We use cookies

We use cookies to ensure that the website functions properly, to monitor and optimize the user experience on our websites and for marketing and social media purposes.

Adjust preferences
Go back

Adjust preferences

You can choose which cookies you want to enable. Analytical cookies help us to analyze and improve the use of the website. Statistical cookies collect anonymized data to track trends and performance.

Necessary cookies (always active)
Analytical cookies
Marketing cookies
Skip to content

My website has been hacked, now what?

Back to web hosting

Introduction:
Once your website has been hacked, of course you want it to be back in a good state as soon as possible.
This guide is mainly about Wordpress websites.

Restoring a backup?
Restoring a backup makes little sense in very many cases.
It may help to get your website back, but there is a very high chance that the file that was abused is still there.
As a result, your website will be hacked again in a matter of days.

Blocking:
If your website has been hacked for a long time, at some point the website will also send spam mails.
As soon as we notice this we will block the hosting immediately, to safeguard our mail server ip address reputation.
We will then contact you and inform you that the account has been blocked.
We will then discuss with the customer when we can unblock the hosting again.
It is very important here that action is taken quickly and not left for a few days, otherwise the abuse will happen again, with all the consequences. In some cases we place a: "deny from all, allow from <ip>" in the htaccess, with this only your website is offline and not the email, while with a total block on the hosting you will not be able to receive email either. In the .htaccess you can put your own ip address in the allow from, this way you can access the website and check it quietly, while others cannot use the website. Are you done adjusting and do you think the website is clean again? Please send an email to support@oxxa.com so we can release your account. After the problem is solved it is advisable to keep a close eye on it.


Tips to solve a hacked website:

- Delete dangerous files
Login to the FTP, see if you see any strange files.
Hacked files are often generic and deviate from a normal file name.
For example, with Wordpress you can download and compare the files from their site, are there any files on there that don't belong? Then take a look at the contents of the file. A hacked file often contains 1 long line and encrypted content, often they use php eval or base64_encode.
If the file indeed contains encrypted characters, delete this file from the server.
Replacing your files with the original files can be useful when wordpress files have also been modified, but does not help eliminate the cause.
To find the cause, you need to look further. Which file created the hacked file. It is important to investigate this carefully, you can for example look in the wp-content/plugins if there is a plugin that has been hacked, or in the wp-content/uploads/year/month/etc where Wordpress puts your photos. There should be no .php files in here, if there are, you should delete this file as well.

- Protecting your website
Use a security plugin such as wordfence or another plugin.

Also see the article: how do I protect my website from hackers and abuse to protect your website.

Back to web hosting

Related articles