How to Repair a Hacked Website: First Steps after a Website Hack

There cannot be a worse nightmare for website owners than getting their website hacked. It puts them at a risk of losing confidential information of their users as well as business details. Irrespective of the size of the organization, there are numerous computer networks and connected devices to carry out the routine business tasks. With the constant rise in the number of cyber-attacks, it has become more important to ensure the security of your website.

Here are the steps you can take to repair a hacked website, in case you website falls prey to the malicious attempts of the hacker.

  1. Reset the password as soon as possible

Weak passwords are the major reason for around 63% of security breaches. Phishing, password cracking software, stealing personal data and buying or selling it can help the hackers with the security breach. Usually, a cyber attack victim comes to know about the security breach after 7 months approximately. You should have a strong password policy with enforcement of quarterly password updates to protect the credential hacks. It is not recommended to have easy to guess passwords such as 123456. Use unique and long passwords with the help of password managers like LastPass or KeePass. It will also aid in the creation of strong passwords and store them safely. 

  1. Get your website scanned

Whenever you suspect your website for a cyber threat, you should immediately scan your website with the security tools that help you find the malicious payloads and malware locations. You can go to SiteCheck website and click the Scan Website option. Review any warning message that suggests the website infection. Check for the payloads and locations or blacklist warnings. In case the payload cannot be detected by the remote scanner, you should check with other tests. From the Malware Scan, go through the iFrames/Links/Scripts tab and check for suspicious components.

For website owners who have more than one website hosted on a single server, you should scan each one of them. Cross-site contamination can lead to virus infections of your website quite often. It is highly recommended that you isolate your hosting and web accounts to stay safe.

  1. Evaluate the core file integrity

You should never modify the core files. In order to verify whether the integrity of your website core files is intact or not, you can use the diff command in terminal. For those who are not acquainted with the use of command line, SFTP lets you go through the files manually.

You can rest assured if no modifications are noticed.

  1. Assess the recently modified files

You can recognize the hacked files by checking for any modifications in them recently.  Any unidentifiable changes in the last week to month should be considered as prospective threats.

  1. Go through the diagnostic pages

The diagnostic tools offered by Google and other website security authorities can help you verify the security status of your website in case any security authority or Google blacklists your website.

If you want to check your Google Transparency Report, you can go to the website: Safe Browsing Site Status. Add the URL of your website and search. It will allow you to check the safety details of the website that gives you the information related to the malicious redirects, spam and downloads, and the testing information that offers the details on the latest Google scan in which malware was detected.

  1. Remove the hacked website files

The infected files should be removed and swapped with the uninfected backup. As suggested in the second point, use the malicious payloads or suspicious files. If you want to remove the malware infection from the website files manually, you should first log into the server through SFTP or SSH.

Before proceeding to make the changes, you should backup the database. Then, check out for suspicious content like spammy links or keywords. Remove the suspicious content manually. Once the files are deleted successfully, check for the website operations. Delete the database access tools uploaded during the process.

Novice website managers should take help of the payload information that comes with the malware scanner. Intermediate users can check out for malicious PHP functions like eval, base64_decode, preg_replace, str_replace, gzinflate, etc.

  1. Make the user accounts secure

Remove all the unfamiliar users from the website to deny access to the hackers. It is advisable to have only one admin user and assigning other user roles with the minimum website rights. The other profiles can be either that of contributor, author or editor.

  1. Eliminate malware warnings

Request for a review if Google, McAfee, Yandex, or other web spam authorities blacklist your website. You can call the hosting company if your website is suspended. It is possible that they will ask you the details regarding how you deleted the malware.

You should fill in different request forms for every blacklisting authority, namely Google Search Console, McAfee SiteAdvisor, Yandex Webmaster.

Prevention of  Website Hacking Incidents

  1. Buy Cheap SSL Certificate from SSL2BUY to secure the website and encrypt the data transmitted between the server and the browser. You should have HTTPS for a secure website.
  2. Harden your website by having a Website Firewall. Doing this hardens the server and application so that the attack surfaces for the cyber-crime perpetrators are reduced. It prevents access from any unauthorized sources on your wp-admin or wp-login page.
  3. Run a computer scan regularly through a trustworthy antivirus program on the operating systems.
  4. Distributed Denial of Service (DDoS) attacks put an overload on the server or application resources. A website firewall recognizes every type of DDoS attacks and reduces the number of fake visits on the website.

Final Thoughts

If you want to ensure cyber security for your website, it is a must to take the precautionary measures. In case your website still suffers from a cyber-attack, you can follow the 8 tips discussed here and get out of the mess created by the hackers. As the number of vulnerabilities keep increasing, it is imperative for every website owner to employ all the security best practices and be safe rather than sorry.

News Reporter