What to Do If Your Website Is Hacked
If your site is hacked, the right first hours make the difference between a quick recovery and a long nightmare.
Discovering your website has been hacked is a horrible moment. There is a strong urge to panic, but the businesses that recover best are the ones that act calmly and in the right order. Knowing the steps in advance makes all the difference.
Here is a practical plan for what to do, written so you can follow it under pressure rather than freezing up.
First, contain it
If you can, take the site offline or put up a holding page. A hacked site can spread malware to your visitors, damage your reputation, and even get you blacklisted by search engines and browsers, so stopping the bleeding comes first.
Change your passwords — hosting, admin, FTP, database, and email — using a clean, trusted device. Assume the attacker has any credential that was stored on or used by the compromised site, and lock them all down before doing anything else.
Then, clean it up
Work out how they got in and what they touched. This usually means scanning for malware, examining recently changed files, and checking for unauthorised admin accounts or hidden code. A reputable security tool or specialist helps enormously here.
Restoring from a clean backup taken before the hack is often the fastest route, but only if you are confident the backup is genuinely uninfected. After restoring, update everything — core, themes, plugins — to close whatever hole let them in, or the attacker will simply return.
Finally, prevent the next one
Once you are clean, ask search engines to recheck your site if it was flagged, and let any affected customers know if their data may have been involved. Be honest — a measured, transparent response protects trust better than silence.
Then harden the site so it does not happen again: strong passwords and two-factor authentication, a firewall, regular updates, reliable backups, and monitoring. Most hacks exploit known, fixable weaknesses, so the cleanup is also your chance to close them for good. If this feels beyond you, get professional help quickly — speed matters.
Common questions.
Should I just delete everything and start over?
How do I stop it happening again?
Should I tell my customers if their data may have been affected by a hack?
Turn this into action.
The services behind this guide.
More on website care & tech.
Want a hand putting this into practice?
Book a free, no-obligation consultation with a Norwich-based specialist.
Let's put your business in a better light.
Book a free, no-pressure consultation. We'll talk through your goals and tell you honestly what we'd do — whether you work with us or not.