Website Hacked? Action Plan For Immediate Recovery

How to recognize a hacked website?

A hacked website can have various symptoms:

• Strange pop-ups or redirects to other sites
• Google warning "This site may harm your computer"
• Your website shows strange content (often in other languages)
• Website loads extremely slowly
• You can no longer log in to WordPress
• Hosting provider has taken your site offline

Most important action: DON'T PANIC and follow the action plan below.

Step 1: Isolate the damage (0-15 minutes)

Immediate action:

1. Take your site temporarily offline (via .htaccess or hosting panel)
2. Warn your visitors via social media that you're working on a problem
3. Change ALL passwords:
   • WordPress admin
   • FTP/SFTP
   • Database
   • Hosting control panel
   • Email accounts

Use strong passwords: minimum 16 characters, letters, numbers and symbols.

Check Google Search Console

1. Log in to Google Search Console
2. Look at "Security Issues"
3. Note which malware Google has found

Step 2: Backup the current situation

Important: Even a hacked site must be backed up before you start cleaning.

Via hosting control panel:

1. Download all files
2. Export the database
3. Store separately (not on your website server)

Why? If something goes wrong during recovery, you can go back.

Step 3: Scan and identify malware

Use malware scanners:

For WordPress sites:

• Wordfence Security: Free plugin with extensive scan
• Sucuri SiteCheck: Online scanner sitecheck.sucuri.net
• iThemes Security: Free plugin with malware detection

Manual checking:

1. Look for unknown files in wp-content/uploads
2. Check wp-config.php for strange code
3. Review recently modified files (last 7-14 days)
4. Check database for spam posts or strange users

Step 4: Remove the malware

Option A: Restore from clean backup

Best option if you have a recent, clean backup:

1. Remove all files from your server
2. Upload a backup from before the hack
3. Update WordPress, plugins and themes
4. Change all passwords again

Option B: Manual cleaning

1. Restore WordPress core files:

   • Download new WordPress version
   • Upload and overwrite all core files
   • DO NOT overwrite wp-config.php and wp-content

2. Remove suspicious files:

   • Unknown .php files in root
   • Strange files in uploads folder
   • Suspicious plugins you don't recognize

3. Scan database:

   • Remove spam posts
   • Check wp_users table for unknown admins
   • Review wp_options for strange settings

Option C: Professional help

If it gets too complicated:

• Sucuri Malware Removal (paid)
• Ask your hosting provider for help
• Hire a WordPress security specialist

Step 5: Secure your website

Update everything:

1. WordPress to latest version
2. Update or remove all plugins
3. Update theme
4. Update PHP version (ask hosting)

Install security plugins:

Wordfence Security (free):

• Firewall
• Malware scanner
• Login security
• Two-factor authentication

Security settings:

1. Limit login attempts (max 3-5 attempts)
2. Disable file editor
3. Hide WordPress version
4. Use SSL certificate (free via Let's Encrypt)

Step 6: Monitor and prevention

Monitor your site:

• Uptime Robot: Get alert when your site goes offline
• Wordfence: Daily scans
• Google Search Console: Check weekly for security issues

Good hosting choice:

Some hacks happen due to weak server security. Consider hosting with:

• Automatic malware scans
• Web Application Firewall (WAF)
• Daily backups
• Dedicated IP (no shared IP with spam sites)

Compare hosting providers on security features.

Make regular backups:

• Daily automatic backups (via hosting)
• Weekly manual backup download
• Test your backups regularly

Step 7: Inform Google

After cleaning:

1. Log in to Google Search Console
2. Go to "Security Issues"
3. Click "Request Review" after fixing
4. Google checks your site (can take 1-3 days)