I Got Hacked – What to Do Immediately When Your Website Is Breached
"I Got Hacked" – What to Do Immediately When Your Website Is Breached
A client in Kuwait called me at 2 AM. "Zeeshan, my website is showing some weird Russian text. I think I have been hacked." His heart was pounding. His business relied on that site. He had no backup. He had no security plugin. He had no plan.
Getting hacked is terrifying. But panic makes it worse. This guide gives you a step‑by‑step emergency response plan – what to do in the first 24 hours, how to clean your site, and how to prevent it from happening again. Keep this guide saved. You may need it one day.
Step 1 – Do Not Panic. Take a Deep Breath.
Panic leads to bad decisions. Take 60 seconds. Breathe. You will fix this. Many sites recover from hacks. Yours will too.
Remember: hackers do not target you personally. They use automated bots to scan millions of sites for vulnerabilities. You are just a number to them. Do not take it personally.
Step 2 – Take Your Site Offline Immediately
If your site is hacked, it is spreading malware to your visitors. Your visitors' data may be at risk. Take it offline now.
How to take it offline:
- Log in to your hosting control panel (cPanel).
- Put up a maintenance page (or a simple "We are temporarily down" message).
- If you cannot do that, contact your hosting provider and ask them to suspend the account temporarily.
This stops the hack from spreading and protects your visitors.
Step 3 – Change All Passwords
Hackers may have your passwords. Change everything immediately:
- Hosting account password.
- FTP / SFTP password.
- Database password.
- WordPress admin (or CMS) passwords for all users.
- Email accounts associated with your domain.
Use strong, unique passwords. Use a password manager to generate and store them.
Step 4 – Identify the Type of Hack
Different hacks require different fixes. Common types:
- Defacement – Hackers change your homepage or add spammy text. Usually easy to fix.
- Malware injection – Hackers add malicious code to your files. Visitors get redirected or infected.
- Phishing pages – Hackers add fake login pages to steal credentials.
- SEO spam – Hackers add hidden links to your site to manipulate search rankings.
- Backdoor – Hackers leave a hidden file that allows them to re‑enter anytime.
If you are not sure, use a free scanner like Sucuri SiteCheck or Wordfence (if you can access your admin).
Step 5 – Restore from a Clean Backup
This is why backups are critical. If you have a recent backup (from before the hack), restore it.
How to restore:
- If your hosting provider has backups, ask them to restore the most recent clean version.
- If you have your own backups (e.g., UpdraftPlus, Google Drive), restore from there.
If you do not have a backup, you will need to clean the site manually (Step 6).
Step 6 – Clean Your Site Manually (If You Have No Backup)
If you have no backup, you must clean the site manually:
- Download all files – Download your entire website via FTP.
- Scan for malicious code – Use a tool like VirusTotal or a security plugin to scan files.
- Remove infected files – Delete any files that are not part of your original installation (e.g., unknown PHP files in your root directory).
- Check your database – Hackers often inject malicious code into database entries. Look for suspicious content in posts, pages, and options.
- Reinstall core files – For WordPress, delete the `wp-admin` and `wp-includes` folders and upload fresh copies from WordPress.org.
- Update everything – Update your CMS, plugins, and themes to the latest versions.
This is technical. If you are not comfortable, hire a professional. Security firms charge 100‑500 KD for cleanup – worth every penny.
Step 7 – Find and Fix the Entry Point
If you do not fix how the hacker got in, they will come back. Common entry points:
- Outdated plugin or theme – Update or delete vulnerable plugins.
- Weak password – Use strong passwords and enable 2FA.
- Outdated CMS – Update your CMS regularly.
- Vulnerable hosting – Switch to a more secure host.
Check your server logs (your hosting provider can help) to see how the hacker entered.
Step 8 – Bring Your Site Back Online
Once your site is clean and secured, bring it back online.
- Remove the maintenance page.
- Test every page, link, and form to ensure everything works.
- Test your checkout (if e‑commerce) – ensure payment gateways are working.
Monitor your site closely for the first 24‑48 hours. Check for any suspicious activity.
Step 9 – Notify Your Users (If Data Was Compromised)
If customer data (emails, passwords, payment info) was compromised, you must notify your users. This is not just ethical – it is required by law in many places (GDPR, data protection laws in UAE, etc.).
What to say:
- Explain what happened (briefly).
- Apologise.
- Tell them what you have done to fix it.
- Advise them to change passwords on other sites if they reused passwords.
- Provide contact information for questions.
Step 10 – Prevent Future Hacks
Learn from this experience. Implement these measures:
- Daily backups – Store off‑site (Google Drive, Dropbox).
- Security plugin – Wordfence or Sucuri (free versions).
- Two‑factor authentication (2FA) – On all admin accounts.
- Strong passwords – Use a password manager.
- Regular updates – Update CMS, plugins, themes monthly.
- SSL / HTTPS – Encrypt data.
- Limit login attempts – Prevent brute force attacks.
Real Case Study – A Business Recovers from a Hack and Becomes More Secure
A small e‑commerce store in Kuwait was hacked through an outdated plugin. The hackers injected a script that stole customer credit card information. The owner had no backup and no security plugin.
We followed this exact plan:
- Took the site offline immediately.
- Changed all passwords.
- Cleaned the site manually (found 15 malicious files).
- Updated all plugins and themes.
- Installed Wordfence and enabled 2FA.
- Set up daily backups to Google Drive.
The site was back online in 3 days. The owner now follows a monthly security checklist. He told me, "I will never skip backups again. That was the most stressful week of my life."
Final Thoughts – Preparation Is Everything
Getting hacked is scary. But if you have a plan, you can recover. The best defence is prevention – backups, updates, strong passwords, and security plugins. Implement these today, before you get hacked.
Save this guide. You may need it. But hopefully, you never will.
– Md Zeeshan
💬 Comments (0)
No comments yet. Be the first to share your thoughts!