How to Check if Your Website Has Been Compromised

Before taking action to clean your website, you need to confirm whether it has been breached.

The signs indicating that a website has been hacked vary and may even be invisible, depending on the type of attack. The following is a list of common indications that a site has been compromised:

• Alerts about hacking from browsers and search engines.
• Links redirecting to shady websites.
• High volumes of traffic from other countries.
• Defaced or broken webpages.
• Slower load time than usual.
• Google blocklist warnings.
• Sent emails end up in spam.
• Website takedown by hosting provider.
• Unsavory advertisements.
• White screen of death.
• Random code fragments appearing on the header or footer.

Plenty of website checkers like Sucuri SiteCheck, DeHashed, and Have I Been Pwned? are available to confirm your suspicions. We recommend checking your website with more than one tool for more accurate results.

10 Steps to Fix a Hacked Website

Once you have confirmed that your website has been hacked, take action to fix it. The following steps will guide you through the process of recovering and fixing your hacked website.

1. Stay Calm and Don’t Panic

There’s no reason to panic – hacked websites are generally recoverable. Reacting emotionally without calmly evaluating the situation may lead to more harm than good.

Therefore, remain composed and proceed to the next step.

2. Change Your Passwords and Review Access

Brute-force attacks are some of the most common cybersecurity threats. Hackers attempt to guess the admin account’s password using various combinations of letters and numbers.

Changing all of your passwords will revoke hackers’ access to your website and prevent them from compromising other accounts and causing more damage.

Here’s a checklist of the accounts the passwords of which you’ll need to reset at the soonest opportunity:

• Hosting account.
• FTP accounts (primary and secondary).
• Content management system admin account.
• Databases (do so via the database connection file).
• Email accounts associated with the hacked website.

Besides changing all your passwords, we also recommend reviewing website user access privileges. If hackers manage to enter the site using an admin account, they will have full access to all the administration features.

3. Create a Backup of Your Website

Your website might have been hacked, but it’s still functional and has all the important data. By downloading a website backup, you’ll be able to re-upload this website version and redo the cleanup process should it fail the first time.

4. Trace Back Your Actions

Most hack attempts happen after a website undergoes some changes, creating new vulnerabilities to exploit. By tracing back your actions, you should be able to identify the source of the security issues much faster.

Narrow down the time window by checking your web logs for a sudden spike of traffic. Then, inspect your access logs and error logs through your hosting control panel to identify any suspicious activity or errors that occurred within the suspected time frame.

After figuring out the time the hack occurred, examine all the changes you made before it. In WordPress, malicious code usually enters the site through new files introduced by plugins, themes, and WordPress core installations.

5. Investigate Recent Breaches Online

Even popular software may suffer from security breaches. Keeping yourself up-to-date with cyber security news will help you find the vulnerabilities much easier and remove faulty software before it can wreak havoc on your website.

Here are some of the best cybersecurity websites our security experts recommend:

• Hacker News ‒ provides hacking news.
• WP Hacked Help Blog ‒ offers WordPress security tips on hacked website repair.
• Daniel Miessler ‒ publishes articles and tutorials about website security and technology in general.
• IT Security Guru ‒ focuses on cyber security, cyber crime, and ransomware.
• Security Weekly Blog ‒ provides weekly updates on cyber security in the form of live streams.

6. Talk With Your Hosting Provider

If your hacked website runs on shared hosting, the source of the security issues might originate from another website on the same shared server. In this case, cyber attacks could also target your hosting account.

Contact your hosting company to check whether the other websites on the same server have also been attacked.

Most web hosts also provide users with access to web logs, allowing you to monitor website visits. If server access logging is disabled by default, get in touch with your hosting provider or enable it manually.

7. Investigate with Google Blocklist and Spam Blocklist

If Google detects suspicious or dangerous activity on a website, the search engine will likely block it. When a website gets blocklisted, it won’t appear on search results to protect visitors from potential malware.

Check whether your website ends up on Google Blocklist using Google Search Console. The warning will appear in Security Issues under the Security & Manual Actions section.

Google Safe Browsing is another tool you can use to check your website’s status. It will let you know whether the site is safe to visit.

If you don’t have access to the DNS zone editor, examine your website traffic via Google Analytics. Having a sudden drop in traffic will be a solid confirmation that Google has blocklisted your website.

Besides Google Blocklist, your website might also appear on the anti-spam database. Internet service providers, mailbox providers, and anti-spam platforms use spam blocklists to prevent spam emails from entering their system. Emails from IP addresses listed on this blocklist will be blocked or end up in the spam folder.

Clarify whether your domain is listed on the spam blocklist using domain health checkers like MxToolBox and Domain DNS Health Checker. Besides giving insights into the domain’s status, these tools can pinpoint issues related to your web server, mail server, and DNS.

8. Reset Your .htaccess File

.htaccess is a file containing high-level configuration setups for a website hosted on the Apache Web Server. For this reason, .htaccess is a popular target of cyber attacks.

Some of the most common .htaccess file exploits include:

• Redirection from search engines to malware.
• Redirection from error pages to malware.
• Malware attachment to PHP files.
• Information disclosure.
• Browser fingerprinting.
• Watering hole attacks.

Disabling and restoring your .htaccess file to its original version might help troubleshoot the security issue. Additionally, change its file permissions so that only certain users can access it.

9. Examine Your Website and Fix the Vulnerability

Security vulnerabilities aren’t always visible to administrators. We recommend using website scanning tools to double-check your entire website for vulnerabilities and fix them.

Use a Scanning Plugin or Tool

WordPress users have access to various free and premium security plugins, most of which can scan your website for compromised files and detect any malicious code.

We recommend using plugins when recovering a hacked WordPress website, as they help avoid misconfigurations that will worsen the situation. However, ensure they are reputable and up-to-date. 

Scan Your Files and Database Tables Manually

Another way to detect and remove malware from your site involves scanning the website files manually.

Follow these steps to scan website files manually:

1. Download all the files via your hosting control panel. Hostinger users can download website files through the Backups menu in CPanel.
2. Perform a full scan of the files with your chosen antivirus software.
3. Resolve all the detected issues.
4. Upload the clean website files to the server.

Next, clean up your database tables through phpMyAdmin. Remove any records containing suspicious code as well as new records you don’t create. The easiest way to start is from tables that manage existing pages and posts (wp-posts and wp-options tables in WordPress).

Hire a Cyber Security Expert

Website owners who don’t have technical knowledge may find the previous methods difficult. If this is the case, it’s best to entrust your hacked website to a cyber security expert. This method may be more costly than the other two, but it guarantees a successful cleanup and restoration of your website. CONTACT US