Get a free application, infrastructure and malware scan report - Scan Your Website Now

Subscribe to our Newsletter
Try AppTrana WAAP (WAF)

How to Fix A Hacked Website?

Posted DateMay 14, 2020
Posted Time 5   min Read

Is your business Web site enabling hackers to distribute malware and orchestrate data breaches/ cyber-attacks? Data suggests that every day on an average 30,000 websites are found to be distributing malware. The majority of these websites are hacked by exploiting unprotected vulnerabilities and then used to distribute malware.

For any business owner, it is important to have a managed, intelligent, and comprehensive web application security solution in place to prevent becoming part of the malware distribution chain. However, it is equally important to know what step to take if your website is hacked. This article will give you an in-depth understanding of the same.

Signs that Your Website is Hacked

  • Homepage/ content is modified or vandalized
  • Web traffic is redirected to a sketchy pharmaceutical/ banned/ illegal/ adult website.
  • You are locked out of your website/ your login credentials do not work/ your account does not exist.
  • The site is displaying ads for counterfeit/ illegal products. This could be further infecting your site user’s computers.
  • A sudden drop in speed and performance for no apparent reason may be caused by a hack.
  • Google, Norton or any other Web site reputation engines have flagged or blacklisted your web site
  • Google Analytics is showing you ranking for random/ unrelated keywords.

Signs That Your Website is Hacked

Is Your Website Hacked? Here Are the Steps to Fix and Secure It

1. Identifying the Attack and Determining Causes

1.1. A Thorough Website Security Check

Conduct a thorough website security check using an intelligent, remote scanning tool like Indusface Web Scanner to unearth warning messages, malicious payload, malware location (if any), blacklist warnings, and other security issues in your website. Scanning must include all databases, third-party components, website files and folders, software, plugins, legacy parts, server configurations, access control, CMS, etc. If the scanning tool doesn’t find any malware, conduct manual reviews of Scripts, iFrame, and links for suspicious activity. Also, check for cross-site contamination, if your website is hosted along with multiple others on the same server.

1.2. Check for recent modifications to files

Examine your files, including core files, to unearth recent modifications (7-30 days) that are suspicious or unfamiliar.

1.3. Assess Security Status using diagnostic tools

If your website has been quarantined/ flagged/ blacklisted by Google, other web browsers or web application security authorities, you must use their diagnostic tools (Google Console, Bing Webmaster Tools, etc.) to understand why and assess your security status.

Note: If you are an e-commerce website, you need to follow the requirements of PCI-DSS Requirement 12.10 and accordingly, implement your incidence plan.

Identifying Attacks And Determining Causes

2. Cleaning the Hacked Website

Having obtained insights on where malware is located on your hacked website, you need to clean up, remove malware, and restore normal operation.

A word of caution: Cleaning a hacked website involves some complicated and technical steps. If you are unsure, it is best to enlist professional help to get your website cleaned and fixed after a hacking incident.

2.1. Stop malicious process

If there are malicious processes that are still running, the clean-up will be wasted and the malware will wreak havoc on your website once again.

2.2. Remove hacked website files

Using the insights from step 1, you can replace modified and suspicious files, malicious payload, etc. with new ones or ones that are backed (if not infected by the hacking incident). You also manually go through all files on your website and remove any that you did not put there or if it looks suspicious. Exercise extreme caution in conducting manual cleaning as it can further erode the health of your website.

2.3. Clean and restore hacked databases using insights from step 1

2.4. Remove hidden backdoors

Hackers always ensure that they have a way to get back into your website and will create several backdoors. Further, they use encode to ensure that these backdoors are not detected. It is critical that you close all backdoors to prevent reinfection of your website.

2.5. Secure user accounts

If there are suspicious or unfamiliar user accounts, remove them.

2.6. Remove malware warning

Request a review from your hosting company/ Google/ web security authority that blocked/ flagged your website. This is to ensure that your security issues have been fixed.

Clean The Hacked Website

3. Securing the Website from Hackers

Fixing a hacked website does not stop with cleaning it and restoring files/ databases from backup; the most crucial third step is to ensure that your website is not hacked in the future.

3.1. Update and Reset configuration settings and permissions

  • Update all software, CMS, themes, plugins, etc. to ensure that no critical security patches are missed
  • Ensure that there is only one admin account. Additionally, assign least privileges to other user roles
  • Change all passwords to access points.
  • Reinstall all plugins and extensions so that they do not have any residual malware.
  • Remove deactivated plugins from your server.

3.2. Create a robust backup strategy and set backups

Good backup strategy = Good security posture. Creating regular and secure backups is critical for quick and secure recovery from a hacking incident.

3.3. Scan all systems for malware

Any residual malware in your computers/ systems can easily re-infect your website. So, comprehensively scan your computers for malware.

3.4. Strengthen your Web Application Security measures

If you do not already have a comprehensive, managed security solution like AppTrana, make sure you onboard one to fortify web application security. The solution must include

  • an intelligent, automated scanner for regular and on-demand scanning.
  • a comprehensive, customizable, and intuitive Web Application Firewall that shields your website from malicious actors.
  • the expertise of certified security professionals.

Securing The Website from Hackers


Having your Web site flagged as “malicious” by reputation engines like Google can cause serious damage to your business. The process of recovering from being hacked is effort-intensive and costly. You need to be proactive about web application security regardless of the size and nature of your business to avoid the negative impact of getting hacked. Hackers find vulnerabilities in websites and exploit them. That’s why one must adopt a proactive approach to continuously assess the risk and mitigate them in a timely manner.

web application security banner

Spread the love

Join 47000+ Security Leaders

Get weekly tips on blocking ransomware, DDoS and bot attacks and Zero-day threats.

We're committed to your privacy. indusface uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.

Related Posts

Fastly Alternatives
Top 5 Fastly WAF Alternatives in 2023

Understand the pros and cons of Fastly WAF and the top 5 Fastly alternatives, including AppTrana, Cloudflare, Imperva, AWS WAF, and Akamai.

Spread the love

Read More
How a WAF Works?
How Does a WAF Work?

WAF is the first line of defense between the app and the internet traffic. Here are the 8 ways that WAF uses to block malicious attacks.

Spread the love

Read More
Choosing a WAF
Six Key Considerations When Deploying a Web Application Firewall 

Looking for a web application firewall? Consider these six key consideration to make an informed choice for your web security needs.

Spread the love

Read More


Fully Managed SaaS-Based Web Application Security Solution

Get free access to Integrated Application Scanner, Web Application Firewall, DDoS & Bot Mitigation, and CDN for 14 days

Know More Take Free Trial


Indusface is the only cloud WAAP (WAF) vendor with 100% Customer Recommendation for 3 consecutive years.

A Customers’ Choice for 2022 and 2023 - Gartner® Peer Insights™

The reviews and ratings are in!