normal.
Website security isn't something most business owners should have to become experts in. If you need help with cleanup or want to prevent future attacks, get in touch. We've cleaned up hundreds of hacked sites and can usually get you back online quickly.
For DIY security monitoring, try our free website audit tool to check for common vulnerabilities.
FAQ
How long does website recovery take? Simple hacks: 2-6 hours. Complex infections: 1-3 days. Professional help speeds things up significantly.
Will I lose all my content? Not necessarily. Often the content is intact and only certain files are infected. That's why backups are crucial.
How do I know if the hack is completely gone? Run multiple malware scans, monitor your site for unusual activity, and check search engine warnings have been lifted.
Should I pay the ransom if hackers demand money? No. There's no guarantee they'll actually fix anything, and it marks you as an easy target for future attacks.
Can I prevent all future hacks? No website is 100% hack-proof, but good security practices make you a much harder target. Hackers usually go for easy targets.
Getting hacked doesn't mean you've failed as a website owner. It happens to major corporations and government sites too. What matters is how quickly you respond and what you do to prevent it happening again.