Fixing a Hacked Website: Step-by-Step Guide

Waking up to find your website hacked can be terrifying. Whether you're running a blog, e-commerce store, or business site, a breach can hurt your reputation and revenue. In this guide, we’ll walk you through a simple but comprehensive process to recover and secure your website from a hack.

Step 1: Identify the Hack

Before taking action, identify the signs of compromise:

• Unexpected redirects

• Defaced homepage

• Strange popups or ads

• Google blacklisting or warning messages

• Login issues or unknown admin users

• Suspicious files in your directories

Use tools like:

• Sucuri SiteCheck

• VirusTotal

• Google Search Console alerts

Step 2: Take Your Site Offline Temporarily

To prevent further damage and protect visitors:

• Place your website in maintenance mode.

• Or use .htaccess to restrict public access.

• Inform your users via email or social media.

If you use Sternhost, you can activate “Site Maintenance” mode in your cPanel dashboard or use a plugin for CMS like WordPress.

Step 3: Backup Your Site (Yes, Even Now!)

Create a full backup of:

• Files (via File Manager or FTP)

• Database (using phpMyAdmin)

This preserves evidence and helps if you make mistakes during cleanup.

Step 4: Scan and Remove Malware

Use security plugins or services to scan your files:

• WordPress: Wordfence, Sucuri, iThemes Security

• cPanel: Run ImunifyAV or similar antivirus scanner

Manually check and remove:

• Suspicious PHP files or scripts (e.g., eval, base64_decode)

• New unknown admin users

• Modified .htaccess or index.php

???? Sternhost users can request a free malware scan via support.

Step 5: Update All Passwords

Change passwords for:

• cPanel / hosting account

• CMS admin (WordPress, Joomla, etc.)

• FTP / SSH / SFTP

• MySQL database

• Email accounts

Use strong, unique passwords for each.

Step 6: Update and Patch Everything

Outdated software is the #1 cause of hacks. Ensure:

• CMS core, themes, plugins are updated

• Remove unused or nulled plugins/themes

• Update PHP version via cPanel if needed

How to update PHP in cPanel:
Go to Select PHP Version > Current Version > Choose latest stable version > Save.

Step 7: Restore from a Clean Backup (If Available)

If malware cleanup is too complex, restore a backup from a date before the hack occurred.

• Use JetBackup in Sternhost cPanel

• Or upload a known clean backup manually

Make sure you update all credentials after restoring.

Step 8: Submit Site for Review

If blacklisted by Google or antivirus companies:

• Google Search Console – Security Issues

• Norton Safe Web

• McAfee SiteAdvisor

Request a review after confirming the site is clean.

Step 9: Harden Your Website Security

Take preventive measures:

• Install a firewall (WAF)

• Enable 2FA for logins

• Limit login attempts

• Regularly scan for vulnerabilities

• Disable XML-RPC (WordPress)

• Secure file and directory permissions

???? Bonus: Sternhost users get access to SiteLock and CodeGuard for daily malware scanning and backups.

Step 10: Monitor and Stay Secure

Maintain your site security by:

• Setting up uptime monitoring (e.g., UptimeRobot)

• Scheduling weekly backups

• Monitoring server logs

• Educating team members about phishing or social engineering

Final Thoughts

No website is 100% immune, but swift action and proper security practices can save your site from long-term damage. If your site is hosted on Sternhost, reach out to our support team for priority malware cleaning and assistance.

Need help now?
???? Contact Sternhost Support
???? Or check out our Security & Backup Solutions