I’ve Been Hacked! Now what?

The first thing that most blogs and articles say in response to a search about getting hacked is ‘DON’T PANIC’ – this is truthful but very unhelpful advice.

Finding that your website has been hacked is stressful. There are no ‘if’s or ‘but’s about it. Hacking doesn’t discriminate! It can (and does) happen to anybody. We’ve been there ourselves, and we’ve helped several clients deal with the ordeal of finding their website hacked. It’s one of the unfortunate realities of having a website and it’s something that we all just have to be equipped to deal with.

Whether you’ve loaded your browser to discover your website is missing, altered with advertisements, is redirecting to a spam site, or maybe you’ve even been unlucky enough receive the Google “red page of death”, the result is unpleasant enough to send anyone into a tailspin.

Now what!? What steps should you take to fix the hack?


Here are some questions and steps to help you resolve the problem:

Can you login?

If you have admin access and your site is on WordPress, check to see if you can still login to your website’s dashboard, or if the login page has been removed. If you can login, check immediately to see if any users have added themselves. If they have, remove them immediately. Reset all of the real users’ password keys immediately. Important note for security: while catchy, easy to remember passwords might be gentler on your brain, they’re also much simpler to hack. It’s best to use a password generator.

If you can’t login, don’t worry. It’s not as bad as it may seem. This happens more often than you may think. Follow these steps to reset your password. There are tools like phpMyAdmin that can be used to log into your database.

Do you need help?

Now it’s time to consider if you need some help. A reasonably savvy person can take steps to fix the problems themselves, but if you’re not comfortable with the technology, trying to fix the problem while under stress probably isn’t worth it. If the idea of logging into check the php yourself is too daunting, getting help is advisable.

A professional, like one of the website gurus on our team, can help and the investment is modest compared to the amount of stress and hassle that the hacking is causing you.

Can you locate infected files?

Scan your website to check for any infected files. You can use a plugin to do this. Find and remove the hack. This is where a professional really comes in handy. While you might think that you’ve located the hacked file, more than one file may have been hacked and it can be hard to detect.

Have you been keeping regular backups?

If you haven’t been, lesson learned! Once the problem has been resolved, make sure to backup your website regularly. If you have been backing up, you might consider restoring a previous backup. Either way, take a backup of whatever you have left, just to be safe.

Is your personal computer infected?

Scan your own computer with an anti-virus/malware check to make sure that a virus hasn’t infected your machine.

Has Google put up a warning?

Almighty, omnipresent Google will probably have detected a problem on your website in one of their routine scans. Once you’ve fixed the problem on your site, you’ll need to let Google know that it’s been resolved. You need to create an account with Google Webmaster tools. Follow Google’s steps for reconsideration.

Whether you’ve just been hacked or you’re reading up on website hacking just in case it ever happens to you, it’s advisable to build a relationship with a website professional who can help you with site security. For information about our backup and security packages, please contact us and we can have a chat about your unique website.



About the Author

Reesa is an art school taught / self taught / eyeballs taught designer based in Toronto, Canada, and is the Owner and Principal of Ballyhoo Design. If you like this post, then you may also enjoy more marketing tips and trends via the Ballyhoo newsletter.

Subscribe to get The Goods.