Discovering that your website has been hacked can feel overwhelming. One moment, everything is running smoothly. The next, you’re facing defaced pages, strange redirects, or warnings from search engines that your site is unsafe. For small business owners, the impact can be serious — lost sales, damaged reputation, and stressed customers.
The good news is that with calm action and the right steps, you can recover your site and protect it from future attacks. This guide is designed for beginners, with clear instructions on what to do if you suspect or confirm that your website has been hacked.
Recognizing the Signs of a Hacked Website
Not every hack is obvious at first glance. Sometimes, malicious activity stays hidden for days or even weeks. Here are common signs that your website may have been compromised:
- Your website is redirecting visitors to strange or malicious websites.
- Google Search Console or your browser shows a “this site may be hacked” or “deceptive site ahead” warning.
- Your homepage or other pages have been defaced (showing unfamiliar content, ads, or messages).
- Your site suddenly slows down or behaves erratically.
- You notice unknown admin users in your website’s dashboard.
- Security plugins or your hosting provider alert you to suspicious files or code.
If you notice any of these, it’s time to act — fast but carefully.
Step 1: Don’t Panic — Secure Access First
Before making any changes, limit further damage:
- Change passwords immediately — Start with your hosting account, CMS (such as WordPress), FTP/SFTP credentials, and database if possible.
- Lock down your website temporarily — Many hosts allow you to disable the site or put it into maintenance mode while you clean it up.
- Notify your hosting provider — Many reputable hosts have security teams that can assist with scans and restoring clean backups.
Step 2: Back Up Your Current Website (Yes, Even the Infected Version)
It might seem strange to back up a hacked site, but having a copy is crucial. This version can help security experts analyze how the attack happened. Download:
- Your entire website files (via your host’s file manager or FTP/SFTP).
- Your database (via phpMyAdmin or your host’s tools).
Store this backup securely on your local computer or cloud storage.
Step 3: Identify the Type of Hack
The cleanup process depends on what type of hack has occurred. Common types include:
- Malware injection — Hidden code that infects pages or files.
- SEO spam — Hidden links, keywords, or redirects added to manipulate search rankings.
- Phishing pages — Fake login forms or payment pages placed on your server.
- Defacement — Obvious changes to your website’s appearance.
- User account compromise — An attacker gains admin access.
Security plugins (such as Wordfence, Sucuri, or iThemes Security) or your host’s malware scanners can help identify the nature of the hack.
Step 4: Restore From a Clean Backup (If You Have One)
If you have a recent backup made before the hack, restoring your site is often the fastest solution. Steps:
- Remove all current files from your web server (or ask your host to help).
- Upload your clean backup files.
- Restore your clean database.
- Change all passwords again after restoring.
After restoring, update all software (CMS, plugins, themes) to the latest versions immediately.
If you don’t have a clean backup, you’ll need to proceed with manual cleanup.
Step 5: Clean the Site Manually (If Needed)
If no clean backup is available:
- Scan your site with a security plugin — Many plugins can attempt to clean common malware (Wordfence, Sucuri, etc.).
- Delete unnecessary or unfamiliar files — Look for strange PHP files in folders like
/wp-content/uploads/(for WordPress). - Reinstall fresh copies of core files, themes, and plugins — Remove the old ones and replace them with clean versions from official sources.
- Review and clean the database — Look for suspicious entries, especially in
wp_options,wp_posts, andwp_userstables (if using WordPress).
If manual cleaning feels overwhelming, consider hiring a professional cleanup service. Sucuri and Wordfence offer affordable one-time cleanup packages.
Step 6: Remove the Hack Warning from Google
Once your site is clean:
- Sign in to Google Search Console.
- Under Security Issues, request a review.
- Explain that you’ve removed the hack and secured your site.
- Google will review your site (usually within a few days) and remove warnings if no issues are found.
Step 7: Strengthen Your Security
A hack often reveals weaknesses in your site’s setup. Use this as an opportunity to build stronger protection:
- Update everything — Ensure your CMS, plugins, themes, and server software are up to date.
- Remove unused plugins and themes — These can become security risks over time.
- Use strong, unique passwords everywhere — Consider a password manager.
- Install a security plugin — Add features like firewall protection, login limits, and file change monitoring.
- Set up regular backups — Choose a solution that backs up your site daily or weekly, and stores copies offsite.
Step 8: Communicate With Your Customers (If Needed)
If sensitive customer data was at risk or your site was serving malware, it’s important to be transparent:
- Inform affected users promptly and honestly.
- Let them know what steps you’ve taken to resolve the issue.
- Encourage them to change their passwords if they had accounts on your site.
Good communication can help rebuild trust after an incident.
Conclusion
Getting hacked is a stressful experience, but it doesn’t have to be the end of your website. By acting calmly and following a clear recovery plan, you can restore your site and protect it from future threats. Remember: the best defense is prevention. Invest in security now to avoid bigger problems later.
