So you just got that dreaded email from your hosting company that says “we’ve detected an issue with your website” or “malicious code or links have been found on your website” or the worst a client emails you and says “your site has been hacked”.


Step 1: Breathe

Do you know what they tell firefighters to do when they enter a burning building?

Stay calm and assess the situation.

Panicking isn’t going to help anyone and may cause everything to come crashing down.

Step 2: Download the Questionnaire

Good news: we’ve had enough people come who built their own sites come to us begging for help, that we’ve got a questionnaire for you.

Click here to download the “Help my site was hacked, can you fix it” questionnaire >

In the event the file doesn’t download properly, you’ll need to right click on it and then choose Save As (or Save Download As, exact wording varies by browser).

You can also reach us on our contact page or using our live chat feature below (if it’s off hours for our chat, notifications go to mobile phones & to our email).

Step 3: Assess

You need to figure out if you’ve actually been hacked.

If it’s a friend/coworker/random person telling you: Ask them what makes them think you were hacked. Was a warning on their browser or something else? Some people do have overzealous browser extensions installed which can flag sites that have nothing malicious about them.

If it’s your hosting company or heaven forbid a Google webmaster tools warning: You’re hacked. Go back to step 2 and get the questionnaire.

Step 4: Triage & Treat

Google your website and see if there is any notice on the results saying that the site may be harmful. If there isn’t a warning, then Google may not have found out yet (which is good for you). Then go to your Google & Bing Webmaster Tools and check for any alerts.

Your goal is to have found a problem BEFORE the search engines flag your site.

If your website has not been flagged

If the engines have not yet flagged your site, find out if there is an unhacked backup that can be immediately restored. If so, restore, RIGHT NOW. This restoration process should wipe everything on your site prior to loading in the backed up files.

If you don’t know have a backup or don’t know how to reload one: STOP AND GET HELP (step 2 above).

If there is not a backup that can be immediately restored, you need to find out if someone can clean your site right now. Many hosting companies use Sucuri Security to do website cleanouts. They have contracts and can usually get your site fixed ASAP. If so, pay the fee, get your site cleaned by the Sucuri professionals (they are available pretty much 24/7 and this is their primary business).

If your website is flagged by Search Engines

Unfortunately, this is going to be a painful process for you. I highly recommend that you go straight to Sucuri and talk to them about your site. They have a lot of experience with with getting websites off of Google’s blacklist. You should be prepared though, if your site was blacklisted it can take a while to go through all of the hoops to get OFF the blacklist (this can cost a bit and takes weeks or months to go through).

Step 5: Aftermath

Now that you once again have a nice clean website, you need to do a few things:

  1. Get your site secured. Find out about WordPress Security installs or about more secure hosting.
  2. Check your backups — if any of your backups are from the time period when you were hacked, they must be gotten rid of.
  3. Take a new backup of your nice clean site. If you haven’t been taking backups, now is an good time to get started with BackWPup (an even better time would have been before this all started).
  4. Check your webmaster tools (or set it up if you have’t already). You want to make sure that you’ve set up for alerts should anything be suspicious in the future.

Lastly: Get a regular maintenance plan

Updates and security need to be checked regularly. If that’s not something you can handle, it’s best to find someone who can.

Leave a Reply

Your email address will not be published. Required fields are marked *