facebook You Got Hacked, Now What to Do? | Bklyn Custom Designs™

Register for the Empower+Scale™ Evergreen Intensive

Reclaim Control & Launch Your Evergreen Powerhouse!

You Got Hacked, Now What to Do?

updated 2022-07-01
You’ve got hacked and are stressing about what to do next. Check out 8 possible solutions that can help you get control of your site again.
Share Post:

Table of Contents

Let me know if this sounds familiar:

You're enjoying your day & you're knocking out a ton of things off your plate when you get an email (or text) that your website is looking WTF crazy.

You head on over to see what the drama is about and you notice that your site looks completely out of wack. You try to log in but you can't get access. Your heart starts to race, your mouth goes as dry as the desert, you feel a lump in your throat, your mind is racing as though it's in a marathon, and your imagination begins to join in.

More than likely, you got hacked (possibly even hijacked) and are now locked out of your website. You've lost everything you worked so hard to pull together — or did you.

How Do You Know If You Got Hacked?

Let's start this off right and get this out of the way: WordPress is a secured piece of Open-Source software out the gate.

It's usually the added themes and plugins that introduce security issues and too many people are not maintaining them hence leaving their websites exposed.

You got hacked, now what to do? This article by Charlene Brown of Bklyn Custom Designs will get you the answers you need.

Unfortunately, it's probably just a matter of time before your website gets ‘jacked & is compromised in some way—if not properly protected & managed. The important thing to do is to implement as much security as you can, be prepared, and know what to do in advance in case your site gets ‘jacked anyway. You've worked so hard to build it, launch it, and keep it going, why slack off with security?

Your website is not a Set It & Forget It accessory for your business. It needs love and care just like the business itself and the owner running it. Let's get into how you can give it that TLC it demands.

8 Ways to Repair & Hacker-Proof your WordPress Website

1) Don't Trip & Flip out – Stress Is Not Your Friend

If you've prepared your site (and yourself), you have nothing to worry about. Once you find out that you got hacked, it's time to go into repair mode. You'll be able to repair any damage, and get your site back up and running in no time if you find things are in place such as backing up your information, backing up your software, backing up your website (files included), and knowing who to call to get help.

I have tested monitoring solutions such as MalCare so if files are touched it alerts me and automatically repairs the issue. I also monitor and automatically block invasions with services such as Cloudflare and WebArx Security as they not only block usernames but they block IPs and countries if a threat is coming from them in mass.

Most of your well-known sites have services like this in the background, and you don't know unless something dramatic happens. For instance, services like Squarespace and GoDaddy handle most of these aspects so when they get hit (and they have their moments) they have protocols on how to handle these attacks. Many are the same as the ones I'm covering today.

2) Notify Your Users, Members, and Visitors

You want people to know that you got hacked because oftentimes these things spread like wildfire. Talk about a damn headache. Many people know that this is not your fault, and if you're upfront about any information that could have been compromised it gives them a chance to fix any collateral damage that might develop.

You will get some salty responses but at least you are being transparent. This is particularly true when for those of us collecting visitors' information, cookies, etc. If you are on a service provider (ie. Wix or Squarespace) and they ever get hacked, you should notify your audience and update them on resolutions.

You want your followers, fans, readers, and community to know what is happening. If you don't have protection in place that automatically makes repairs for you, you would have to do manual repairs. Let your guests know what measurements you've implemented to improve your security. Send out social media postings so they know you are aware of the situation and are actively repairing it.

If you can gain access to the backend throw up a ‘Maintenance' landing page to block visitors from the issue. Give it a countdown if you know the repairs will be quick.

3) Contact Your Website Hosting Provider Immediately

Even though you are going to call someone in to fix the problem, it's important to let your web host know that you got hacked – especially if you share a server. Depending on the situation, they may already know but reach out to them either way.

Others on the server could be affected, and you cannot be sure about how far the damage has spread. Don't rely on them to totally fix your problem, but they will find and remove the code that the hacker has put in. However, you will still need to repair the issues.

When you are unsure what the issue is or you've ruled out that it is coming from your site directly, check in with your hosting provider. More often than not they are aware and doing repairs – especially if you are on a shared hosting service (which moat websites are).

