My Website Has Been Hacked: What to Do Right Now

How to tell if your website has been hacked

Common signs of a compromised website include: Google showing a warning message ("This site may be hacked" or "Deceptive site ahead") when visitors try to access your site, unusual content appearing on your pages (often spam links, pharmaceutical adverts, or redirects to unrelated websites), your hosting provider suspending your account due to malicious activity, visitors reporting being redirected to a different website, and your Google Search Console showing security issues or manual action notifications.

Do not panic - but do act quickly

A hacked website needs to be dealt with promptly, but it is a fixable problem. The damage is typically not permanent, and websites that are cleaned quickly and properly are usually restored to their previous Google rankings within a few weeks. The longer a compromise is left unaddressed, the more damage is done - both to visitor trust and to search rankings.

Immediate steps

First, put your website in maintenance mode or take it offline if you can. This prevents visitors from encountering the malicious content and stops the hack from spreading further. If you cannot do this yourself, contact your hosting provider - most have emergency support and can assist with temporary suspension or maintenance mode. Next, change all passwords associated with your website: your hosting account, your CMS login (WordPress admin, for example), your FTP credentials, and your database password.

Identifying and removing the malware

This is where specialist help is usually needed. Malware can be hidden in multiple places within your website files and database - in theme files, plugin folders, the database itself, and often in obscure locations specifically chosen to survive a simple cleanup. A professional malware removal service will scan your entire site, identify every infected file, remove the malware, and check for backdoors that would allow the attacker to re-enter after the initial cleanup.

Requesting Google to remove the warning

If Google has flagged your site, you will need to submit a review request through Google Search Console once the malware has been removed. Google typically responds to these requests within 72 hours. Once they confirm the site is clean, the warning label is removed and your search rankings begin recovering.

Preventing future attacks

Most website hacks exploit known vulnerabilities in outdated software. Keeping your CMS, themes, and plugins up to date eliminates the majority of attack vectors. Additional protective measures include installing a web application firewall (WAF), enabling two-factor authentication on your admin login, restricting file permissions, and scheduling regular automated backups so that recovery from any future attack is fast and complete.