Discovering your website has been hacked is alarming, but panic leads to mistakes. Work through these steps in order — or call us and we will handle it for you.
1. Don't delete everything yet
Your first instinct may be to wipe the site. Resist it. You need the compromised files to find how the attacker got in, otherwise they will simply return. Take a backup of the current (infected) state first for evidence.
2. Take the site offline or into maintenance mode
If malware is being served to visitors, put the site into maintenance mode to protect them and your reputation while you work.
3. Change every credential
Reset passwords for hosting, the CMS admin, database, FTP/SSH, and email. Attackers often leave multiple ways back in. Enable two-factor authentication everywhere it is offered.
4. Find and remove the infection
Scan for malicious files, recently modified files, unknown admin users, and injected scripts. Remove the malware and any backdoors, then update every plugin, theme, and core file to close the vulnerability that was exploited.
5. Restore from a clean backup if needed
If you have a known-good backup from before the breach, restoring it is often the fastest path — followed immediately by updates and credential changes.
6. Get off Google's blocklist
If Google flagged your site, request a review through Search Console once it is clean. This restores the "this site may be hacked" warning back to normal.
7. Prevent the next one
Hacks almost always exploit outdated software or weak passwords. Ongoing updates, daily backups, malware monitoring, and a firewall stop the vast majority. See our guide on website security basics.
Need help right now?
We offer hands-on hacked-site recovery and malware removal, then keep you protected with managed maintenance and security. Contact us or call and we will get you back online safely.