My site is hacked / attacked, what should I do?

Miscellaneous questions and troubleshooting
First off, if your site was hacked, you have our sympathy. It's really frustrating - not only because it's troublesome to your visitors, but it's really difficult to completely remove the hack.
 

With more and more websites being built with 3rd party software (WordPress accounts for approx. 25% of all websites on the internet), it is more common than ever for websites to be hacked into. There are a number of reasons why an attacker might want to hack into a website. Once a website is hacked into, it can be used to send out spam emails, infect visitors' computers with malware, used as part of a DDOS botnet, or simply display the attackers' “hacked by” page for bragging rights.

So you find out that your website has been hacked into – What do you do now? The following points are generally recommended suggestions on how to clean up your account and to put measures in place to prevent it from happening again. As every website is different, and each hack can vary in the finer details, there is no one set of steps that will take care of everything 100%. Some customization/tweaking will be needed in each case.

As using WordPress is a very common way to build a website, we will use it as an example in the following points. If you did not use WordPress to build your website, the following ideas will still apply for the most part to you (even if the exact steps to follow are slightly different).

  • The number one cause of a website getting hacked is that its software has not been kept up to date. Make sure that all your themes and plugins, and the WordPress install itself, are kept up-to-date. It is possible to set this so that updates happen automatically without you having to do anything.
  • The second most common way a website is hacked into is weak passwords. You should update all passwords that contain any information or access to your website content. For example, your WordPress Dashboard logins, your hosting account control panel logins, your email account logins (if you have an email with WordPress/hosting account logins), etc. When changing passwords be sure to use a long and strong password. The password ‘W3b51tePa$$W0rd123’ is a good password, ‘pass123’ is not.
  • The third most common way someone would be able to hack into your website is if your own computer is infected with a virus or malware. You should have anti-virus and anti-malware software installed on your computer, and have them set to perform automatic scans frequently (weekly, if not more frequently). The software we recommend is Avast and Malwarebytes. Download your entire account directory from your hosting account and scan all contents with both anti-virus and anti-malware software. Once confirmed infection-free, re-upload it to your hosting account, over-writing the original directories completely.
  • In the meanwhile, we suggest you to also lock down your file permission by using our File Manager-> File Permission.  Set folders that don't need write permission to READ ONLY.  This will reduce your chance of getting attacked/hacked.
  • Often, when a website has been hacked into, an essential step you will need to take is to restore your website back to a point before it was hacked into. we maintain backups of your website and we recommend to take your account file full backups yourself frequently. If you need our help to restore your website from a backup, there is a restore fee of $30, just contact us via help desk for the backup details, our technician would follow you up further

If you had someone build the website for you and you are unsure how to follow the above steps, or indeed if your website is not built using WordPress or a content management system, we would recommend you contact your website designer. Often the above work is part and parcel of what they do.