4) Shut It Down or Put It On Pause

Since you have a backup of your site you're safe shutting down your site for now, until you can get things back up and repaired. Better to be down with a message of repairs being completed than to further compromise anyone else. If the issues of your site are too expensive, use your ‘Maintenance' page without a countdown so you're not under added pressure. If you need to hire someone to help you find out the issue. Many times it's an abandoned plugin or a badly coded plugin that left a gaping hole in your security.

5) Change All Passwords & Security Keys

Immediately change every password you use, for every single part of your site, and your business. You have no way of knowing specific types of information they have now that they've hacked your site. Definitely change your FTP password, your WordPress passwords, and anything associated with your website's passwords.

If you have a store, notify your users of the breach and that you have repaired it, or are in the process. Make sure that sensitive information was not accessed. This should have been secured if you have a store or collect data but double-check that everything is still in place.

Moreover, do not allow simple passwords to be used on your site and ensure that the security you use blocks major scrapping sites and the such.

6) Repair All Damaged Files & Code

If you already have a techie professional that can help you then they're likely already hard at work fixing the damage, using your backups to restore your site to like new. If you don't already have a professional at your fingertips, you need to consider finding one if you're not of the geeky persuasion yourself. It's a great stress reducer to know that someone has your back and can fix things.

If you are doing this yourself then you can replace the core files of WordPress and delete your .htaccess file in case code was injected there. It's good to change the name of that file so you make it inactive and then copy the code you want into your new .htaccess file.

Once that is done, delete the old file completely off your server. MalCare helps you isolate corrupted files and it deletes them if you set it up to do so. Also, you can have your hosting provider help you isolate the issue to track down and delete files that have become corrupted to help prevent the chance that you find out you got hacked again.

7) Change the Passwords Again

This might seem redundant, but you should be changing your passwords every 30 to 90 days. Don't leave your passwords, no matter how difficult, the same for longer than 90 days. Keeping your passwords updated and changed often will help prevent more issues in the future.

You can use a password generator and password keeper to store them for you but write then down. You should take every precaution to safeguard your website.

8) Install a Firewall and Other Security

If you use WordPress it's very easy to use a plugin to install a firewall. These plugins will email you when someone is trying to break into your site and lock them out. There are other security plugins that you can get for WordPress that help harden your databases and other files so that it's harder for hackers to break in.

As I mentioned before, you can use Shield Security, WebArx, MalCare, or any trusted plugin to do the heavy lifting for you. Just ensure that the software is being actively maintained! More than likely you'll be paying for the added safety but better to pay the low-cost upfront than a hefty cleanup bill after the hack has been done.

The Rundown

To lessen the pain of being hacked, it's important to be prepared. Continuously back up all your work both onsite (storing on your hosting server) and offsite (download your backups) so that you have the double guarantee to have all your hard work saved to put back up on your new clean server as quickly as possible.

If you set things up properly your website hosting provider can help you reinstate your website back to its original state before the hack with one click of a button.

Referrals & Affiliates Disclaimer

Bklyn Custom Designs is a professional strategy & website architect site that may receive compensation from some companies whose products and services we use, review, test, and recommend. We test each product and service thoroughly and give true reviews and recommendations based on those results. High marks are given to those who deserve them and cannot be bought. We are independently owned and the opinions expressed here are our own. Our participation in referral & affiliate programs allows us to receive a small compensation to support bklyncustomdesigns.com. Thank you for your continued belief in & support of us.

Leave a Comment

Your email address will not be published. Required fields are marked *

welcome y'all!
search our universe
the brand misfit™
Charlene Brown,
The Brand Misfit™ here!
Through my A.M.P. Your Strategy Method™ my clients walk away with brand & site clarity for intentional direction so they take immediate action.
Quick Stats:

• 2+ decades in Tech Life
• 2 decades with WordPress
• MBA in IT Org
• PhD Candidate in Tech Mgmt & Implementation
• Best-selling author
• Agile-Ready

stay connected
Join The Inbox Convos
latest drops
Grab Your Swag
Join on Meta
Follow our podcast

Get Discount Info

Subscribe to the The Inbox Convos™ Newsletter to receive updates on new arrivals in The Anti-Struggle Life™ Store, special offers, and other website strategy & brand info.

Yo, can't copy the content of this site.


Register for the Intensive Now

Booked-out & exhausted with 1:1 sessions?

Take back your time & learn how to create evergreen opportunities with your website!

Skip to content