Your Website Was Hacked… Here’s How to Fix It

Your website was hacked and taken offline. Or worse yet, hackers gained access to your site and used your server to spread malware to your customers. What can you do to fix your website and get back on the right track?

A compromised website takes many by surprise. Imagine a customer calls and says your website was defaced. Or imagine you start getting alerts about your business website. Imagine your bank contacts you and says your site is processing fraudulent transactions. Or imagine you get a call reporting that your customer information has been leaked to the web.

If your website is hacked, your reputation could be damaged. Your business will be at risk. You have to respond quickly.

You must notify your customers and fix the hacked site fast.

How do attackers gain access to websites?

Hackers constantly probe websites for vulnerabilities, weak passwords and unpatched software. Automated programs, known as “bots”, probe sites for exploits.

Other bots scan sites and test for weak passwords.

Together, these bots help build a database of sites that may be vulnerable to attack. Once your site is known to be vulnerable, an attacker will launch their hack.

An attacker will most often gain access to a website by way of an unpatched software vulnerability. Computer software is far from perfect. Hackers, researchers and programmers often find bugs in code. Malicious parties exploit these bugs to forces crashes and finally hacks.

Now that you understand how your website could be compromised, let’s learn how to fix the problem.

How to fix your hacked website

Take site offline immediately

To prevent damage to your brand and reputation, contact your web developer and take your site offline immediately. Better to have nothing there, than a fraudulent or malware-infested site.

A possible short-term solution is to redirect your site to a simple HTML page on another server. Inform your visitors that your website may have been compromised but that you are working to protect their data and fix the problem.

Restore from backup

Develop a timeline of events. You can determine when hackers breached your site by looking through backups and seeing when code files change. Use a tool like WinMerge or KDiff to compare backups.

Restore your site to the newest backup before your files were compromised.

If you make a lot of changes to your site, you might lose work restoring to a backup. Losing work is always painful, but the fix is much less painful than getting breached again.

Don’t have a backup? Most web hosting companies offer automated backups of websites, at least once a week. If you don’t have a backup, you can still recover. But you must be more careful in scanning and cleaning your website files.

Change all passwords

Once you restore your backup, immediately change your site passwords. Force password changes for all accounts on your site, especially users with administrator or editor access.

Also change your hosting account passwords.

If you determine that your website breach was due to a compromised password, check your computers and devices. Consider using a password manager.

Review users and permissions

Audit the accounts on your site. Remove unnecessary or outdated accounts. Check that your accounts have appropriate levels of permissions. Do not allow more permissions than necessary for a given task.

For example, a user that primarily writes articles for your site should not have full admin access. Only give the required minimum access to complete a task.

Segment your users by function. The accounts you use for admin functions should remain separate from your editor and author accounts.

Scan your website for malware

An external malware scanner will check your site for malware as it appears to a site visitor. However, a server-side, or offline, malware scan can deeply review the source code for your site.

Some external malware scanners scan your site for free. For a deep, server-side scan-and-clean, think about paying for a solution. Securi and Malcare offer support for WordPress and other popular content management systems.

Your budget and business needs will determine the scan you choose. (some web hosting companies will automatically scan your server-side code for malware)

Update outdated plugins and software

Most hacks take place because of unpatched plugins or outdated software. Make sure to update all your plugins. Update your web content management software.

Using WordPress? Turn on automatic updates for your plugins. Enable automatic updates for core site files. If you have control of your server environment, make sure you use the most recent version of PHP available.

Remove unnecessary plugins and old code

The more plugins and functions you add to your site, the larger your attack surface. Determine the plugins and code necessary to provide essential functions to your customers / site visitors. Review old code and remove what you don’t need.

Eliminating unnecessary plugins and old code will help secure your website. Doing so can also help speed up your website.

Secure and limit logins

Secure your login pages with a captcha code or multi-factor authentication. Limit invalid login attempts to a set rate. If a hacker or program attempts to log on too many times or too quickly, your site should automatically lock the origin.

Don’t try to reinvent the wheel. Captcha codes, multi-factor and login limiting are best accomplished with modules or plugins.

Set up monitoring and intrusion detection

Choose an up-time monitoring solution for your site. A monitoring solution will notify you if your site goes offline or starts returning error codes and defaced pages. Hosted solutions include UptimeRobot and Site24x7.

Staying updated on your site status will help you remediate damage and respond quickly should a hack happen.

Check your backups

Make sure you have a valid backup of your website at least once a week. Most web hosting companies offer once-weekly backups, included with all hosting plans.

If your host doesn’t offer at least weekly backups, think about upgrading to a better host.

You can also perform manual backups of your site. Download the database and files to your computer and save offline. In certain cases, you might find manual backups necessary.

However, automatic backups are a must for the ongoing security and continuity of your data!

Conclusion

A hacked website can damage your reputation and your brand. Your business will be at risk, and you’ll have to respond quickly.

Fix your compromised website fast. Take the hacked site offline and restore from a clean backup. Change your passwords. Audit your site users and their permissions. Limit and secure your logins. Scan your site for malware, and update your software and plugins. Detect and mitigate future attacks by setting up site monitoring. Ensure you have a working backup solution.

Was your site attacked? In the case of a hacked website, ComputerKick can help. We offer site security audits, risk management and free consultation. Contact us via email (help@computerkick.com) or on Telegram (https://t.me/computerkick).