What To Do If Your Website Or Blog Has Been Hacked

Ads by Google

what to do if website hackedEveryone wants to think that they won’t be hacked. Usually, they’re wrong. You don’t need to tempt fate by insulting Anonymous or documenting a particularly lulz-worthy obsession. Some hackers try to crack into websites at random as a badge of honor or to advertise their skills, so every site is at risk.

Small sites are particularly vulnerable. Joe Q. Blogger isn’t a security expert and, yes, may neglect to upgrade WordPress every now and then. So what happens if you blog does end up hacked?

Take A Breath

If you’re reading this, there is a chance that you just found out your site has been cracked like an egg. Take a deep breath. You can often recover from the damage that’s been done and it’s entirely possible that the problem exists not with you, but with your web host.

Check With Your Web Host

what to do if website hacked

Hackers don’t need to go after your specific site to deface it and, if they don’t hold a grudge against your site specifically, they often don’t. Instead they go after web hosts, looking for weak spots that allow them to deface hundreds or thousands of sites at a time.

I’ve personally experienced this. Someone hacked the web host of an old blog and caused every site on that specific server to re-direct to a “You’ve been hacked!” page complete with an instant messenger contact, presumably so the hacker could try and scrape money from alarmed site owners looking to reverse the damage.

Email or call your web host and see if they’ve come under attack. If so, there’s not much you can do besides wait. It’s rare for a broad attack against a host to wipe out data permanently, so your site should be back to normal shortly.

Survey The Damage

if website hacked

Ads by Google

If your site has been specifically targeted, the damage is likely to be more severe. There’s still a good chance that the hacker will have only changed a few files in order to re-direct to a “You’ve been hacked” page, but loss of data is not unheard of.

Look at your file structure and see if anything is missing. Also open up configuration files for your blog and/or website and scan them for changes to their code. This is where a local backup becomes handy. You can use the local copies for comparison with the ones on your web host, which makes spotting changes to the code infinitely easier.

You may at this point wish to back up your site’s current state (make sure you don’t overwrite your existing backup!) This will give you time to look over the files later while minimizing downtime for your site.

Restore Your Website

If the problem is not your web host, restoring your site is up to you.

With a blog there’s an excellent chance that the attack only reached as far as your configuration files. This means that once you are able to restore those files your blog should work the same as before without any loss of content.

A website could be a different matter, depending on how you’ve structured it. Restoring your website may be as simple as drag-and-dropping files from your backup to your web host’s server using an FTP client. It depends on how you’ve built the site – and since you built it, you probably know better than me.

If your database information has been compromised you will need to restore that, as well. Once again, a backup is invaluable and will turn a potentially crushing blow into a small setback.

Without any backups, your options are limited. Try Google Cache if you’re desperate. Any content that has been up for a week or more should be available, but you will still need to restore the rest of your site from scratch. Once again, blogs are easier. A re-install of WordPress can be accomplished in just a few minutes.

Update Your Security

what to do if website hacked

Once you’ve restored your website it’s important to make sure that it is secure. It’s possible that the hack exposed your passwords or introduced hidden code that can be used later as a backdoor. To ensure security, follow these steps.

  • Look through your site’s files to find any new code that has been introduced. If you don’t have time for that and have a local backup, use the local backup to overwrite the files on your web host.
  • Change all passwords. This includes the account you have with your webhost, CPanel (or any other back-end) and any databases on your web host. If the password you used for your site was the same as the password used by other accounts (such as your email), change them as well.
  • Run a malware scan on your PC and make sure a firewall is active. It’s unlikely, but possible, that the hack was made possible by a trojan on your local machine.
  • Update the software used by your site to the latest version. This will ensure that known exploits are patched.
  • If you’re feeling paranoid, try an intrusion detection system such as Tripwire or Snort. This is getting a bit far up the skill ladder, however, so implementing this probably is not worthwhile unless your site is popular.

Conclusion

As is often the case with computers, preparation goes a long way. If you have no backups of your database or critical files, a serious hack is going to leave you scrambling through cached webpages to find lost content. It’s a time consuming and unpleasant experience that will cause casual bloggers to give up and quit.

Backing up doesn’t take much time. We have several articles about it on MakeUseOf including a guide to automatically backing up WordPress and a guide to backing up large SQL database files.

Have you ever had your site hacked into?  What precautions had you taken to get your site back up and running as quickly as possible? Let us know in the comments below.

Ads by Google
Comments (10)
  • Terry

    What to do after the clean up?

    One of my sites was hacked recently. Malicious code and files were discovered during the clean up. I then started looking for some method of protection against this type of intrusion, but could find nothing suitable. So, I decided to write my own script. I’ve developed the script substantially since the hack and I’m now willing to share it in the hope that it will help protect other sites.

    The script will detect any file change on a web site and will email the results on discovery. It can be used to monitor 1 or many sites, all remotely. Full details are on my site: simplesiteaudit.terryheffernan.net

    • Terry

      Also, if you are a wordpress user, I can highly recommend Wordfence plugin. Search for it in plugins

  • Martha lee

    What if anything can be done if a former friend sets up a website for you then when the friendship ends locks you out and puts sex adds all over it. Other than outing them risking further attacks what can be done ?

  • ila

    my blog (blogspot) and my gmail is hacked..how should i do?

  • Beauty

    I have two sites. I have had incidents in which a couple of individuals have hacked into my computer just to alter my site and to just keep track of my site statistics and stuff. How do I protect myself from such occurrences? I am desperate. Thank you in advance. I just want to “lock” up my site from things like that.

    Sincerely,
    Beauty

  • Oren

    Good article about a real problem, you can also use Kyplex services, in addition to vulnerability assessment and daily antivirus we have a unique snapshot service using built in file versioning mechanism and interactive diff, you can actually see what was really changed in your database and apply to your database only required changes.

Load 10 more
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.