“This site may be hacked” is a phrase you never want to hear or read, especially not in connection with your website. Sadly, however, it happens every day and it happens to businesses of all sizes. Never think that you are too small or too big to be a target.
How To Fix "This Site May Be Hacked" Warning Message
Hearing “This site may be hacked” can be a gut-wrenching moment. The key to dealing with it is to focus on the facts rather than on your emotions. Your first course of action is to determine whether or not your site has actually been hacked or whether any damage has been caused by an internal error. If your site has been hacked, then you need to take control of the situation. Here is a quick guide to help.
Take your site offline
In the old days, this meant literally. These days, many of the tools you’ll need to fix your site will be cloud-based. This means that your site does have to stay online, but you should block it to all visitors except when they have specific authorization.
Contact your host
Assuming it wasn’t your host who sent you the message saying “this site may be hacked”, you need to get in touch with them. Leaving aside the fact that it’s polite, it may prevent them from suspending your account and it may even get you some help. Your host is unlikely to do your problem-solving for you (and if they do there will be a charge for their service). They are, however, very likely to be able to give you useful information on the problem. They may also be able to point you in the direction of third-party vendors who could be able to help.
Check-in with legal and communications
You may have legal/regulatory obligations. If you do, you need to make sure to follow them to the letter. It would be rather ironic if you were to be the victim of a hacking attack and find yourself on the wrong side of the law because of it.
Even assuming that you’ve no legal/regulatory obligations (or that they’re in hand), you need to think about your communication strategy. You would need to be exceptionally lucky to be able to hide the fact that your website has been hacked. You can, however, put yourself in the driving seat of any communications related to the attack.
Pro-tip, you should always do your best to make yourself more hassle than you’re worth to hackers. At the same time, however, you also need to be realistic about the prospect of it happening. It’s, therefore, a good idea to think about the administrative and reputational-management aspects of hacking before an attack happens, so you have some kind of plan-of-action already in place.
Perform an anti-malware scan
If there’s been a hacking attack on your website, then there’s a very high likelihood that the attackers will have left malware behind and you need to remove it.
Back up everything
Hopefully, you will already have your website well and truly backed up in any case, but take an extra back up anyway, just to be on the safe side. In particular, make sure that you back up any custom software (e.g. themes, plugins, apps) and content as you are unlikely just to be able to go out and rebuy them.
Decide whether to clean up your site or reinstall it
An anti-malware scanner will deal with any recognizable malware. It will not, however, be able to deal with any malicious code which has been created specifically for your site. That’s unfortunate because any halfway-competent hacker will be guaranteed to use malicious code to create “back doors” which they can use as they please.
This means that you have two options. You either clean up your website by hand (or have someone else do it for you) or you reinstall it. Your decision essentially rests on whether the greater inconvenience is losing your customizations or doing the work of clearing up the website (or paying someone else to do it). If it’s the former, then you should at least try a cleanup. If it’s the latter then a fresh install makes sense.
Check your administrator accounts
If you do decide to clean up your website, then you should always finish your clean up by checking your administrator accounts. Delete any you do not immediately recognize (you can always recreate them if need be). Have all your (remaining) administrators change their passwords. If they are not there, downgrade their accounts until they are back.
Please click here now to have your website scanned, for free, by cWatch from Comodo.