What to Do When Your Website is Hacked
Having your website hacked is a stressful experience. Perhaps you’ve typed in your URL one day and found that your website redirects to a questionable site, or even that it’s disappeared altogether. Or perhaps your website is running just fine, but you have an inkling that it’s been compromised behind the scenes.
If so, you’re probably asking yourself what’s happened, how has it happened, and most importantly, how do you fix it?! Don’t panic! Take a deep breath, call in your support team, and follow these eight steps to get your site back up and running.
1. Inform your hosting provider
The first step is to inform your hosting provider of the hack, as they may have the tools to investigate the hack and/or restore your site. It’s likely you’ll be sharing a server with other customers too, and your host will want to establish if the hack came from a neighboring site, or prevent your neighbors from being affected.
2. Take your site offline
While this is hugely inconvenient for most businesses, it’s incredibly important for damage limitation. If your customers faced losses because you knowingly allowed them to use a compromised site, you could face serious legal, financial, and reputational consequences.
3. Remove any malicious content
Depending on the nature of the attack, your site may have been infected with malware, viruses, or other malicious content. These can be passed on to your visitors and can also be used to attack you again in the future, so take the time to scan for and remove them. Make sure you’re using the most up-to-date version of your antivirus or malware detection software, as older versions may leave you even more vulnerable.
4. Change all passwords
It’s possible that the hackers have obtained your password and/or those of your website users. Err on the safe side by changing all the passwords for your content management system, FTP, databases, and other logins, and issue new, secure passwords to your customers.
5. Scan and clean local computers
All local computers that have been used to access your website will need to be scanned and cleaned. Malware or viruses from your website may have been transferred to the computers, and might then be used to cause disruption in your local network or re-infect your website later on.
6. Verify your site ownership
There’s a good chance your hacked site has been flagged by Google and placed on a blacklist, which will prevent you from appearing in search results. To rectify this, go to Google’s Search Console when your site is backup, verify your site ownership, and submit your site for review.
7. Understand how you were hacked
It’s important to understand how you were hacked so that you can prevent these vulnerabilities from being exploited in the future. The attack might have happened in a number of ways, from sophisticated malware to simple password-guessing.
It can be hard to figure out the source of a hack, but your web developer or host should be able to help. They’ll want to review log files, server data, custom code, and any software extensions you might have used, to give just a few examples, so ensure that these are readily available.
8. Clarify your legal obligations
If your customer or user data has been compromised, then you likely have some legal responsibilities to consider. They could include anything from notifying customers to reimbursing them for losses. Take the time to make sure you’re meeting your legal obligations, whatever they may be, as the implications for your business can be serious.
Prevention is the best cure
Now that your site is back up and running, the most important thing is to prevent future attacks. Fairdinkum’s free Security Audit Checklist will help you to find your weak spots before a hacker does, and our free 4 Ways to Stop Ransomware guide will help you to protect your site from further harm. Contact us now for a free, no-obligation consultation.
Check out our Cyber Security page for more information.