Help ! My website hacked what to do ?
BACKUP YOUR WEBSITE
This is essential !. Especially as this might be your teams first attempt at fixing a hacked website – which means a good chance of breaking your website. Backup all the files of your website and do a full database backup. Stores these files on a different server than your current website (just in case the hacker returns mid fix and deletes all your files).
CHECK YOUR FILES FOR MALWARE
Get access to all the files on your website. Work through each file looking for the malicious code left there by the hacker. We find the average hacked site has about 50 to a 100 files adjusted by the hacker. Some of these are new files uploaded by the hacker, some are were they have adjusted your existing files.
REMOVE THE AFFECTED FILES
For each hacked file found remove the malware. Be careful with the existing files on your website that the hacker has updated, ensure you don’t break those files else you could stop your website from working. Remember some parts of your site you can fully replace with a fresh installation.
REPLACE PARTS WITH FRESH
If you are using a CMS or Forum (Joomla, WordPress, SMF, osCommerce, etc) replace any directories that are standard and contain no custom modifications. For WordPress you can download the latest official release from
My website hacked what to do ? – Have our top tips helped ?
I hope these critical steps to take once your site has been hacked helps with that question no one wants to have to ask ‘my website hacked what to do ?’. We hope you choose our service instead of going through the pain of trying to fix it yourself and also take advantage of our service to protect your website from being hacked again. BUT If you do decide to do it yourself (DIY) and our tips have not been enough to guide your through these shark infested waters then please still feel free to contact us for free advice on fixing your hacked website.
My website hacked what to do ? – If your visitors are seeing these warnings….
If your visitors are already seeing these sorts of warnings below when visiting your hacked website then it is likely your website has been hacked for months (if not years). Hacked websites like this are often being used by multiple hacker bots. We find those types of hacked website are infected by 100’s of malware infected and the hackers are returning daily. In this instance we recommend you
IMMEDIATELY CONTACT US
Inside GWT (Google’s webmaster tool), it will also give you the details:
Warning: Visiting this site may harm your computer!
The website at www.xxx.com contains elements from the site xyz.com, which appears to host malware – software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer.
Here is Chrome’s latest phishing & malware alerts
Dear site owner or webmaster of site.com,
We recently discovered that some of your pages can cause users to be infected with malicious software. We have begun showing a warning page to users who visit these pages by clicking a search result on Google.com.
Below is an example URL on your site which can cause users to be infected (space inserted to prevent accidental clicking in case your mail client auto-links URLs…
Once you’ve secured your site, you can request that the warning be removed by visiting
and requesting a review. If your site is no longer harmful to users, we will remove the warning.
Google Search Quality Team
Chrome – Phishing & malware alerts
When phishing and malware detection is turned on you may see the following messages:
The Website Ahead Contains Malware! – The site that you’re trying to visit may install malware on your computer.
Danger: Malware Ahead! – The web page that you’re trying to visit may have malware.
Reported Phishing Website Ahead! – The site that you’re trying to visit is suspected of being a phishing site.
The site ahead contains harmful programs – The site that you’re trying to visit may try to trick you into installing programs that harm your browsing experience.