My Website Got Hacked, Now What?

Everyone has gone to a website before and gotten a warning message from Google or another plugin warning that the site they are about to visit has been reported as malicious. If you’re smart, you don’t continue onto the site as you’ll risk getting a virus. But what happens when we find out that it is our site with this problem?

It does happen from time to time and you shouldn’t panic, just get it taken care of. The first thing you will need to do is make sure the computer you access the admin or FTP portions of your website isn’t infected with a virus. You could have a key logger that is simply logging all your keystrokes and if you change your password, it won’t help because they will have the new password.

After ensuring your computer is clean (or by using a trusted computer you know is clean), you need to change the FTP and any control panel passwords for your site. This will keep the hacker from getting back in. Make sure they are alpha-numeric and a symbol and at least 8 characters long. It’s a pain, but security comes first.

After that, login to your site and upload a fresh copy or backup of any infected files to prohibit it from spreading to new users.

That’s all right? We cleaned our site, changed passwords, good to go? No.

You next need to setup Google Webmaster Tools if you haven’t done so already. After doing this you will be able to see the health status of your site and if it was being blocked, it’ll give you reasons why. After making sure you did indeed do everything properly, you can then through the Webmaster Tools, submit your site for review and explain what happened and what you did to fix it.

If you did everything correctly and the site is clean, within a few hours Google will review the site and lift that warning. In most cases something like this may only affect your site for half a day or less if you catch it right away. In severe cases if you don’t have backups of your site, it could ruin months of hard work.