What To Do When Your Website Is Hacked


On average 30,000 websites are hacked every day and almost 64% of the companies worldwide have faced cyberattacks at least once. Also according to some reports, an average website is attacked 44 times per day by hackers. So if your website is hacked, do not stress much as it’s not the first time a website got hacked. Websites have faced cyberattacks in the past and recovered from them.

But you should not delay the recovery process as that could cause you a lot of harm to you and your website users. Today in this blog, we will tell you what you can do if you suspect your website is compromised or hacked and how you can recover your website to make it function again. Sit back, relax, and here we go…

Also Read: 10 Common Reasons For A Website Crash

Firstly know how it happened?

Before we move to the solution of a problem, we must analyze and understand  how the problem started first, because as they say, ‘sometimes the solution of a  problem lies in the problem itself.’ Here are a few steps you can consider to help you know if your site is really compromised or not –

1. Run a Malware Scan

Most websites have malware scanners these days for security. It helps you detect any malicious activity with your site. So if you are also having a malware scanner, run the scan and see what files are infected. Also, in the scan history section, you can check when your site got infected. After identifying infected files you can go through the source code and find the infecting code snippet.

2. SiteCheck

You can also use an external link to check any malicious activity on your site such as SiteCheck. Note any warnings, locations, payloads you receive.

3. Manual Check

Manually check your website’s files to see any modification or suspicious activity. You can also compare your site’s current version with the backup version (if you have) to notice changes.

Also Read: Top 5 Reasons Business Owners Need Website Backup

Things to do first:

1. Contact your Hosting Provider

Contact your hosting provider immediately. They can help you analyze the situation better. In case, you are not able to access Cpanel, they can help you change passwords too.

Also Read: Website Safety With Secure Hosting

2. Under Maintenance

Takedown your site from the internet for some time till the time you fix it so the hacker can’t mislead users much. You can put an ‘under maintenance’ notice for those trying to access your site.  Your Hosting Provider can help you with this.

Also Read: Website Development Checklist To Help Create Your First Website

3. Clean your website

After you have identified the infected files, clean all the files with the website security tool. The website security tool is very important for a website, so must have it.

4. Change Passwords

Change all the passwords. And all means ‘all’. You can also consider taking the help of your hosting provider for this.

5. Restore Backup

If you have a backup for your site that you know is not corrupted, you can restore that. If you do not have any backup, ask the hosting Provider once, they might have it.

Also Read: Ways To Backup A WordPress Website Without A Plugin.

6. Send Website for Review

Your website might have got blacklisted by  Google because of the infection. Send a review request to Google Search  Console. Again, your hosting provider can be a big help here. 

Depending on the level of threat, there are different procedures to follow. In the general case, these steps will help you identify and recover your website from any malware attacks. But if the infection has gone beyond, you might need to clear all your files from the server and database and might need to start fresh.  

But you shouldn’t stress right now. You must contact your hosting provider at the first stage and let them know about the attack.

Secure Website for future

The problem is not solved completely if you have recovered your site now. To protect your website from any future attacks, we suggest you follow these steps –

1. Fix the weakness

See what got you hacked in the first place and fix the weakness. Close all the doors for the thief to enter again. You should ensure all your passwords are strong and unique.

2. Install a security plugin

Building a beautiful house and not making a lock in the door? Security is always the first thing to worry about. So,  install a Security plugin with great user reviews to prevent your site from being hacked in the future. You can also refer to our article on Best Security Plugins for WordPress for this.

3. Update your website Software

Very basic but very important. Update your website software and always keep them updated to ensure better security as updated versions are more secure than the older ones.

4. Scan Your Computer

Scan your computer with the help of antivirus and keep it always infection-free. An infected computer can be the reason behind an infected website and the transmission of malware.

5. Backup your site

Always, always, always have a backup of your site in case of any attack situation. Security Plugins or your hosting provider can help you with this.

Read More: Best Practices To Secure Your Website


Firstly, just calm yourself. A balanced mind will provide more balanced solutions than an anxious one. Now just run a malware check or manually check your site to detect any malicious or suspicious activity. You can try comparing your backup version and current version to look for any changes. If you have identified the infected files, clean them with a website security tool. You might need to delete a few files.

Change all the passwords and credentials. Now,  restore a non-compromised backup of your site. If you and your hosting provider both don’t have any backup for your site and the infection is not curable then you might need to start from scratch. Always create a backup. Whatever happens, everything will come back to normal in some time. So, no need to be over-anxious for a temporary situation. So, go and recover your site with a calm mind and follow the steps above!