Discovering that your website has been hacked can be a horrible feeling. How did this happen? Why me? What do I do now?

Here is our list to help walk you through what to do next.

  1. Take a deep breath. Stay calm. Don’t do anything rash.
  2. Next clean up your computer you do all your work from as quite often this is how the hacker may have gotten information on how to log into your website. Run anti-virus and update everything.
  3. Next, log into your hosting account and check with them to see what’s going on. Send them a support message asking if they can trace what happened and what caused it.
  4. Change all of your backend passwords (FTP/SFTP/MySQL) and the passwords for everyone who has access to your site.
  5. Ideally, you’ve recently backed up your site (here is a great way to do that) and can walk through a simple restoration tutorial, like this one. If that is not the case, then now would be the time to begin backing everything up.
  6. Close any backdoors the hacker may have left and secure your wp-config.php file.
  7. Update all of your WordPress, themes and plugins.
  8. Change your passwords again, just to be safe.
  9. Consider a premium security solution such as managed WordPress hosting and/or Sucuri. ManageWP is another good option for those who would like to keep their shared hosting, but want some added security and support.
  10. Finally, be sure to follow all applicable WordPress security best practices in the future.