How to Fix and Recover a Hacked Website?

How to Fix and Recover a Hacked Website?

Share This:

If you sense that your website or a client website under your control has been hacked, first and foremost, you shouldn’t panic. It is true that a hacked site has the potential to hurt you badly. It can hurt your business, damage your reputation, immobilize your life for a while and even cost you your customers. A hacker may also use an attack to steal critical data from you and then use it to blackmail you or sell the information to your competitors. The motive could different.

So, care should be taken to protect your website from hacking attempts. But sometimes despite your best efforts, your website may still get hacked. The following are some sequential steps that you should take to recover your website.

Steps to repair and recover your website

1. Check your computer first: The local environment should be scanned for any viruses first. If your computer is infected, it makes the job of hackers easy. First, get your antivirus updated.

2. Change passwords: You will have to change all the passwords that may have been compromised due to the hacking attack. You will have to change passwords in the control panel of your website, your network and also your database so that the hacker no longer has access to sensitive information. You should change cPanel passwords, FTP passwords and SSH password. Also if your website has multiple user acoounts, make sure to create new passwords for all users. A hacker may use his access to create new users. If you closely scrutinize the user account administration of your website, you may be able to identify the bogus user accounts and remove them.

3. Understand what exactly happened: You should first try to determine the nature of the attack. Did the attackers inject any new code, did they include a remote file or did they hack the cPanel? Is your website the only domain hacked or did other websites also fall to the attack in case of a shared web host?

4. Contact your web host: Most web hosts have the right tools, a support team with the right skills and specific information about the hacking attack that can help you identify the nature of the problems or find a solution. They can also provide backup support. If you are on a shared hosting service, other domains hosted may have been compromised as well. So a concerted effort will be needed.

5. Update your CMS and plugins: You should always use updated CMS platform and also use the latest versions of the plugins because hackers often find a loophole in versions that have not been updated.

6. Remove your site from blacklists: Many search engines including Google may balcklist your website if they find it hacked or infected by malware. In such a case, you will have to request them to remove your website from such a list because it affects your SERP or they may even remove your website from search index.

7. Take your site offline briefly: If you can’t fix the problems immediately, take the website offline briefly. It would prevent further damage by the hacker and also stop your users from getting a malware alert which can damage your reputation. Instead, display a 503 error message to inform the users that the website is temporarily unavailable.


A website can be hacked due to many reasons and in many ways. But you should always take steps that mitigate chances of an attack. Don’t make it easy for hackers to attack your website. If you are not confident with coding, consult a professional in case of a hacking attack.