Page contents

What to do if you’ve had a website hack?

A website hack occurs when unauthorized individuals gain access to a website’s backend, often with the intent to steal data, alter content, or disrupt operations.

Disclaimer

The advice and information provided on this website are for general informational purposes only. While we strive to offer accurate and helpful content, we do not take responsibility for any actions taken based on the advice provided. Users are encouraged to exercise their own judgment and discretion when implementing any recommendations. We make no guarantees regarding the outcomes or results of following any advice, and assume no liability for any consequences resulting from its use.

First steps

In the event of a website hack you should start by:

  1. Switch site to maintenance mode, check you know how to do this. Maintenance mode logs out any users.*
  2. If you cannot do this contact your web developer straight away and ask them to do this, or remove access.

Who to contact

You should flag the website hack to the following people:

  1. Contact your web developer as soon as you can
  2. Contact your host if they are a different business/organisation

Generally, they will review the incident immediately and are likely to roll back the server, then review the code and or database to resolve the issue.

Recovery

You can try the following actions to recover from a website hack:

  1. Understand if it’s the website or database that has been compromised.
  2. Speak with your developers and find out how it happened, and understand how they resolved the issue
  3. Check your website software (e.g. WordPress, Drupal, Joomla etc.) is kept up to date
  4. Change any admin passwords for the site, and for FTP access
  5. Run a security checking program on the site – e.g. Security Review or Hacked module for Drupal, Sucuri for WordPress.

Further action

You should consider the following actions following a website hack:

  1. Has any sensitive data been taken? If so, you need to inform the ICO and every individual.
  2. Has other valuable, or useful information been stolen, like passwords to your site? Users tend to use similar passwords.
  3. Ensure you force password changes to users the next time they visit your site and inform users to change passwords on other sites if they are similar to ones used on your site.
  4. Expect a second attack and be prepared – Review the changes made, are there any other ways to prevent a further attack? Check your backup copy.
  5. Inform Action Fraud.
  6. Consider whether you need a third party security audit/review

*If you can, block access via the server e.g. for Apache use .htaccess file to block all except your own IP. Often this can be done via your Control Panel, so you don’t necessarily need to use FTP. If you have cPanel or similar, learn how to do this.

Further advice how to protect your website