Skip to main content
Website Hacked — What to Do
Security Malware Troubleshooting

Website Hacked — What to Do

Overview

A hacked contractor website can redirect visitors to spam sites, display injected ads, serve malware to visitors’ devices, or be blacklisted by Google — showing a red warning page before anyone reaches your site. The damage compounds quickly: Google de-indexes the site, hosting providers suspend the account, and the domain develops a spam reputation that takes months to recover. The right response in the first 24 hours determines how much damage is done.

Signs Your Website Has Been Hacked

  • Google search results show spam text under your site’s listing (“Buy cheap pills,” “Casino,” etc.)
  • Visitors report being redirected to unfamiliar sites
  • Google Search Console shows a security issue or manual action notification
  • Browser displays “This site may harm your computer” or “Deceptive site ahead”
  • The hosting provider suspended the account citing malware
  • Unfamiliar admin users appear in WordPress
  • Site content changed or pages were added without your knowledge
  • Sudden drop in traffic with no other explanation

Common Attack Vectors for WordPress Sites

  • outdated plugins or themes with known vulnerabilities
  • compromised admin credentials (weak password, no two-factor authentication)
  • brute force login attack that succeeded
  • malicious code injected via a vulnerable file upload
  • compromised hosting account affecting multiple sites on the server
  • nulled (pirated) themes or plugins containing backdoors

Immediate Steps

  1. Do not panic and do not delete files randomly — this can make recovery harder
  2. Take the site offline or put it in maintenance mode to prevent further visitor exposure
  3. Change all passwords immediately: WordPress admin, hosting control panel, FTP, and database
  4. Notify your hosting provider — they may have server-level logs and can assist with containment
  5. Check Google Search Console for security notifications and the extent of flagged URLs

Cleanup Process

  1. Restore from a clean backup — if a known-clean backup exists from before the compromise, this is the fastest path to a clean site
  2. If no clean backup: scan all files using a malware scanner (Wordfence, Sucuri SiteCheck, or hosting provider tools)
  3. Remove all unfamiliar admin users from WordPress
  4. Delete and reinstall all plugins and themes from official sources — do not reuse existing plugin files
  5. Reinstall WordPress core files
  6. Check wp-config.php and .htaccess for injected code
  7. Scan the database for injected links, iframe embeds, or encoded PHP
  8. Request a Google malware review once the site is clean: Search Console → Security Issues → Request Review

After Cleanup

  • update all plugins, themes, and WordPress core
  • install a security plugin (Wordfence or Solid Security) and run a full scan
  • enable two-factor authentication on all admin accounts
  • set up automated backups stored off-server
  • implement a web application firewall (WAF)

Technical Website Support

A hacked site requires fast, methodical cleanup. If the infection is widespread or the source is not clear, professional remediation avoids reinfection — which is common when cleanup is incomplete.