You Got Hacked, Now What?

Share on facebook
Share on linkedin
Share on twitter
Share on pinterest
Share on stumbleupon
You've got hacked and are stressing about what to do next. Check out 8 possible solutions that can help you get control of your site again.
You Got Hacked, Now What? Feature
Table of Contents

    Let me know if this sounds familiar:

    You're enjoying your day & you're knocking out a ton of things off your plate when you get an email (or text) that your website is looking WTF crazy.

    So you head on over to see what the drama is about and you noticed that your site looks completely out of wack. You try to log in but you can't get access. Your heart starts to race, your mouth goes as dry as the desert, you feel a lump in your throat, your mind is racing as though it's in a marathon, and your imagination begins to join in.

    More than likely, you got hacked (possibly even hijacked) and are now locked out of your website. You've lost everything you worked so hard to pull together — or did you.

    How Did You Get Hacked?

    Let's start this off right and get this out of the way: WordPress is a secured piece of Open-Sources software out the gate.

    It's usually the added themes and plugins that introduce security issues and too many people are not maintaining them hence leaving their websites exposed.

    Unfortunately, it's probably just a matter of time before your website gets ‘jacked & is compromised in some way—if not properly protected & managed. The important thing to do is to implement as much security as you can, be prepared, and know what to do in advance in case your site gets ‘jacked anyway. You've worked so hard to build it, launch it, and keep it going, why slack off with security?

    Your website is not a Set It & Forget It accessory for your business. It needs love and care just like the business itself and the owner running it. Let's get into how you can give it that TLC it demands.

    8 Ways to Repair & Hacker-Proof your WordPress Website

    1) Don't Trip & Flip out – Stress Is Not Your Friend

    If you've prepared your site (and yourself), you have nothing to worry about. You'll be able to repair any damage, and get your site back up and running in no time if you've if things are in place such as backing up your information, backing up your software, backing up your website (files included), and knowing who to call to get help.

    I have tested monitoring solutions such as MalCare so if files are touched it alerts me and automatically repairs the issue. I also monitor and automatically block invasions with services such as Cloudflare and WebArx Security as they not only block usernames they block IPs and countries if a threat is coming from them in mass.

    Most of your well-known sites have services like this in the background and you don't know unless something dramatic happens. For instance, services like Squarespace and Godard handle most of these aspects so when they get hit (and they have their moments) they have protocols on how to handle these attacks. May are the same as the ones I'm covering today.

    2) Notify Your Users, Members, and Visitors

    You want people to know that you were hacked because oftentimes these things spread like wildfire. Talk about a damn headache. Many people know that this is not your fault, and if you're upfront about any information that could have been compromised it gives them a chance to fix any collateral damage that might develop.

    You will get some salty responses but at least you are being transparent. This is particularly true when for those of us collecting visitors' information, cookies, etc. If you are on a service provider (ie. Wix or Squarespace) and they ever get hacked, you should notify your audience and update them on resolutions.

    You want your followers, fans, readers, and community to know what is happening. If you don't have protection in place that automatically makes repairs for you, you would have to do manual repairs. Let your guests know what measurements you've implemented to improve your security. Send out social media postings so they know you are aware of the situation and are actively repairing it.

    If you can gain access to the backend throw up a ‘Maintenance' landing page to block visitors from the issue. Give it a countdown if you know the repairs will be quick.

    3) Contact Your Website Hosting Provider Immediately

    Even though you are going to call someone in to fix the problem, it's important to let your web host know – especially if you share a server. Depending on the situation they may already know but reach out to them either way.

    Others on the server could be affected, and you cannot be sure about how far the damage has spread. Don't rely on them to totally fix your problem, but they will find and remove the code that the hacker has put in. However, you will still need to repair the issues.

    When you are unsure what the issue is or you've ruled out that it is coming from your site directly, check in with your hosting provider. More often than not they are aware and doing repairs – especially if you are on a shared hosting service (which moat websites are).

    4) Shut It Down or Put It On Pause

    Since you have a backup of your site you're safe shutting down your site for now, until you can get things back up and repaired. Better to be down with a message of repairs being completed than to further compromise anyone else. If the issues of your site are too expensive, use your ‘Maintenance' page without a countdown so you're not under added pressure. If you need to hire someone to help you find out the issue. Many times it's an abandoned plugin or a badly coded plugin that left a gaping hole in your security.

