How To Clean A Hacked Website

In a world where data protection has become a key priority for businesses, a hacked website is not only inconvenient but also potentially damaging to your organisation. It means your data might be stolen or compromised, you could be scrutinised for not being GDPR compliant and customers/users might lose faith in the safety of your service. All in all, something you want to avoid.

But unfortunately, cyber criminals are always coming up with new and crafty ways to hack into unsuspecting systems, which makes avoiding a breach almost impossible. Of course, you can (and should) do your best to put strong security systems in place, but this doesn’t always guarantee you won’t become a victim of cyber crime.

If you are unlucky enough to find that your website has been hacked, you’ll want to get it back up and running as soon as possible. But you also don’t want this to come at a huge expense to your business. The good news is, there are a number of steps you can take to uncover the source of the hacking and clean your site for free. Read on to find out how.

Start by scanning your website

The first important step towards cleaning up your website is using a scanner to highlight the problem areas. There are several ways a hacker can get into your system. They might try to get in through the backdoor (the way in which admin access the site), through phishing if they’re trying to access your data, through a Trojan file or by inserting damaging code.

That’s why scanning your website is important. This will give you a better idea of the issues, how the hacker may have accessed your site and where to begin fixing the problem. Doing this doesn’t have to be difficult or costly either, there are a number of free online tools you can use (such as Web-Scanner) to produce a report which reveals any infected code or malware.

Assess the damage

Once you’ve been able to highlight where the problems have come from, you’ll have a better idea of the steps you need to take to clean your website. But more than this, you’ll have a better idea of how to bolster your security systems and protect your site from hackers in the future. Assessing the damage will define the next steps you need to take.

Change your existing passwords

One of the first things you should do after your website has been hacked is to change your passwords. Changing your password can feel inconvenient, particularly when you’ve got to try and come up with something original more than eight characters long, with at least one capital letter, character and number – you end up making passwords you’re never going tor remember! But this slight inconvenience can make all the difference to your website security.

This is because cyber criminals are able to use weak passwords to hack into your systems, so by creating new passwords and making these stronger, you can begin taking positive steps towards cleaning your website and making it secure from future attacks.

Remove malware from your website

It may be the case that your website has been infected with malicious malware, through one of the methods mentioned above. For example through damaging code. If this is the case you need to remove this from your site as quickly as possible. But don’t be fooled, malware can come from legitimate looking sites and files, so it’s a good idea to run a check and find out what’s going on. You can use tools like Google Free Malware Checker to highlight if your site has been affected.

Next, you need to use a service that can remove this harmful malware for you. There are several free services you can use to do this. These usually scan through the website manually to find the problems before being able tor remedy them. Using these tools will remove the infections and get you back on the right track with your website. But before you jump in, it’s a good die to do some research and make sure you find the most comprehensive (but free) malware tool for your site.

Backup your site

Another way to get your site up and running is to do a backup. If you’ve recently done a backup, you might have unaffected versions of your site from before the hacking took place. Restoring a recent back up can regenerate your files and restore your site to its former glory without having to do too much cleaning up.

Update your website

One of the final steps to ensuring your website is clean and ready to be safely used once again, is to update the site, the applications and any plugins you may have. This is important for ensuring it is secure and malware-free. This can feel a bit time consuming, but if you’re going through and doing it manually it’s completely free. It also means your website will be running at maximum efficiency once it’s clean and ready to go.

Check your website hasn’t been blacklisted

The final thing you need to do is to find out if your site has been blacklisted. Search engines like Google are all about protecting their users from dangerous sites. So, while this is great news 99% of the time, it also means that if your website is hacked you could find yourself on their blacklist. If this happens, at the very least your site can appear on Google with a note saying, ‘the site ahead contains malware’. This is of course a huge red flag to those trying to use your website, so you need to address the problem as soon as you can.

Once you’ve removed malware, backed up your website and changed your password you’re already taking positive steps to fix the situation. At this stage you should check if your site has malware or is still infected and request an audit from search engines to try and remove the hacker/malware warning. You can do this using Google Webmaster Tools and your website should be reviewed within 24 hours.