Website Hacked — What to Do

Website Hacked — What to Do

Security Malware Troubleshooting

Website Hacked — What to Do

Overview

A hacked contractor website can redirect visitors to spam sites, display injected ads, serve malware to visitors’ devices, or be blacklisted by Google — showing a red warning page before anyone reaches your site. The damage compounds quickly: Google de-indexes the site, hosting providers suspend the account, and the domain develops a spam reputation that takes months to recover. The right response in the first 24 hours determines how much damage is done.

Signs Your Website Has Been Hacked

  • Google search results show spam text under your site’s listing (“Buy cheap pills,” “Casino,” etc.)
  • Visitors report being redirected to unfamiliar sites
  • Google Search Console shows a security issue or manual action notification
  • Browser displays “This site may harm your computer” or “Deceptive site ahead”
  • The hosting provider suspended the account citing malware
  • Unfamiliar admin users appear in WordPress
  • Site content changed or pages were added without your knowledge
  • Sudden drop in traffic with no other explanation

Common Attack Vectors for WordPress Sites

  • outdated plugins or themes with known vulnerabilities
  • compromised admin credentials (weak password, no two-factor authentication)
  • brute force login attack that succeeded
  • malicious code injected via a vulnerable file upload
  • compromised hosting account affecting multiple sites on the server
  • nulled (pirated) themes or plugins containing backdoors

Immediate Steps

  1. Do not panic and do not delete files randomly — this can make recovery harder
  2. Take the site offline or put it in maintenance mode to prevent further visitor exposure
  3. Change all passwords immediately: WordPress admin, hosting control panel, FTP, and database
  4. Notify your hosting provider — they may have server-level logs and can assist with containment
  5. Check Google Search Console for security notifications and the extent of flagged URLs

Cleanup Process

  1. Restore from a clean backup — if a known-clean backup exists from before the compromise, this is the fastest path to a clean site
  2. If no clean backup: scan all files using a malware scanner (Wordfence, Sucuri SiteCheck, or hosting provider tools)
  3. Remove all unfamiliar admin users from WordPress
  4. Delete and reinstall all plugins and themes from official sources — do not reuse existing plugin files
  5. Reinstall WordPress core files
  6. Check wp-config.php and .htaccess for injected code
  7. Scan the database for injected links, iframe embeds, or encoded PHP
  8. Request a Google malware review once the site is clean: Search Console → Security Issues → Request Review

After Cleanup

  • update all plugins, themes, and WordPress core
  • install a security plugin (Wordfence or Solid Security) and run a full scan
  • enable two-factor authentication on all admin accounts
  • set up automated backups stored off-server
  • implement a web application firewall (WAF)

Technical Website Support

A hacked site requires fast, methodical cleanup. If the infection is widespread or the source is not clear, professional remediation avoids reinfection — which is common when cleanup is incomplete.

Is this affecting your website?

TradesAdmin handles the technical side of your website, email, and domain so your business stays visible, reachable, and working the way it should.

Get a Free Website Audit Browse contractor website repair services →