What to do if your website is hacked? How to fix and protect it

Stage 1: Diagnosis and Isolation

The first reaction to finding out my website has been hacked should not be emotional, but rational. You shouldn’t immediately rush to delete everything. It’s important to perform a diagnosis to understand exactly what happened.

1. Immediately Isolate the Site. First of all, you need to stop the spread of malicious code. If you have access to your hosting control panel (cPanel, Plesk, etc.), block access to the site by putting it into maintenance mode, or change the permissions of all files to 0 (which will make them non-executable). If this is not possible, contact your hosting provider’s technical support. This is a critical step to stop the damage and prevent the virus from spreading to other users or neighboring sites on the same server.
2. Change All Passwords. The hack may have occurred due to compromised passwords. Immediately change the passwords for FTP, SSH, the site’s administrative panel (CMS), databases, and, if possible, the hosting control panel access. Use complex, unique passwords consisting of upper and lower case letters, numbers, and special characters.
3. Determine the Type of Hack. This could be:
   • Malware Injection: Invisible but malicious code appears on pages or in files, redirecting users to other sites, stealing data, or using your server to send spam.
   • Defacement: The main page of the site is changed, and messages from hackers appear on it.
   • DDoS Attack: A hacker overwhelms your site with a huge number of requests, leading to its unavailability.
   • Phishing: A copy of your site is created to steal login credentials.
   • Data Theft: Attackers gain access to the database and steal confidential user information.

Stage 2: Eliminating the Consequences of the Hack

After isolating the site and changing passwords, you can proceed to the most difficult stage: how to eliminate the consequences of a website hack.

1. Scan and Remove Malicious Code. This is the most important step in what to do when a site is hacked. You can use specialized scanners like Sucuri SiteCheck, Wordfence (for WordPress), or other online services. You can also download all site files to your computer and scan them with antivirus software. Pay attention to files that have been recently modified, as well as the presence of unknown files in the root directories. Hackers often add files with names similar to system files (e.g., wp-config-back.php).
   • Manual Cleaning: Carefully check every file. Look for unusual code strings such as base64_decode, eval, shell_exec, gzinflate or suspicious iframe and script tags. If you are unsure, it is better to replace damaged files with their original versions from a clean CMS installation.
   • Database Cleaning: Malicious code is often injected into the database as well, for example, in the wp_posts or wp_options tables. Carefully check the content of the tables for suspicious data.
2. Restore from Backup. If you have a fresh, clean backup made before the hack, this is the best option. Restoring from a backup will quickly return the site to a working state. However, make sure the backup is genuinely “clean” as the malicious code may have been present on the site for some time before its detection. This is a critically important point, otherwise, you will just restore the problem.
3. Check and Update CMS and Plugins. After cleaning, you need to find out what caused the hack. In 90% of cases, the reason is outdated software. Update your CMS (WordPress, Joomla, Drupal), all themes, and plugins to the latest versions. Check if you are using outdated or unknown plugins that might have been vulnerable.
4. Reset Permissions. After restoration and updates, set the correct permissions for files and directories. Standard recommendations are:
   • Files: 644
   • Directories: 755
   • The wp-config.php file (for WordPress): 400 or 440 (so that no one but the owner can read it).

Stage 3: Protecting the Website for the Future

After the site was hacked and you “cured” it, you need to do everything to prevent it from happening again.

1. Regular Updates. This is the simplest and most effective way to protect your site. Set up automatic updates or do them manually immediately after new versions of the CMS, themes, and plugins are released.
2. Use Strong Passwords. Use complex passwords not only for the site admin but also for FTP, databases, and hosting. Use password managers so you don’t have to remember them.
3. Two-Factor Authentication (2FA). Enable 2FA wherever possible (on hosting, in the site’s admin panel). This significantly increases security, as even if a hacker knows the password, they won’t be able to log in without the second factor.
4. Install a Web Application Firewall (WAF). A WAF is a security screen that filters malicious requests to your site. This can be a plugin for your CMS or a service from your hosting provider.
5. Regular Backups. Set up automatic daily or weekly backups. Store copies not only on the hosting but also on a local computer or in cloud storage. This is your “lifeline” if everything else fails.
6. Restrict Access. If you don’t use FTP access constantly, turn it off. Restrict access to the admin panel to only specific IP addresses. For example, if you only work from home, you can allow access only from your IP address.

When to Contact Specialists?

If you are reading this article and do not understand most of the terms, such as “FTP”, “permissions” or “database” attempting to independently eliminate the consequences of the hack may lead to even greater problems. You might accidentally delete important files, damage the database, or leave a “backdoor” for hackers, allowing them to hack the site again. In this case, what to do if my site has been hacked? Seek help.

Who to Look For?

1. Specialized Web Security Companies. There are services that specialize specifically in cleaning and protecting sites from malicious code. For example, Sucuri, Wordfence (they have paid services), CleanTalk. They have experienced teams that will quickly and professionally perform diagnostics, remove viruses, and set up protection. This is the fastest and most reliable way.
2. Freelancers on Platforms. On platforms like Upwork, Fiverr, or local freelance exchanges, you can find qualified web development or cybersecurity specialists. It is important to carefully read reviews and check the portfolio to choose a reliable person. A search query might sound like: “remove virus from website”, “clean site from viruses”, “eliminate hack consequences.”
3. Hosting Provider Technical Support. Some hosting providers (especially large and reliable ones) may offer site cleaning services for an additional fee or as part of their service. Contact them with a request that the site has been hacked and ask if they can help. They have access to your server and can provide qualified assistance.

How to Prepare for Contacting Specialists?

Even if you are not a technical specialist, you can significantly ease the work of a professional.

1. Stay Calm. Remember that a website hack is a problem that can be solved. The sooner you seek help, the less severe the consequences will be.
2. Gather Information. Prepare all the access credentials you have: to the site’s admin panel (e.g., WordPress), to cPanel (hosting admin), to FTP. This is critically important data for the specialist to start work.
3. Describe the Situation. Try to describe exactly what happened as accurately as possible. For example: “Unknown text appeared on the homepage”, “The browser shows the site is unsafe”, “The site redirects to another resource”.

What to do if your website is hacked, and you don’t know where to turn? The best strategy is to delegate the task to those who know how to solve it. Contact a team of professionals like Outsourcing Team; this will save you time, stress, and finances in the long run.

Conclusion

“My website was hacked, what do I do?” This is a scary question, but one that has a clear answer. The key to successful recovery is swift and consistent action. First, isolate the resource, then thoroughly clean it, and most importantly, do everything to protect it in the future.

A site hack is an unpleasant experience, but it can be a valuable lesson. By following these recommendations, you will not only cure your site but also significantly strengthen its security, which will help avoid similar problems in the future. Remember that the best defense is prevention. Regularly update, create backups, and use reliable security tools.