A practical guide explaining what to do if your website is hacked, how to reduce damage and how to recover safely.
Discovering that your website has been hacked can be stressful, but the most important thing is to act calmly and methodically. The goal is to protect visitors, preserve evidence, clean the infection and stop the attacker from getting back in.
A hacked website may show obvious warnings, but sometimes the signs are subtle: strange redirects, unknown files, spam pages, slow performance or unexpected admin users.
If your website gets hacked, take it offline if needed, change passwords, make a backup for investigation, scan files, remove malware, update software, restore from a clean backup and fix the original weakness.
If the website is redirecting visitors, showing malicious content or triggering browser warnings, consider putting it into maintenance mode while you investigate. Protecting visitors is more important than keeping an infected site publicly available.
If the site handles payments or customer data, treat the issue more seriously and consider professional help.
Change hosting, FTP, database, CMS administrator and email passwords. Remove unknown users and check that administrator accounts are legitimate.
If possible, enable two-factor authentication. Weak or reused passwords are a common reason attackers gain access.
This may sound backwards, but taking a copy of the infected site can be useful for investigation. It lets you review what changed and gives you a fallback if cleaning attempts remove something important.
Keep this copy separate and do not restore it over a clean site.
Scan files, themes, plugins, uploads and databases for suspicious code. Remove malicious files, replace modified core files and check for hidden backdoors.
If you have a known clean backup from before the hack, restoring it may be faster than cleaning manually, but you still need to fix the weakness that allowed the hack.
If search engines or browsers flagged the site, you may need to request a review after cleaning it. Do this only once you are confident the infection has been removed.
After cleaning, monitor the website closely. Add better login protection, improve backups, remove unused software and consider malware scanning or a Web Application Firewall.
If you are not sure which option is right for your website, start with our Start Here page or compare our UK Web Hosting services.
You can also explore VPS Hosting UK and VDS Hosting UK if your website needs more control, dedicated resources or room to grow. If a hacked site supports your business, restoring from a clean backup and fixing the original cause should be treated as urgent.
A hacked website is serious, but it can usually be recovered with the right steps. Clean the infection, secure access, update software and improve prevention so the same problem does not return.