Last updated: July 8, 2022
You detect abnormal activity on your server, a modification of your files, a system slowdown, ads that appear on your site by themselves ... After checking, you are sure, your site is hacked. Here are some rules you need to apply quickly to get your site back, reduce data loss and the risk of having your site hacked again.
My site has been hacked, what can I do?
The first rule: be quick!
An attack is often only a matter of seconds or even minutes. The aim of the hacker is to achieve his ends as quickly as possible.
Take your site offline
Consider taking your site offline immediately to prevent hackers from overusing it and your visitors from getting infected as well. The best is therefore to put it in maintenance and be able to work on your restoration quietly.
Change all your passwords
To prevent our site from continuing to be used by these nasty hackers, you must change all of your passwords. Change the password of your FTP access to a stronger password. Also change the password of each of the administrator accounts of your CMS. Without forgetting to change the password of your server dashboard (provided by your host when you bought your hosting) and your database.
Delete any file on your FTP server
In order to eradicate all corrupt and foreign files, it is recommended to delete all files from its website (by FTP) and then reinstall a clean copy of your site.
Update your CMS and plugins
The hacker has already succeeded hacked your site once, he will succeed again. You need to analyze your host's log file to understand where the flaw is located in order to fix it. You also need to update your CMS and its plugins. An up-to-date site means less risk of piracy.
How can I reduce the risk of my site being hacked?
Stay up to date with the latest updates
If you have installed an application for your site, be sure to use the latest existing version. This particularly concerns applications from third parties and CMS (Content Management System) such as Joomla or WordPress. Check the security information they provide.
Check your site for common vulnerabilities
Avoid having directories with open permissions. Also take a look at the XSS (cross-site scripting), Upload, RFI, and SQL injection vulnerabilities.
Keep an eye on your log files
The log is the logbook of a server. It lists all the requests delivered by the server to the clients. You might be surprised at what you find.
Use secure protocols
SSH and SFTP should be used for data transfer, rather than clear text protocols like Telnet or FTP. SSH and SFTP use encryption and are much more secure.