Your website has been compromised. While you rushed to restore it and appear back online, however, site traffic seems to have significantly decreased since then.

Your top priorities should include restoring from a backup, fixing vulnerabilities, changing passwords and uninstalling software no longer used by you.

Backup

An attack can be one of the worst things to happen to a business, resulting in lost revenues, time-consuming recoveries and irreparable damage to reputation. Therefore, you need to safeguard your website against hackers by regularly backing it up either manually or using third-party solutions like CodeGuard that offer this feature.

To back up your website, it is essential that you log into the control panel of your hosting provider. For example, HostGator requires users to access cPanel and select File Manager in order to take a backup. Within File Manager you should scroll down until you see an icon that says “Backup”, this allows for downloading full account, home directory or individual file backups of their website.

Once you have created a backup of your website, it’s essential to carefully examine it for any malicious codes. One method for doing so is comparing files from both versions – whether your current and backup. Furthermore, access logs, error logs, failed login attempts, error codes etc can all be examined as part of this process.

Change passwords on all accounts related to your website – such as email and FTP servers. This will ensure that no further infection takes place.

Check your uploads directory regularly as hackers often hide and execute from there, making it important that php execution from these folders be disabled.

Regular backups of your website can protect against losing crucial information and help speed up recovery from hackers, so if it isn’t already, start taking regular back ups of it – make sure it happens daily if at all possible!

By backing up, you will lower the risk of hacking, as well as any accompanying headaches. For assistance on taking backups of WordPress sites, read this guide: How To Take a Backup of a WordPress Site.

Check for Malware

Hacked websites can be an enormously frustrating experience. Visitors, sales, reputation and credibility all vanish in an instant – yet there are steps you can take to recover your site quickly and successfully. Using backup files as a resource makes this task simpler – whilst making sure any malware issues are taken care of as part of this recovery process.

Malware encompasses a wide range of items designed to damage websites. This may include redirects, hidden pages with spammy content, functions that display it across pages that otherwise wouldn’t display spam and backdoors that allow hackers to reenter later on. Some of this malware can be found by checking Google Message Center and Security Issues in Webmaster tools; alternatively you may also compare current files against the backup version; check access, server error logs and command history logs; review command history records for failed login attempts as well as look for too lax folder and file permissions across servers; as well as look out for too lax folder and file permissions across servers and folders on servers with too lax permissions between folders or files on servers which should have more stringent folder/file permissions on servers with too lax folder/file permissions on servers with too lax permissions on servers with too lax folder/file permissions on servers with too lax permissions on folder/file permissions between servers, folder and file permissions between servers; these can be detected through checking messages in Google Message Center as well as Webmaster tools’ Security Issues tab in Webmaster tools’ Webmaster tools’ security issues tab under Webmaster tools security issues tab (under “Security) issues when checking access logs/error logs as well as reviewing command history logs as checking access/error logs logs as checking access/server logs as reviewing command history/error logs logs as reviewing command history logs with too leniency/file permissions on them being too laxnesses on them using them when needed/ compared with too lenientally logs/error logs logs logs/Sew/webmaster tools/webmaster tools), login attempts/security issues under Security Issues/ Security Issues then review command history logs/error logs logs/error logs or errors logs/error logs logs logs logs/access logs or review command history logs logs on either access/error logs logs on webmaster tools etc, server errors. etc etc/command history reviews/command historys etc/ error logs etc on servers etc… etc…/command history reviews as well as user accounts/command history logs etc…… etc for failed login attempts/error. Logs or server issue issues/ errorlogs etc and error logs etc/ error history review Command history/command history logs etc… and command history etc… or reviewing command history/command history review Command History or look for too es/log/ logs etc…etc… compared etc etc…s… etc…, access logs etc…etc…for file. etc on… etc/profiler (or creating unknown accounts created new user accounts etc…etc on various. etc /fle and file permission issues on server etc… etc/ or file permission issues on them/log/error logs etc… and account creation etc…etc…for/ file permission issues from/server etc…).. etc…. etc… etc…..etc….etc… to versus your servers etc…. etc………)……. etc…. etc… or looking at your servers that provide too liberal permission issues/…or or folder or file etc……).. etc…. etc……etc…. etc…..etc…etc….. etc…. etc etc…..etc etc….etc……..etc……etc….. etc….. etc……etc… or too i…… etc….. etc….. etc………………. etc…. etc…. etc…. etc….

Search the wp-content directory and all public directories such as uploads. Hacks often hide scripts here that are easily accessible by hackers because there’s no firewall protecting these directories. Furthermore, take care to review all plugin settings as some are password protected and could potentially be altered by an attacker.

Add your domain to Google Search Console (under its property that matches it) if it hasn’t already. This way you will submit a request for Google to remove “This Site May Harm Your Computer” warnings from search results.

Once your site has been cleaned and secured against further access points, it’s wise to monitor it frequently for signs that the attacker has returned. By adhering to these steps and staying vigilant, it will help keep your site, SEO rankings and business operating after an attack has occurred. Restoring from backup can prevent further SEO damage being done to the domain name itself.

Restore

For proper website recovery, it is imperative that the proper steps be taken. This involves conducting a full examination of the site to ensure all malware has been eradicated and it is operating optimally – this is critical as any breaches could have severe repercussions for your business, including customer loss, revenue reductions, legal implications, diminished reputations and plummeting SEO rankings.

Step one of recovering a hacked website involves making sure that you have a backup copy. That way, should anything go amiss during the clean-up process, you can easily restore it. Furthermore, having this backup will enable you to track down those responsible – comparing backup with cleaned up versions will enable comparison.

Once you have a backup, the next step should be removing any suspicious code from your core files using an editor such as Notepad++ and uploading them back onto the server – if this seems daunting to you, professional services may also provide this service.

Next, use phpMyAdmin to clean out the database for your website. Do this step methodically starting with existing post/page tables (wp-posts and wp-options in WordPress) ensuring all malicious codes have been eliminated from the site.

Last but not least, you should change all login credentials (including admin email and passwords). This will prevent hackers from regaining access to both the site as well as your other online accounts.

Once you’ve restored and secured the website, it is wise to run a security scanner in order to make sure that it is free from malware. Furthermore, updating software and eliminating unnecessary applications, plug-ins or widgets from the website are also recommended as this may prevent having spent hours or days cleaning it up only to have it backhacked a few weeks later.

Cleanup

Ideally, if you have access to an up-to-date backup, restore that version first and work from there to create a clean version of your website that ensures any malware has been eradicated.

Once you have installed a clean version of the website, take an inventory of its plugins and themes. Depending on which theme was employed by hackers, an updated version may need to be found and installed; this will remove any malicious code introduced by previous versions of that plugin.

Your next step should be to use phpMyAdmin to review and delete records that do not belong in the database tables, including pages and posts created by hackers as well as new records you didn’t create yourself. Although this can be time-consuming, this step is essential in eliminating malware from the website.

Once your website is live, the first step should be changing all passwords – CMS, cPanel, FTP and database passwords included – to protect its sensitive data against potential hacker breaches. This will help ensure hackers cannot gain entry and gain unauthorized access.

Final steps involve cleaning up any new URLs added by hackers. You can do this manually or by using Screaming Frog to do it automatically – be careful though as it’s easy to delete legitimate pages along with those compromised by hacks!

After you’ve cleaned up and closed down any security holes used by hackers, the next step should be regaining your SEO rankings and reputation. Although this could take time to accomplish, with hard work you could get back up and running quickly.

Categorized in: