Recovering from a hacked website

Learn how to recover from a hacked website and prevent future hacks.


Overview

If your website has been hacked recently, review the recommended steps below to recover a hacked website and prevent future hacks.

Recovering from an attack

  • Request details about the hack from your hosting provider including how they believe the site was hacked.
  • Request your hosting provider remove the malicious content placed on your website.
  • Resolve site warnings in Google Webmaster Tools and resubmit your site for Google’s review once the hack has been resolved.

Preventing and mitigating the risks of a future hack

To reduce the probability of future hack, take the following actions:

Always update your Content Management System (CMS)

If you’re using WordPress, for example, ensure you’re on the most recent version of WordPress. CMS platforms push out updates to address known vulnerabilities. Always upgrade to the latest version when it becomes available.

Ensure your plugins are updated

If you’re using plugins or extensions on your website or CMS, keep them updated.

Activate Cloudflare’s Web Application Firewall (WAF) 

Customers on a paid Cloudflare plan can activate the WAF to challenge or block known malicious behavior.

Secure your admin login

Many hacks are due to brute force attacks on login pages. Review services like Clef or Brute Protect to help secure your site from attacks designed to target CMS platforms like WordPress.

Backup your site

If your site becomes hacked, avoid losing valid content by using a service like CodeGuard to restore your site from a backup.


Related resources

Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.

Powered by Zendesk