    You Got Hacked: Now What

    5) Change All Passwords & Security Keys

    Immediately change every password you use, for every single part of your site, and your business. You have no way of knowing specific types of information they have now that they've hacked your site. Definitely change your FTP password, your WordPress passwords, and anything associated with your website's passwords.

    If you have a store, notify your users of the breach and that you have repaired it, or are in the process. Make sure that sensitive information was not accessed. This should have been secured if you have a store or collect data but double-check that everything is still in place.

    Moreover, do not allow simple passwords to be used on your site and ensure that the security you use blocks major scrapping sites and the such.

    6) Repair All Damaged Files & Code

    If you already have a techie professional that can help you then they're likely already hard at work fixing the damage, using your backups to restore your site to like new. If you don't already have a professional at your fingertips, you need to consider finding one if you're not of the geeky persuasion yourself. It's a great stress reducer to know that someone has your back and can fix things.

    If you are doing this yourself then you can replace the core files of WordPress and delete your .htaccess file in case code was injected there. It's good to change the name of that file so you make it inactive and then copy the code you want into your new .htaccess file.

    Once that is done, delete the old file completely off your server. MalCare helps you isolate corrupted files and it deletes them is you set it up to do so. Also, you can have your hosting provider help you isolate the issue to track down and delete files that have become corrupted.

    7) Change the Passwords Again

    This might seem redundant, but you should be changing your passwords every 30 to 90 days. Don't leave your passwords, no matter how difficult, the same for longer than 90 days. Keeping your passwords updated and changed often will help prevent more issues in the future.

    You can use a password generator and password keeper to store them for you but write then down. You should take every precaution to safeguard your website.

    No More Trash Website

    It's time to take your website from Low Level to the Next Level.
    Click on the image & grab your Checklist!

    8) Install a Firewall and Other Security

    If you use WordPress it's very easy to use a plugin to install a firewall. These plugins will email you when someone is trying to break into your site and lock them out. There are other security plugins that you can get for WordPress that help harden your databases and other files so that it's harder for hackers to break in.

    As I mentioned before, you can use Shield Security, WebArx, MalCare, or any trusted plugin to do the heavy lifting for you. Just ensure that the software is being actively maintained! More than likely you'll be paying for the added safety but better to pay the low-cost upfront than a hefty cleanup bill after the hack has been done.

    The Rundown

    To lessen the pain of being hacked, it's important to be prepared. Continuously back up all your work both onsite (storing on your hosting server) and offsite (download your backups) so that you have the double guarantee to have all your hard work saved to put back up on your new clean server as quickly as possible.

    If you set things up properly your website hosting provider can help you reinstate your website back to its original state before the hack with one click of a button.

    Share the Love

    Share on facebook
    Share on linkedin
    Share on twitter
    Share on pinterest
    Share on stumbleupon
    Charlene "Creative Naturalista" Brown

    Charlene "Creative Naturalista" Brown

    founder. branding consultant. web & logo designer. creator. explorer. book junkie. foodie. road trip adventurist. I love to help dreams come true and turn websites into memorable, effective brands. Here to take on the stresses that web and graphic design can bring.

    Be Part of the Conversation

    There are no reviews yet.

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    About Me


    With 20 years as a full-stack website developer, my mission remains to help Solopreneurs transform clicks into profit by combining the best technology & proven branding strategies to help you launch your website so you can succeed in your business.

    This Branding blog is intended to help you learn the latest trends & figure out which ones work for you!

    Let’s connect with on social media for various exclusives just for those channels.

    Latest Video Promo

    Recent Articles

    Like Us On Facebook

    Become an Insider

    Get The Latest Updates

    Subscribe To Our Monthly Insider Newsletter

    No spam, notifications only about new products, updates.

    Master Your Digital Assets

    Join our Branding Newsletter

    We are not fans of spam, so trust, we will not be on that tip.


    Grab your Checklist today & find out!

    Become VIP

    Register today & get exclusive offers!


    Grab your Checklist today & find out!