Blog, News & Events

Waking up to find your website hacked can be terrifying. Whether you’re running a blog, e-commerce store, or business site, a breach can hurt your reputation and revenue. In this guide, we’ll walk you through a simple but comprehensive process to recover and secure your website from a hack.

Step 1: Identify the Hack

Before taking action, identify the signs of compromise:

• Unexpected redirects

• Defaced homepage

• Strange popups or ads

• Google blacklisting or warning messages

• Login issues or unknown admin users

• Suspicious files in your directories

Use tools like:

• Sucuri SiteCheck

• VirusTotal

• Google Search Console alerts

Step 2: Take Your Site Offline Temporarily

To prevent further damage and protect visitors:

• Place your website in maintenance mode.

• Or use .htaccess to restrict public access.

• Inform your users via email or social media.

If you use Sternhost, you can activate “Site Maintenance” mode in your cPanel dashboard or use a plugin for CMS like WordPress.

Step 3: Backup Your Site (Yes, Even Now!)

Create a full backup of:

• Files (via File Manager or FTP)

• Database (using phpMyAdmin)

This preserves evidence and helps if you make mistakes during cleanup.

Step 4: Scan and Remove Malware

Use security plugins or services to scan your files:

• WordPress: Wordfence, Sucuri, iThemes Security

• cPanel: Run ImunifyAV or similar antivirus scanner

Manually check and remove:

• Suspicious PHP files or scripts (e.g., eval, base64_decode)

• New unknown admin users

• Modified .htaccess or index.php

🔒 Sternhost users can request a free malware scan via support.

Step 5: Update All Passwords

Change passwords for:

• cPanel / hosting account

• CMS admin (WordPress, Joomla, etc.)

• FTP / SSH / SFTP

• MySQL database

• Email accounts

Use strong, unique passwords for each.

Step 6: Update and Patch Everything

Outdated software is the #1 cause of hacks. Ensure:

• CMS core, themes, plugins are updated

• Remove unused or nulled plugins/themes

• Update PHP version via cPanel if needed

How to update PHP in cPanel:
Go to Select PHP Version > Current Version > Choose latest stable version > Save.

Step 7: Restore from a Clean Backup (If Available)

If malware cleanup is too complex, restore a backup from a date before the hack occurred.

• Use JetBackup in Sternhost cPanel

• Or upload a known clean backup manually

Make sure you update all credentials after restoring.

Step 8: Submit Site for Review

If blacklisted by Google or antivirus companies:

• Google Search Console – Security Issues

• Norton Safe Web

• McAfee SiteAdvisor

Request a review after confirming the site is clean.

Step 9: Harden Your Website Security

Take preventive measures:

• Install a firewall (WAF)

• Enable 2FA for logins

• Limit login attempts

• Regularly scan for vulnerabilities

• Disable XML-RPC (WordPress)

• Secure file and directory permissions

🔐 Bonus: Sternhost users get access to SiteLock and CodeGuard for daily malware scanning and backups.

Step 10: Monitor and Stay Secure

Maintain your site security by:

• Setting up uptime monitoring (e.g., UptimeRobot)

• Scheduling weekly backups

• Monitoring server logs

• Educating team members about phishing or social engineering

Final Thoughts

No website is 100% immune, but swift action and proper security practices can save your site from long-term damage. If your site is hosted on Sternhost, reach out to our support team for priority malware cleaning and assistance.

Need help now?
📨 Contact Sternhost Support
🔧 Or check out our Security & Backup Solutions