Hackers attack computers every 39 seconds, according to research, and 43% of attacks target small businesses. If you run a website, whether for business or pleasure, there’s a good chance that you’ll deal with at least one cyber attack.
But what do you do if your website gets hacked?
Change Passwords
Start by changing your passwords to make sure hackers no longer have access to your site. You can typically do this through the customer area of your web hosting service and the admin area of your website.
Change the following passwords:
- Database
- SFTP
- SSH
- Website users
If your site has users, reset everyone’s passwords. There’s a chance that the hacker created new users. Check for and remove any suspicious users.
Determine the Extent of the Damage
If you run a website for business purposes, the steps may be more complicated than for a blogger who writes for fun. With data breaches, you may be dealing with more than just website defacing; people’s personal information may be compromised.
First and foremost, you need to determine the extent of the damage.
- Was personal data compromised? Who needs to be informed?
- Which files were affected?
- Was one site affected, or were multiple sites attacked?
- Was your database affected?
If you’re not sure how to assess the damage, try using Google Webmaster Tools (only works if you have a Google account).
Check the “Malware” page, which you can access from the Search Console. Just click “Status” and then “Malware” to see if any pages on your website contain malicious code. You can also use the Google Safe Browsing diagnostics page to see if Google’s automatic scanners picked up anything suspicious.
Inform Your Host
Let your web hosting company know that your site has been hacked. They may be able to help you through the recovery process. Even if they can’t, it’s still important to let them know what happened. There may be other sites on your server that have been compromised.
Now may also be a good time to re-evaluate your web host and check into their security measures. Find out:
- If the host is running the latest versions of CPanel, MySQL, PHP, phpMyAdmin, Caching Technology and Operating System.
- If server logs are available and how long they are kept.
- If hosting accounts are isolated from each other.
- If HTTPS can be enabled.
- How sites are backed up and how long backups are available.
Clean Up Your Site and Server
Next, you’ll need to clean up your site and server. If confidential information has been taken, get in touch with local support sources that can help you understand all legal, business and regulatory issues you may face.
Remove any new URLs created by the hacker, if any. Don’t remove any established pages that were damaged by hackers. For these pages, simply remove any text or malicious coding.
You also have the option of restoring your backup file, but you need to ensure that the backup was created before your website was hacked.
Make sure to install any software updates and be diligent about installing future updates as soon as they are available.