Discovering that your website has been hacked can be a devastating experience, especially if your site is used to connect with customers or generates daily income.
Don’t worry: with the right steps, you can recover your site and protect it for the future. In this article, we guide you through fixing the problem of a hacked website and preventing it from happening again, with practical tips and little-known advice.
What does it mean when your website has been hacked?
A hacked website is one that has been compromised by attackers who gain unauthorized access, modify content, steal data, or use it for malicious purposes.
This can manifest as redirects to suspicious sites, strange messages on your page, or loss of control. Understanding what happened is the first step toward recovery.
Signs that your website has been hacked
- Change in content: Text, images, or links that you did not add.
- Slow performance: Your site loads slower than normal or does not respond.
- Security alerts: Google marks your site as “not secure” or your hosting provider notifies you.
- Unauthorized access: You see suspicious login attempts in your control panel.
For example, in 2020, the website of a small online store in US was hacked, displaying ads for fake products. The owners noticed a 70% drop in visits before taking action.
Step 1: Identify and stop the damage
The first thing to do is limit the impact of the attack. Act quickly, but calmly, to avoid mistakes.
Change all your passwords
- Use strong passwords (minimum 12 characters, with letters, numbers, and symbols).
- Change your hosting, CMS (such as WordPress), and FTP credentials.
- Little-known tip: Use a password manager such as LastPass to generate and store secure passwords.
Put your site in maintenance mode
Activate maintenance mode in your CMS to prevent visitors from seeing malicious content.
In WordPress, plugins such as WP Maintenance Mode allow you to do this easily. This also tells Google that your site is temporarily out of service, avoiding SEO penalties.
Contact your hosting provider
Notify your hosting provider immediately. They can help you identify suspicious access or restore backups.
For example, Neolo offers 24/7 support for emergencies like this.
Step 2: Diagnose the problem
To recover your site, you need to know how it was hacked. This will help you clean up the infection and prevent future attacks.
Scan your website
Use tools such as Sucuri SiteCheck or Wordfence (for WordPress) to detect malware. These tools identify infected files or malicious code.
For example, Sucuri reported in 2022 that 60% of hacked sites had code injections in PHP files.
Check your access logs
Access your server logs (you can request them from your hosting provider). Look for unusual logins or recent file changes.
A little-known tip: Check the modification dates of files on your server with tools such as FileZilla; hackers often modify files such as index.php or wp-config.php.
Identify the vulnerability
Common causes include:
- Outdated plugins or themes in your CMS.
- Weak or stolen passwords.
- Lack of an SSL certificate, which facilitates man-in-the-middle attacks.
Step 3: Clean up your website
Once you’ve identified the problem, it’s time to remove the malware and restore your site.
Restore a backup
If you have a recent backup (hopefully you do!), restore it. Neolo Web Hosting, for example, offers automatic backups that you can use to revert to a clean version of your site. Make sure the backup is from before the hack.
Delete malicious files
If you don’t have a backup, manually delete the infected files:
- Compare your site’s files with a clean version (you can download a new copy of your CMS).
- Delete any suspicious files or code, such as unknown JavaScript scripts.
- Little-known tip: Look for strings like eval() or base64_decode() in your PHP files, as they are common in malicious code.
Update everything
- Update your CMS, themes, and plugins to the latest version.
- Remove plugins or themes you don’t use, as they are common entry points.
- Only use add-ons from trusted sources, such as the official WordPress repository.
Step 4: Strengthen your site’s security
Recovering your site is just the beginning. To prevent it from being hacked again, implement robust security measures.
Install a web application firewall (WAF)
A WAF, such as Cloudflare or Sucuri, filters malicious traffic before it reaches your site. For example, Cloudflare blocked more than 70 billion attacks in 2023 (source: Cloudflare Security Report, 2023).
Use an SSL certificate
An SSL certificate encrypts communication between your site and users, making attacks more difficult. Neolo offers free SSL certificates with its hosting plans.
Set up two-factor authentication (2FA)
Enable 2FA in your CMS and hosting panel. This adds an extra layer of security, such as a code sent to your phone.
Use apps like Google Authenticator instead of SMS, as messages can be intercepted.
Monitor your site regularly
- Set up Google Search Console alerts to detect security issues.
- Use tools like UptimeRobot to find out if your site is down.
- Check your server logs weekly for suspicious activity.
Step 5: Restore your reputation on Google
If Google has marked your site as “not secure,” you need to clean up yourreputation.
Request a review in Google Search Console
Once you clean up your site:
- Go to Google Search Console.
- In the “Security Issues” section, request a review.
- Google will verify your site within 24-72 hours.
Communicate with your users
If visitors saw malicious content, send an email or post a message on social media explaining that you have resolved the issue. Be honest and offer assurances that your site is secure.
Tips for protecting a website
- Disable PHP execution in unnecessary directories: For example, in WordPress, you can add a rule to the .htaccess file to block PHP execution in the /wp-content/uploads/ folder.
- Use a secure robots.txt file: Prevent hackers from scanning sensitive directories by blocking access with Disallow: /wp-admin/ (except for your IP).
- Change the database prefix: In WordPress, the default prefix is wp_. Change it to something unique, such as xyz_, to make SQL attacks more difficult.
- Restrict access to the admin panel: Use plugins like iThemes Security to limit login attempts and hide the login URL.
Frequently asked questions (FAQs)
How do I know if my website has been hacked?
Check for strange content, traffic drops, Google alerts, or emails from your hosting provider. Tools like Sucuri SiteCheck can confirm the infection.
Can I recover my site without technical knowledge?
Yes, but you will need help. Contact your hosting provider or hire a specialized service to clean up your site. A trusted provider with 24/7 support is Neolo.
How long does it take to recover a hacked site?
It depends on the severity. With a clean backup, you can restore it in hours. Without a backup, manual cleanup can take days.
What do I do if Google marks my site as unsafe?
Clean up the malware, update your site, and request a review in Google Search Console. Also, verify that you have an active SSL certificate.
Conclusion
Having your website hacked is not the end of the world. With the steps outlined above—identify the damage, clean up the site, strengthen security, and restore your reputation—you can regain control and protect your site in the long term.
Act quickly, use reliable tools, and keep your site up to date to avoid future problems. At Neolo, we are here to help you with technical support and tools such as free backups and SSL.