my website has been hacked - now what? | WhatArmy

Dealing with a hacked website is a scary situation, but you will get through it. The first thing to do when dealing with a website hack is to try to stay calm. A lot of business owners and professionals find themselves in this situation and come to us for help, so you’re not alone, and we’ll walk you through what to do next.

We won’t waste any time.

What To Do If Your Website’s Been Hacked

  1. Check for malware: Scan your computer for malware with software like Malwarebytes to detect and remove any local viruses.
  2. Reset your password: If you can’t access your WordPress admin panel anymore, reset your password via the “Lost your password?” link on the login page. If that’s not possible, WordPress support offers other ways to change your password.
  3. Contact your hosting provider in case they’ve been hacked or attacked.
  4. Update and secure all passwords for anyone who has access to the site.
  5. Change your secret keys. Here’s what WordPress support says about it:

    If they stole your password and are logged in to your blog, even if you change your password, they will remain logged in. How? because their cookies are still valid. To disable them, you have to create a new set of secret keys. Visit the WordPress key generator to obtain a new random set of keys, then overwrite the values in your wp-config.php file with the new ones.

  6. Backup your site: Even though you’ve been hacked, you’ll want to backup your site as is for analysis later. Make sure it’s labeled as a hacked backup.
  7. Scan your website for malicious code and remove it. Look for files that have changed recently or anything that’s out of place and remove it. There are WordPress plugins to help with this, but they might not catch everything. We highly recommend seeking a professional service for this – not just because we’re one of those services, but to ensure that you don’t delete something important and that all malicious code is properly removed. Sucuri offers an in-depth post on removing malware from a WordPress blog if you want to tackle this yourself. Also, the hackers may have left backdoors on your site. Try to identify how the hackers got in. If your site was out of date, then you can pretty safely assume that is how they got in, but take note so that you make sure you close off the hole.
    Restore a backup: You could also restore a backup that you know is safe, and re-upload your theme and plugins through the FTP to make sure those are secure. You’d, of course, have to replace any content that wasn’t on the site at the time the backup was saved. Make sure that you remove any corrupted backup files, so you don’t accidentally restore them in the future.
  8. Update any out-of-date software on the site (WordPress, plugins, themes, etc.)
  9. Download and replace all of the core WP files.
  10. Change your WordPress passwords again.
  11. Change the database password.
  12. Change your FTP password.
  13. Rescan the site to ensure that it’s clean.
  14. Save another backup of your site.
  15. Secure your site so it doesn’t happen again.

my website has been hacked - now what? | WhatArmy

Secure Your Website from Hackers

We want to go into a little more detail on that last one since it’s so important for preventing a hacked website in the future.

WhatArmy Service Director Chad Lord offers some simple tips on securing your site:

  • The simplest way to prevent a website hack is to keep everything up to date and to have strong passwords.
  • Make sure you know what you are responsible for updating. For example, if you are hosted on a server, you may be responsible for more than you expect or know.
  • If you are using WordPress, install updates as they are released.
  • Use a local security/antivirus scanner, and if you believe you are any kind of a target, also implement a proxy firewall (such as CloudFlare or Sucuri)
  • Don’t leave backup files on your site.
  • Follow best practices for hardening your site.

Also, download our website management checklist to help keep your site secure.

Once you’ve removed all of the malicious code and protected your site, there are still some follow-up items to address.

My Hacked Website is Clean and Protected. Now What?

Now that your site is clean and secure, there are a couple other costs of a hacked website to take care of.

  1. QC your website. You’ll need to go back through your site content to fix anything that broke during the website repair. This often includes missing images and broken iframes.
  2. Make sure you aren’t on any search engine blacklists. When Google detects evidence of a website hack, it puts a warning in your search result that says “this site may harm your computer” or “this site may be hacked.” Log into your search engine webmaster accounts to see if you have any warnings. If you do, Google has set up a website hack help page to help you get your search cred back.