What to Do When Your Website Is Hacked: 9 Urgent Steps

What to do When Your site is Hacked

“Hey.. I think your website is hacked.”

There’s nothing quite like the comment above that sends business owners into a panic. Hackers can compromise your customer’s private information, your business’s credibility, and can burn a gaping hole in your wallet.

Instead of crossing your fingers and praying hackers stay away, why not prepare yourself with a plan? Here are 9 urgent steps you should take if your website has been hacked.

STEP 1: Make sure it’s actually hacked.

Are you sure your website has been hacked? One of the best ways to check is by visiting:

[su_note note_color=”#ebebe8″ radius=”1″]http://www.google.com/safebrowsing/diagnostic?site=your website here [/su_note]

If there’s something fishy going on, it won’t take Google long to sniff out the problem and post a warning.

STEP 2: Contact your support team.

For most people, a website support team will include a web developer and/or web hoster. This is why it’s smart to choose a web developer who cares about your success long after your website launch!

STEP 3: Give your support team necessary information and credentials.

Gathering the following ahead of time will allow you to speed up recovery if problems arise.

  • Website admin login
  • Hosting login
  • Backups (Really important.. Make sure to have backups in place before anything happens.)

STEP 4: Force a global password reset.

Besides forcing a global password reset, you should clear any users that are actively logged into your website.

STEP 5: Temporarily take your website down.

Taking your website offline will prevent the hacker from exposing visitors to spam and interfering with your solution. If you’re concerned about the effect this will have on SEO, note that Google says:

‘It’s unlikely that taking your site offline intermittently/temporarily during the recovery process will affect future ranking of your site in search results.’

STEP 6: Check the Google Search Console.

Assuming you’ve already verified ownership of your website with the Search Console, at this point you should login and check whether your security issue is spam or malware.

Webmaster Tools > Message Center > Security Issues

Different security issues involve different recovery steps. After you’ve narrowed in on whether the hacker has used spam or malware, your web developer should be able to identify the right solution.

STEP 7: Identify your vulnerability.

The cause of most hacked websites can be traced back to one of two weaknesses.

  • Passwords. Through brute force attacks, keystroke logs, SQL injection, and other methods, hackers eventually find the correct password and break into your website.
  • Structural issues. These can be a bit more difficult to pinpoint, in this case thorough testing is involved.

STEP 8: Change your passwords.

Although, as we mentioned, passwords aren’t always the cause of all security issues, using a strong password remains important. Password generators like LastPass are free and allow you to always use unique passwords without having to remember them.

STEP 9: Prevent future attacks.

Prevention is always preferable to recovery. It takes more than crosses and garlic to ward off bloodsucking hackers, start by learning how they hack. See more here: How to Stop Hackers: Website Security Basics

Share on Twitter

Ready to increase your success?