A Guide For The Non IT-Savvy: What To Do If Your Website Is Hacked

This post is designed to be a simple-to-follow guide for non-IT-savvy business owners or website managers who are not sure what they should do when your website gets hacked (or if you suspect so).

I will start off by giving you an overview of the common types of hacking and what it does to your website, and then dive into the solutions available for you to get your website fixed. Let’s begin!

Types of Hacking

Generally speaking, there are three types of hacking that happens to most websites.

1) Website Is Infected With Malware

This is the most common type of hacking and Google will block visitors from entering your website via Google’s search results.

If you are using Google Chrome, you will also see a warning message that looks like this:

Website displaying warnings if visitors use google chrome browser.

The thing is, you will not know that your website has been infected if you don’t use Google Chrome as your browser (or check your website on Google every day).

I would strongly suggest that you register your website with Google Search Console if you haven’t, so that you will automatically notified in the event that your website gets infected.

2) Website Is Redirecting Visitors To Another Site

Another type of hacking is redirecting, which means that when people try to visit your website, they are brought to a different (often unrelated) third party site.

Such hacking is done by people who use illegitimate means to get more traffic and exposure for their own websites.

Sometimes this only happens on mobile devices and it can be hard to detect. But the good thing is, this error is still easier to fix as compared to the next type of hacking…

3) Website Is Not Loading Or Showing Messages / Images From Hackers

This type of hacking is much more serious than the above two because it means that your entire website has been compromised.

In this cases, unfortunately there is nothing much you can do apart from contacting your web hosting provider for help. Let’s cover this in more detail in the next section on solutions.

When you will see a ‘Hacked’ message in your website, contact your hosting company immediately!

Solutions

We have specially written this as a guide for non-IT-savvy folks, so not to worry, you will not need to mess around with the technicalities of your cPanel or database to get your website fixed.

Instead, the key here is to leverage the experts to help you to clean up your website.

There are two important parties that you’ll be working with – they are your web hosting provider and third party web security experts.

1) Contact Your Web Hosting Provider

In the first instance that you discover that your website has been hacked (or suspect so), the first party that you can contact for assistance is your web hosting provider.

Point to note – most web hosting companies will not fix your website errors for free, so what I’d suggest is that you can first ask them to restore your website using the latest backup copy that they have, and then check if the error persists.

If the issue still persists, you can try to send them your own website backup files (if you have) and get them to recover your site again. (If you have been making an effort to backup your website at least once every month prior to the hacking, then this can be your life saver during such times of emergency!)

In the worst case scenario where your web hosting company’s latest backup is infected and you also do not have your own backup copy of your website, your web hosting provider may offer to help you to clean your website for a service fee. In such a case, I’d recommend you to consider the next solution instead, which is to engage a third party security expert to clean your website for you.

IMPORTANT REMINDER: Please note that not all hosting companies provide support for their customers. For instance, platforms like Amazon Web Services (AWS) only provides you with the server space and the rest of the work falls on your own shoulder. Even when your website is hacked, platforms like AWS will not be able to offer you any help. So if you do not have the in-house expertise to manage the server on your own, I’d strongly encourage you to go with proper web hosting companies because they will be able to provide you with the necessary web hosting support in times of need.

2) Get A Third Party Security Expert To Clean Up Your Website

The reason why I’d recommend you to engage a third party expert is simple – because fixing and securing websites is their expertise and it is also more cost-efficient for you in the long run.

One reliable web security company that you can consider is Sucuri. Sucuri provides professional services to help fix websites that have been hacked or blacklisted by search engines or anti-virus software.

After your site has been cleaned and restored, they continue to provide day-to-day protection for your website so you can have the assurance that your site is secured and the chances of it getting hacked again are minimized.

Some major web hosting companies may charge as high as US$600+ to fix your website that has been hacked, but you will most probably be able to get help from a web security expert for a lower fee. So if your web hosting company is unable to help you to fix your website free of charge, then Sucuri will be your next best affordable solution.

After Your Website Has Been Fixed, Do This

After your website is finally up and running, your work is still not done yet because you don’t know what will happen to your website down the road!

Do yourself a favor by making it a habit from now on to perform the following three simple actions so that you will be better prepared in the event of future emergencies.

Also, if you find that your current web hosting company provides you with very little help when your website is hacked, I’d highly suggest you to switch to another web hosting company, and then follow the pointers below.

1) Backup Your Website Daily!

If you are using WordPress, there are free plugins like Updraftplus that can help you to perform automated daily backups.

These backups will be extremely useful should anything happen to your website in future.

2) Scan Your Website For Virus And Malware Every Day

There are several online website scanners that you can use to scan your website every day for viruses and malware.

At the very minimum, do register your website with Google Search Console so that you will be notified by Google when things go wrong with your website.

3) Update Your Content Management System (CMS) To The Latest Version

No matter what CMS you use (WordPress, Joomla, etc), always make it a point to update it to the latest version whenever a new one is released.

Doing so will prevent and also lower the chances of your website being hacked because the latest software version will help to patch existing security loopholes in your website.

By doing the above three things, you are helping to keep your website in good working condition and even if it is hacked (which I hope not), you still have the latest backup to fall back on without having to spend money to fix it.

I hope that you find this short guide useful! If you have any questions, please feel free to contact us and we’ll be happy to help!