What To Do If My Website Has Been Hacked
If you detect abnormal activity on your server, a modification of files, system slowdown, the ad that appears all alone on your website. After verification, you are sure that your website has been hacked. Here are some rules that need to be applied quickly to recover your website, reduce losses of data and the risks of your website to be hacked again.
My website has been hacked, what should I do?
The first rule: Be quick!
An attack is often a matter of seconds or even minutes. The goal of the hacker is to get to his goal as quickly as possible.
Put your website offline
Consider putting your site offline immediately to prevent hackers from using it too much and your visitors are also infected. The best is to put it in maintenance and be able to work on your restoration quietly.
Change all your password
To prevent your website from being used by these nasty hackers, you must change all your passwords. Change the password for your FTP access to a stronger password. Also change the password for each of the administrator accounts in your CMS. Not to forget to change the password of the dashboard of your server (provided by your host when you bought your hosting) and your database.
Delete any files on your FTP server
In order to eradicate all corrupt and foreign files, it is recommended to delete all files from its website (by FTP) and then reinstall a clean copy of your site.
Update your CMS and plugins
The hacker has already successfully hacked your site once, it will still succeed. You need to analyze the log file of your host to understand where the fault is located in order to plug it. You also need to update your CMS and its plugins. A site up to date is a risk of piracy less.
How to reduce the risks of my website being hacked?
Stay updated with the latest updates
If you have installed an application for your site, use the latest version. This includes applications from third parties and Content Management System (CMS) such as Joomla or WordPress. Check the information they provide in terms of security.
Check your site for common vulnerabilities
Avoid having directories with open permissions. Also check out the vulnerabilities XSS (cross-site scripting), Upload, RFI, and SQL injection.
Keep an eye on your log files
The log is the log of a server. It lists all the queries delivered by the server to clients. You might be surprised by what you find.
Use secure protocols
SSH and SFTP must be used for data transfer, rather than plain text protocols such as Telnet or FTP. SSH and SFTP use encryption and are much safer.