Hosting Tutorial & Guide

Is Your Website Hacked? What to Do Now to Fix It?

updated on Jul 12, 2015
Is Your Website Hacked? What to Do Now to Fix It? If you visit a website and receive a message from the browser saying "this website might harm your computer", it's probable that you will leave the site for the sake of the your PC's security. So do the visitors of your website.

If you have noticed unusual errors or file changes, or any other strange signs happening your site, it's possible that your site has been hacked. Then what should you do?

This tutorial helps you in these processes: deciding whether your site is hacked, figuring out the causes, recovering your site from the attack, and preparing it for future attacks.

How to See Whether Your Site Has Been Hacked?

In the worst case of hacking, your website cannot be accessed normally, and the hacker usually puts a declaration on your site telling that the site has been hacked by him/her along with a strange background image.

But in most cases, the hacker does not want to damage your website. Instead, he/she uses malicious code to take control of your site to steal things like personal information. If you have been in one of the following situations, your site is probably in the danger of hacking.
  • Links to a "bad" website with malicious content are added to your website unconsciously.
  • Your website content or design has been falsified unwantedly (full of advertisements, for example).
  • Google or web browsers show a warning message indicating that your website is compromised.
  • Your website receives strange traffic occasionally with spikes caused by the visits from non-target countries.

How to See Whether Your Site Has Been Hacked

How Did Your Site Get Hacked?

At the first sight of your corrupted website, you must be irritated and asking yourself "WHY ME?". But now you should calm down and look into the most possible causes for the attack so that you can know what to do to get the site recovered. Below are the common reasons, or you can check the log files to determine the exact cause.
  • Malware on your local computer. If you have malware running in your local environment, your website can be easily badly affected. The hacker can make use of the malware to add spam or inject malicious code on your site with the minimum effort.
  • Your login credentials have been leaked. If the username and password of the administrator are predictable, hackers can get into your website facilely. Also, many hackers launch brute force attacks to gain access to websites.
  • Security vulnerabilities in the application you are using. This kind of problems are usually caused by out-dated versions of applications (like WordPress and Joomla) and extensions, or badly coded plugins/themes.
  • The shared server you use has been hacked. If you are using shared hosting, the security of the server affects all websites on it including yours. When the server is hacked, your site can be inaccessible or become insecure.

How Did Your Site Get Hacked

How to Recover Your Site from an Attack?

Now that you have known how the hacking happened, you should take the corresponding measures to recover your site and get anything malicious off it. Follow the suggestions below to do what you have to.

Scan your local computer to clean malware.

It's necessary to make sure that the local environment is completely secure. You may need to run a malware/anti-virus scan on your local computer to find all the viruses, Trojan horses, spyware and worms. In fact, a full scan should be performed regularly. You can find an anti-virus software to complete the task for you. If you are unfamiliar with this, refer to these malware scan tools and tips.

In addition, for the local machine, you have to keep all things up-to-date, including all the software installed, the router's settings, and the operating system. Don't miss an update ever.

Put your website into maintenance mode.

Before cleaning up and recovering your site, you have to put it into the maintenance mode at first. You should do that as soon as you notice the hacking to reduce the bad impact. Doing so also allows you enough time to fix things without affecting your website fame and visitors' experience.

But if you cannot even gain access to the admin area due to incorrect username or password, you need to use tools like PHPMyAdmin to access your database and reset the user directly.

Contact your hosting provider.

You have to contact your hosting provider as soon as you are aware of the attack especially when you use a shared server. The provider should be able to help you confirm whether it is a real attack or just a service outage/misconfiguration. In addition, they can help trace what happened and locate the malicious content.

If the attack is not very serious and does not affect other sites on the same server, most web hosting providers do not clean up your website for you, but they will provide assistance and suggestions to help you out.

Contact Your Hosting Provider

Recover your site from a clean backup.

Ideally, you are keeping a recent backup of your site which is confirmed to be clean, so you can just restore your site to get everything cleaned up. This is exactly why data backups are important. If you are not in the case, you will need to make a manual endeavor to remove the unwanted content.

Scan your website for malware and injected files and remove them.

If your website has been messed up, there must be malware and injected files on your server. First of all, you have to find them out by scanning the whole site. In the case that your site is built with WordPress, this task is more than easy because security plugins like Sucuri can do the job for you. Once you find out the origins of the attack, make sure to remove all the malicious things.

It is suggested that you should scan your site regularly to detect the malicious changes and files, so that even if there is a successful hack attempt, you are able to minimize the damage.

To prevent future infections of malware, you can sign into Google Console. When you website is identified with malware, this service will send notices to you.

Make sure your website is not blacklisted.

When your website is hacked, it can be blacklisted by Google, Yahoo and Bing. Even if there is only a link on your site directing visitors to a server with malicious content, your site can be regarded as an intermediary domain by Google. Messages like "This site may be compromised" will show in the search results. Google Webmaster Tools can warn you of blacklisting.

After cleaning up your website content, you must request a malware review from Google. Only if the site passes the review successfully can it be pulled out of Google blacklist.

Update all passwords to make them long and complicated enough.

The importance of secure passwords has been emphasized enough. So you should now update the passwords of all administrators of your site to make sure that they are not leaked. Then, you should also enforce strong password for all users, and enforce them to change the password regularly.

Update all passwords

How to Prevent Future Hacking?

Finally and luckily, you have pulled yourself out of the dark. Hating the hacker and the complicated recovery process? Then you should consider taking the following basic measures to protect your site from future attacks. Besides, an all-round website security tutorial is coming soon.
  • Keep everything on your website updated to minimize the vulnerabilities.
  • Use a web application firewall to block the known resources of hacking.
  • Lock down the admin area of your site. Do whatever you can to secure the backend: limiting the login attempts, restricting the IPs, and anything else.
  • Keep backing up your site.