What to Do If You're Hacked?
What to Do If You're Hacked
If you're concerned that your website may have been hacked, don't panic! There are steps you can take to help safeguard your site and get it back up and running. Below are some options you can consider based on your particular situation. If you have any questions or need additional assistance, please don't hesitate to contact us.
Wordpress
- Stay calm and don't let the situation overwhelm you. We're here to help you get your site back up and running as soon as possible.
- Run virus/malware software to identify and remove any malicious software from your computer systems. Try using multiple brands of software since some viruses may be adept at detecting malware software.
- Change all your passwords (including for web content software, email accounts, blogs, forums, and web hosting accounts) to strong and unique ones.
- Revert back to a previous version of your site if you're using version control and can identify the changes made by the hacker.
- Check your .htaccess files in the base folder of your site for any suspicious changes and revert them back to 644 if necessary.
- Secure your cPanel by changing your login password, removing any unused FTP accounts and email addresses, verifying email forwards, and checking for any records pointing away from your site in the Simple DNS Zone Editor section.
- Restore your site from a clean backup of Wordpress and re-upload your backed-up WP plugin if necessary.
- Update to the latest version of Wordpress after cleaning your site since older versions are more vulnerable to hacks.
- Implement recommended security measures to prevent future attacks.
- Regularly backup your site to avoid losing important data.
For more information on securing your Wordpress site, check out our blog post and our Securing Your Wordpress Site article.
Joomla
If your Joomla site has been hacked, here are some steps you can take to secure it:
- Take your website offline to prevent further damage.
- Run Joomla Forum Post Assistant and Security Tool to check for any security vulnerabilities.
- Run virus or malware software on your computer systems with FTP, Joomla super admin, and Joomla admin access to see if you can find the culprit.
- Make sure you are running the latest version of Joomla.
- Check your logs file for any extensions that have been targeted and remove them if necessary.
- Change all the passwords on web content software, email accounts, web hosting account, control panel, MySQL, FTP, Joomla! Super Admin, and Joomla! Admin password. And make them strong!
- Delete any infected files and replace them with new ones.
- Check images and replace all .pdf, image, or photo files that seem suspicious or exploitable.
- Use proper permissions on files and directories, They should never be set to 777. 644 for files and 755 for folders is ideal.
- Reinstall Joomla after everything is fixed to start fresh.
These steps can help you secure your Joomla site and prevent future attacks.
Spam
SpamBots can wreak havoc on your website by bombarding it with unwanted comments and form submissions. They can also exploit vulnerabilities in your site to send email spam, create fake accounts, and even hijack your email account. If you're dealing with SpamBots, here are some steps you can take to address the issue:
- Secure forms and comments, Add a captcha or other verification method to your web forms and comments to prevent automated spamming.
- Use a plugin or limit login attempts to prevent spammers from using fake accounts to attack your site.
- Make sure you're running the latest version of your CMS to take advantage of security improvements.
- Change your passwords for all web content software, email accounts, and CMS logins that may have been compromised.
- Use an image or other method to display your email address on your site to prevent spammers from harvesting it.
- Use your CMS's log files to identify suspicious activity on your site and identify the source of the spam.
General
If you suspect your account or website has been hacked, there are some general guidelines you can follow to help remedy the situation. Check them out below:
- Update all web content software and content management systems to the latest version and check for any un-patched exploitable bugs to ensure there are no issues running them.
- Check all modules, plugins, add-ons, themes, and extensions for your web content software and content management systems to ensure that there are no un-patched bugs, and they are updated to the latest versions.
- Run virus and malware scans on all computer systems used to access the account before changing passwords to ensure your passwords haven't been stolen.
- Change passwords for affected email accounts, web content software accounts (especially admin users on blogs, forums, portals, and other similar software), and web hosting account passwords. Make sure to choose strong passwords! Check out these tips on setting strong passwords.
- Check all email accounts, subdomains, add-on domains, and parked domains in your cPanel account to make sure there are no erroneous entries or changes.
- Verify that the content of your hosting account has no abnormal files or directories, and that your .htaccess files exist as they should. Also, ensure that the content of any dynamic scripts, such as PHP, is installed and operating correctly.
- If you have any questions about these steps or want to check with us about the status of your account, please submit a ticket.
Updated on: 23/11/2023
Thank you!