A hacked website is really frustrating for both your business and visitors to your site.  Removing a hack can also be time-consuming. Read further for more information on what to do if you suspect your site has been hacked.

How do you know if your site has been hacked?

If you’ve seen in a browser “This site contains malware” or “The site ahead contains harmful programs” in connection with your site, there’s definitely a problem. To check further, go to https://sitecheck.sucuri.net and enter your domain name.

  • If your website’s been hacked, you’ll see a warning here.

  • No warning? It’s less likely (but still possible) that your website has been compromised.

What should you do next?

The first thing you should do if you suspect a hack on your website is to change your passwords. If you are using WordPress, log into the admin panel and change your password. You should also log into cPanel and change your password there as well.

Restore from Backup

Next, if you have your own copy of your website files, you should remove the files currently in your account and restore your backup files to your account. Once the restored files are added to your account, repeat the scan at https://sitecheck.sucuri.net and see if the warning remains.

If you do not have a backup of your website files, you can reach out to our support staff and provide us with the last known date the site was functional and we can attempt to locate a backup for you. Host backups are not guaranteed so it is important to be sure you keep a backup of your own.

What if the Hack remains?

It’s nearly impossible for anyone to reliably remove malware from a website by hand. If you are using WordPress we would recommend purchasing our security package which would include malware and exploit removal by our WordPress experts.

If you are not using WordPress, please reach out to our Support staff and we can review further and offer options.

Review

Once the site is back to a functional state it is important to first, make a current backup, and then review the site to determine what could have caused the weakness to allow a hack to occur. This includes resetting passwords frequently and checking for the latest software versions.