My Site Got Hacked What Should I Do?

If your website is under an attack, you will have to spend some time to get it back and make it secure to prevent from getting hacked again. Don’t worry you can get it back let me tell you how:

Check your hosting account is it locked?

If your hosting account is locked down by the service provider then you should immediately contact them and request them to unlock your account. Upon unlocking your account they will ask you to remove all the malicious data from your hosting account. After getting unlock you can take the following steps to recover from the attack or if your account is not locked yet keep reading.

How to find what happened to your website?

Whenever you face any issue with your website you can contact your hosting provider and they will let you know about the problem. Most probably the hosting provider will tell you about the malware files on your account and will guide you for removing them or you can take help from your google webmaster account it will give you the exact details and urls about where the files are being placed in your hosting account.

Change All your passwords

First of all before doing anything you need to change all passwords which gives access to your website data such as cpanel, wordpress login or admin login and ftp to prevent the attackers to access it again. If you were using an easy password make it more secure you can use Secure Password generator to create a secure password.

How can i remove the Malicious files?

Well, you need to login into the cpanel of your site ( then access the file manager and remove the malicious data but be careful and don’t delete important files which are being used by your website.

Sometimes when you are using pirated templates and scripts they contain the virus or links to the viruses in such case you should try to remove that theme completely and install the original one because if you are not the development guy it will take lots of time and effort to find the infected files and removing the small virus containing code snippets.

I Have deleted the files but warning is still appearing?

Its because search engines like google don’t know you have taken the necessary measures to remove the virus/malicious data from your site. After removing the virus files from your website data you have to request Google to review your site again. You can request and let Google know that you have taken the necessary measures and removed the malicious data and made your site secure from your Google Webmaster account. Hopefully your website will be out of the warning stuff in 72 Hours.

What should i do to prevent my site from being hacked again?

Attackers are always in search for the weak targets and they will not give you a chance if you will not take your site security seriously. Your online identity and website is important right? Then its security is more important let me tell you a few points you can consider implementing for preventing your site from being hacked.

Install Security Applications and Plugins

If you are using wordpress you can install security plugins like All in one security, Sucuri or Bulletproof Security and configure them carefully to make your site secure and unhackable.

Keep All your stuff updated

If you are using content management system like wordpress,drupal or joomla, their developers are continuously fixing bugs, updating and securing their management systems and provide updated version regularly so you can be secure. You should keep a check on the new releases and update your content management systems and plugins regularly.

Monitor Regularly and Have Website Backup

Your website is your property which needs your continuous attention so you should often check your website to see if it is working fine or having errors so you can fix them. Its really dangerous if you are not having backup of your site because whenever something happens to your site you can easily restore your site from the recent backup. You can take weekly or monthly backups it's upto you.

Secure Your admin section

Attackers are having softwares and scripts which can easily detect the most commonly used paths or urls to access your admin section such as for the wordpress platform. You have to make it secure and undetectable and use different words and urls to be on the safe side.

Remove Auto Fills

If you are having an auto fill on then you are opening the way for attackers to catch your login information. Don't save your passwords and keep auto fill off to be secure.

Don't use pirated themes and scripts

When you are developing your site or having one already please make sure you are not using any pirated theme or script because most of them contains a virus which can harm your website or do strange things like redirects always use the original source files provided by the developers and keep them updated.