My website has been hacked, what should I do?
Discovering that your website has been hacked can be both alarming and overwhelming. However, by following the right steps, you can quickly resolve the issue and secure your site.
Identify Modified Files
Log in to cPanel and open the File Manager.
Navigate to the public_html directory (or the directory where your website files are stored).
Check for files with unexpected modification dates or unfamiliar file names. These may indicate unauthorised changes or added malicious files.
Restore From a Clean Backup
All accounts include Acronis backups, making it easy to restore your website to a previous state. Follow these steps:
Log in to cPanel and access the Acronis under the files section.
Select a backup from a date before the hack occurred.
Restore the public_html folder, which should replace compromised files with clean versions.
Once the restoration is complete, test your website to ensure it is functioning correctly and that no malicious content remains.
If issues persist, try restoring from an earlier backup point to ensure no malicious files are left behind.
For detailed instructions, refer to our guide: How do I restore my website using Acronis?
Secure Your Website
After restoring your website, take the following steps to secure it and prevent future incidents:
Update all software, plugins and themes to their latest versions. Hackers often exploit vulnerabilities in outdated scripts.
Change your cPanel password to a strong, unique password, especially if there’s any suspicion it may have been compromised.
Review files: Check the public_html directory for any remaining malicious files or unfamiliar code that could serve as an entry point for future attacks.
If you need help investigating or resolving the issue, reach out to our support team for assistance.
While Imunify360 stops most hacking attempts by blocking malicious traffic and securing vulnerable scripts, hackers can exploit a newly discovered or uncommon vulnerability in a plugin, theme, or CMS (Content Management System). Common reasons for website compromises include:
Outdated software or scripts: Using an outdated CMS, plugins, or themes leaves your website vulnerable to known security exploits.
Untrusted plugins or themes: Free plugins or themes downloaded from unreliable sources often contain malware or malicious code.
Phishing attacks: Stolen cPanel credentials, often obtained through phishing emails or fraudulent websites, can allow attackers to gain full access to your hosting account and files.
Follow these best practices to secure your website:
Keep everything updated: Always update your CMS, plugins, and themes to the latest versions. Updates often include critical security fixes.
Use trusted sources: Only download plugins and themes from reputable vendors or official marketplaces. Avoid free themes or plugins from unverified websites.
Limit plugins: Use only necessary plugins to minimise potential vulnerabilities.
Secure your credentials: Use strong, unique passwords for cPanel, the CMS admin area, and database access. Enable two-factor authentication (2FA) where available.
By maintaining good security practices, you can significantly reduce the risk of your website being hacked.
If you’re unable to resolve the issue or need help restoring your website, contact our support team or email us at helpdesk@elitehost.co.za.
Steps to recover and secure your website:
Identify Modified Files
Log in to cPanel and open the File Manager.
Navigate to the public_html directory (or the directory where your website files are stored).
Check for files with unexpected modification dates or unfamiliar file names. These may indicate unauthorised changes or added malicious files.
Restore From a Clean Backup
All accounts include Acronis backups, making it easy to restore your website to a previous state. Follow these steps:
Log in to cPanel and access the Acronis under the files section.
Select a backup from a date before the hack occurred.
Restore the public_html folder, which should replace compromised files with clean versions.
Once the restoration is complete, test your website to ensure it is functioning correctly and that no malicious content remains.
If issues persist, try restoring from an earlier backup point to ensure no malicious files are left behind.
For detailed instructions, refer to our guide: How do I restore my website using Acronis?
Secure Your Website
After restoring your website, take the following steps to secure it and prevent future incidents:
Update all software, plugins and themes to their latest versions. Hackers often exploit vulnerabilities in outdated scripts.
Change your cPanel password to a strong, unique password, especially if there’s any suspicion it may have been compromised.
Review files: Check the public_html directory for any remaining malicious files or unfamiliar code that could serve as an entry point for future attacks.
If you need help investigating or resolving the issue, reach out to our support team for assistance.
Why was I hacked?
While Imunify360 stops most hacking attempts by blocking malicious traffic and securing vulnerable scripts, hackers can exploit a newly discovered or uncommon vulnerability in a plugin, theme, or CMS (Content Management System). Common reasons for website compromises include:
Outdated software or scripts: Using an outdated CMS, plugins, or themes leaves your website vulnerable to known security exploits.
Untrusted plugins or themes: Free plugins or themes downloaded from unreliable sources often contain malware or malicious code.
Phishing attacks: Stolen cPanel credentials, often obtained through phishing emails or fraudulent websites, can allow attackers to gain full access to your hosting account and files.
How can I prevent this in the future?
Follow these best practices to secure your website:
Keep everything updated: Always update your CMS, plugins, and themes to the latest versions. Updates often include critical security fixes.
Use trusted sources: Only download plugins and themes from reputable vendors or official marketplaces. Avoid free themes or plugins from unverified websites.
Limit plugins: Use only necessary plugins to minimise potential vulnerabilities.
Secure your credentials: Use strong, unique passwords for cPanel, the CMS admin area, and database access. Enable two-factor authentication (2FA) where available.
By maintaining good security practices, you can significantly reduce the risk of your website being hacked.
Need assistance?
If you’re unable to resolve the issue or need help restoring your website, contact our support team or email us at helpdesk@elitehost.co.za.
Updated on: 23/11/2024
Thank you!