Loading...
Media Giant Hosting
News:
Thank you for choosing WHMCS!
0
Register Account
Media Giant Hosting
ExtendReduce
Home Shared Hosting Managed WordPress Hosting Support Blog
Client Login

Knowledgebase

Categories
Support
What to Do If Your Website Gets Hacked
Print

What to Do If Your Website Gets Hacked

So, your website got hacked. Sucks, right? But don’t panic—we’ve seen it all before, and we know exactly how to get you back up and running. Here’s your battle plan to reclaim your site and lock it down so it doesn’t happen again.

Step 1: Stay Calm & Assess the Damage

First things first—breathe. Your site isn’t necessarily lost forever. Here’s what to look for:

  • Is your website redirecting to sketchy sites?

  • Are there strange pop-ups, ads, or spammy links?

  • Is Google warning visitors that your site is unsafe?

  • Has your login stopped working?

  • Did you get an email from us about malware?

If you see any of the above, yeah, it’s bad—but fixable.

Step 2: Take Your Site Offline

The last thing you want is for visitors (or Google) to keep interacting with a hacked site. Here’s how to shut it down temporarily:

  • Shared Hosting Customers: Use FTP to rename your index.php or index.html file to something else (like index-old.php). This will effectively take your site offline while you clean up.

  • Managed WordPress Hosting Customers: Enable maintenance mode using WordPress Toolkit in our control panel. This will display a maintenance message while keeping your backend accessible.

This prevents further damage while you clean things up.

Step 3: Scan for Malware & Suspicious Files

At Media Giant Hosting, we run ImunifyAV behind the scenes to detect malware. Our team will investigate any alerts and attempt to clean up infections automatically. However, you can also do a manual check:

  • Look for unfamiliar files or code in your /public_html/ directory.

  • Scan your WordPress files for weird scripts in functions.php, wp-config.php, or theme files.

  • Check your database for spammy content in the wp_posts or wp_options tables.

Not sure what you're looking at? No worries—contact us, and we’ll help.

Step 4: Restore from a Clean Backup

If the hack is serious, cleaning files one by one can be a nightmare. The best move? Restore your site from a backup.

We keep daily backups for up to 30 days. If you need a rollback:

  • Open a support ticket, and we’ll restore the most recent clean backup for you.

Once restored, your site should be back to normal, but you’re not done yet!

Step 5: Change All Passwords

If your site got hacked, assume your passwords are compromised. Change everything:

  • Your hosting account login

  • WordPress admin password

  • FTP/SFTP credentials

  • Database passwords (update wp-config.php if using WordPress)

  • Email account passwords (if linked to your site)

Use strong, unique passwords and enable two-factor authentication (2FA) wherever possible.

Step 6: Remove Backdoors & Fix Vulnerabilities

Hackers often leave hidden “backdoors” so they can regain access later. Here’s how to lock them out:

  • Reinstall WordPress core files by downloading a fresh copy from WordPress.org and replacing your existing ones (except wp-content).

  • Delete unused plugins and themes—especially outdated or nulled ones.

  • Update everything (WordPress, plugins, themes, PHP version).

  • Check user accounts in WordPress to make sure no rogue admins were added.

If you’re not sure how to secure your site, we can refer you to Media Giant Design, our web security pros, for an in-depth fix.

Step 7: Harden Your Website Security

Once your site is clean, it’s time to prevent this from happening again:

  • Keep everything updated (WordPress, plugins, themes, PHP).

  • Use a security plugin like Wordfence or Sucuri.

  • Limit login attempts with Fail2Ban (already included on our servers).

  • Disable XML-RPC if you don’t use it (common attack vector).

  • Move wp-admin to a custom URL with a plugin like WPS Hide Login.

And most importantly—back up your site regularly! (Good news: we already do this for you.)

Final Step: Let Google Know You’re Clean

If Google flagged your site as unsafe, you’ll need to request a re-evaluation:

  1. Go to Google Search Console → Security Issues.

  2. Request a review after confirming your site is clean.

  3. Google will re-scan your site and remove the warning (can take a few days).

Need Help? We’ve Got Your Back!

If this all sounds overwhelming, don’t sweat it. Open a support ticket, and we’ll help you clean up your site, restore a backup, and secure it against future attacks.

For advanced security fixes, our sister company, Media Giant Design, offers in-depth malware removal and security hardening services.

Bottom line: Getting hacked isn’t the end of the world—but leaving your site vulnerable is. Secure it now and avoid the headache later.

 

Was this answer helpful?

0 Users Found This Useful (0 Votes)

Related Articles

Most Popular Articles

How We Secure Your Websites

How We Secure Your Website at Media Giant Hosting Look, Website Security Ain’t Optional—It’s...
Understanding DDoS Protection & Firewalls

Understanding DDoS Protection & Firewalls The internet is a warzone, and your website is a...
How To Set Up Two-Factor Authentication (2FA) for Your Account

How to Set Up Two-Factor Authentication (2FA) for Your Account Security isn’t just a good...

Media Giant Hosting offers reliable, high-performance hosting solutions, including Managed WordPress, Shared, and Managed VPS Hosting. With enterprise-grade infrastructure, 24/7 support, and daily backups, we provide the speed, security, and reliability you need to succeed.

800-555-1212 support@mediagianthosting.net

Products

Resources

Services

Legal

Copyright © 2025 Media Giant Hosting LLC. All Rights Reserved.

Do you allow us to use cookies ?

We use cookies to learn where you struggle when you're navigating our website and them for your future visit, learn more about cookies in our terms of use