What to do if your website is hacked

Have you received a notification that your website might have been compromised?

You suddenly remember that strange attachment from your bank you unknowingly opened, or that plugin you’ve been meaning to remove.

Regardless of the cause, your next steps to repair and secure your website are extremely important to avoid any serious consequences.

Step 1. Restore your website from a clean backup

If you have clean backups of your website, restore it to a state before the hack occurred. This will remove any malicious code or changes introduced by the hacker.

Be cautious when restoring, as backups could also be compromised in some cases.

Ensure that you are updating a backup version from before the hack – this is not always possible.

Also, bear in mind that some content will need to be updated.

Step 2. Remove the malicious code

Your web hosting provider should have anti-virus software in place to maintain server health and security.

Contact your provider and ask them to run a virus scan to look for malicious code.

It is crucial for web developers to implement appropriate security measures and regularly audit their website’s code to mitigate any potential risks or vulnerabilities.

Step 3. Check for recent modifications or changes

It’s not uncommon for hackers to create backdoors for themselves.

Have a look around the back end of your website for any suspicious activity.

If you identify any vulnerabilities that were exploited, apply patches or updates to fix them.

This might involve updating or replacing vulnerable plugins or themes.

Step 4. Change your passwords

For safety, we advise changing your passwords and adding an extra step like two-factor authentication.

Make sure your passwords are complex and stored in a safe location.

Many password management tools also offer password generators to help you create safe passwords for each account.

Step 5. Update your CMS and plugins

Update your content management system (CMS) to the latest version.

If you’re using plugins, make sure these are updated as well as some will contain security patches against recent threats.

Step 6. Guard against future attacks

Prevention is key to avoiding future hacks, which is why it’s important to keep up to date with the latest website security trends.