Hacked site? 5 first steps you must take now to save your data

Category: Website maintenance | Author: global | Published: 04.12.2025. u 01:00h
Hacked site? 5 first steps you must take now to save your data

The moment you open your website and see a red screen with the warning "This site may be hacked", or even worse – ads for suspicious products instead of your content – is one of the most stressful experiences for any business owner.

Your first instinct is probably panic. Are my clients' data stolen? Will I lose my ranking on Google? How much will this cost me?

Stop. Take a deep breath.

A hacked site is a serious problem, but it is not unsolvable. Time, however, is the key factor. The faster you react, the less damage occurs to your reputation and search engine rankings. Hackers often don't target you personally; they use automated scripts looking for vulnerabilities in outdated add-ons (plugins) or weak passwords.

As an agency that has been dealing with the web for years, we have seen all kinds of attacks. That is why we prepared this guide for emergency interventions. Here are 5 key steps you must take immediately.

1. Stay calm and confirm the attack (Diagnostics)

Before you start deleting files, you must be sure of what is happening. Sometimes, a server error or a bad plugin update can look like a hacker attack.

Symptoms of a hacked site are:

  • Redirecting to other, suspicious websites.

  • New administrator accounts that you did not create.

  • Loss of traffic or a sudden spike in unknown traffic.

  • Browser warning (Chrome/Firefox) that the site is unsafe.

  • Your hosting provider has suspended your account.

If you confirm the attack, the first step is quarantine. If you have access, put the site in "Maintenance Mode" so visitors are not exposed to the virus. If the attack is severe, you might need to take it completely offline from the server temporarily.

2. Change all passwords (But not just for WordPress)

Hackers got in somehow. Most often, these are "compromised" usernames and passwords. You must immediately "lock the door" behind you.

This doesn't just mean changing the password for your site's admin panel. You must change:

  1. The password for cPanel/Hosting account: This is the most important level of access.

  2. FTP/SFTP passwords: These are often forgotten, and they represent a direct tunnel to your files.

  3. Database password (MySQL): This also requires updating the wp-config.php file (if you are using WordPress).

  4. Administrator passwords for all users: If you have multiple editors or administrators, reset everyone's passwords.

Tip: Use strong passwords containing a combination of uppercase and lowercase letters, numbers, and special characters. Never use the same password in multiple places.

3. Check and restore a Backup

This is where the difference between those who regularly maintain their site and those who don't becomes visible. If you have a clean backup of the site from before the attack started, you are at a great advantage.

Try to locate the freshest copy:

  • On your server: Most hosting companies perform automatic backups (daily or weekly).

  • Locally: Did you save a copy on your computer?

  • Via plugin: If you use backup tools, check cloud services (Google Drive, Dropbox) where the backup is stored.

Warning: Before restoring a backup, delete the current infected version of the site. If you just "overwrite" the files, there is a chance that malicious code will remain hidden in new folders created by hackers. Restoring a backup is the fastest way to recover, but you must be sure that the backup itself wasn't already infected.

4. System update and cleaning

If you don't have a backup, you have a harder job ahead – manual cleaning. Even if you restored a backup, you must close the "hole" through which the hackers entered. In 90% of cases, the entry point is outdated software.

What you must do:

  • Update Core: Whether you use WordPress, Joomla, Drupal, or OpenCart, install the latest version immediately.

  • Update all plugins and themes: Delete any you don't use. Old, inactive plugins are a favorite target for hackers.

  • Scan the site: Use security scanners (like Wordfence or Sucuri for WordPress) to find infected files.

  • Check the .htaccess file: Hackers often change this file to redirect traffic. Check if it contains suspicious lines of code.

5. Removal from blacklists (Google Search Console)

When you are sure the site is clean and safe, it's time to regain trust. Google and antivirus companies may have already placed your site on a "blacklist" to protect users.

  1. Log in to Google Search Console.

  2. Go to the "Security & Manual Actions" section.

  3. If you see a warning, select the option "Request Review".

In the request, briefly explain what happened and what steps you took to clean the site. It may take Google anywhere from a few days to a few weeks to remove the warning, so this step is urgent.

How to prevent this from happening again? (Better safe than sorry)

Recovering a hacked site is expensive, stressful, and time-consuming. The loss of trust from clients who saw a virus on your site is even more expensive.

The truth is that 100% security does not exist, but regular maintenance reduces the risk by 99%. Most hacked sites are those that were "abandoned" – not updated for months, without security backups, and with no one monitoring their status.

You don't have to go through this stress alone. Professional site maintenance means someone else worries about security, backups, and updates while you run your business.

Do you want your site to be secure, fast, and always available? Don't wait for the next attack. Check out our packages for website maintenance.

Tags: Hacked site Site security Virus cleaning Site maintenance

0 Komentara

Nema komentara.

Leave a comment