Discovering that your website has been hacked can be stressful, but the good news is that there are clear steps you can take to regain control and secure your site.

This guide walks you through what to do next.

Signs your website may be compromised

Some common indicators include:

• Your website has been replaced or defaced
• You’re seeing unfamiliar content, ads, or redirects
• You can’t log in to your website or admin area
• Your site is flagged by browsers or search engines as unsafe
• Emails are being sent from your domain without your knowledge

If you notice any of these, it’s important to act quickly.

Step 1: Change your passwords

Start by updating all passwords associated with your website, including:

• Your hosting account
• Website admin login (such as WordPress)
• FTP or file access
• Email accounts

Use strong, unique passwords to prevent further unauthorized access.

Step 2: Restore your website from a backup

If you have access to recent backups, restoring your site to a version from before the issue occurred is often the fastest way to recover.

Choose a restore point from a time when your site was working properly. Keep in mind that any changes made after that date will be lost.

Step 3: Scan and clean your website

After restoring (or if a backup isn’t available), it’s important to scan your site for malicious files or code.

This may involve:

• Removing unfamiliar files or scripts
• Replacing core website files with clean versions
• Updating your CMS, plugins, and themes to the latest versions

If you’re unsure how to do this, it’s best to work with a developer or security specialist.

Step 4: Check for vulnerabilities

Most website compromises happen due to outdated software, weak passwords, or vulnerable plugins.

Make sure to:

• Update all plugins, themes, and core software
• Remove anything you’re not actively using
• Review user accounts and remove any you don’t recognize

Step 5: Secure your site moving forward

Once your site is clean, take steps to prevent it from happening again:

• Enable two-factor authentication where possible
• Install a security plugin or monitoring tool
• Keep regular backups of your site
• Limit login attempts and access permissions

Step 6: Contact support if needed

If you’re not sure where the issue started or need help restoring your site, our support team can assist you.

We can help restore your website from available backups and guide you on the next steps. Please reach our support team. 

A final note

Website security is an ongoing process. Keeping your site updated, monitored, and backed up regularly is the best way to reduce risk and recover quickly if something does happen.

If you ever suspect an issue, it’s always better to act early.