What to Do After Your Website or Web Hosting Is Compromised

Proactive security measures are the key to keeping your website secure. But sometimes, the worst can happen without warning. So, what can you do if your website has been compromised?

If you suspect your website or hosting account was compromised, you must act quickly to mitigate potential damage. The longer you wait, the worse things will become. You could even be on the hook for liability lawsuits.

Follow the steps below to regain control and secure your website.

Change All Passwords

The first step when compromise is suspected is changing ALL passwords.

Depending on your configuration, the password reset process may involve updating FTP/SFTP passwords, Database Users, Website Logins, Email Accounts, and anything else associated with your website.

Fixing a breach will mean nothing if the individual still has all your passwords.

Use strong, unique passwords for each account, and ensure you do NOT reuse any previously used passwords, as once a password is compromised, it will remain compromised indefinitely and cannot be reused, even on another service.

If you’re not sure how to make a password stronger, feel free to use our password generator. In a single click, it will generate a password that is more difficult to crack.

Scan Your Local Devices for Malware:

Run thorough antivirus and malware scans on all devices you use to access your website or hosting account. Remove any detected threats promptly to prevent re-infection.

Password-based compromises are often the result of malware on your PC or other device that sniffs your password.

Review Website Files

Check all files and directories on your website for any unauthorized modifications, unfamiliar files, or suspicious code injections.

When a website is compromised, malicious files are often created or modified at approximately the same time. After a malicious file is found, searching for other files modified around the same time may identify additional malicious files.

If you’re using WordPress, the Wordfence security plugin constantly scans your files and keeps you apprised of any changes. The best part is that it’s free to use, though, it does have some great features if you upgrade.

Restore Clean Backups

Once you have confirmed that your website is compromised, restoring a known clean backup is the most effective way to remove the malware.

If you need assistance restoring a backup or don’t have a known clean backup, GreenGeeks takes regular server-side backups and offers one free restore from the server-side backups per month.

If you’re using WordPress, it’s probably a good idea to install a backup plugin. A lot of these will create backups automatically while storing them on separate servers, such as Dropbox or OneDrive.

Update Website Components

Outdated software is often vulnerable to exploitation of known vectors by attackers, such as out-of-date coding or components.

To prevent attacks against known security vulnerabilities, ensure that all website components for your website CMS are up-to-date with the latest security patches, including Themes, Plugins, or other Extensions.

Enabling Automatic updates for all components will ensure you’re always using the most up-to-date software versions for your website, minimizing the risk of compromise.

Monitor Website Activity

Implement website activity monitoring tools or security plugins to track unauthorized access attempts, file modifications, or suspicious behavior. Regularly review access logs for any anomalies.

For WordPress, GreenGeeks recommends WP Cerber to help provide enhanced security measures and strengthen your website installation overall.

Implement Additional Security Measures

Enhance your website’s security by implementing additional measures such as two-factor authentication and regular security audits.

GreenGeeks offers 2FA for both the GreenGeeks Dashboard and Hosting Account to secure your account.

WordPress and other CMS applications offer 2FA plugins and extensions; the exact steps will vary depending on your website’s platform. Nonetheless, there are plenty of plugins available, so pick one that best suits your needs.

If you require assistance implementing 2FA within your GreenGeeks Dashboard or Hosting Account, the GreenGeeks Support Team will assist you.

Communicate with Your Users

If your website collects user data or provides services to customers, inform them about the security incident, the actions you’ve taken to address it, and any steps they should take to secure their accounts.

Each State/Country has different disclosure requirements for a cyber security breach, and you must follow any specific notification requirements for your state or jurisdiction.

For the United States of America, refer to the National Association of Attorneys General & National Conference of State Legislatures for data breach guidelines.

WordPress Admin Checks

A commonly overlooked problem is when hackers or malicious code injects a new admin or user into your website without your knowledge. This can give someone backend control of your site who can quickly undo any fixes you may have implemented.

Check your user list in WordPress to ensure no new admins or other users were added. Even if WordPress gives these unknowns “Subscriber” status (the lowest privilege in WordPress), it’s better to delete them immediately.

Conclusion

By following the above steps promptly and thoroughly, you can restore your website to working order and minimize the potential for your website to be compromised going forward.

Note that GreenGeeks may require additional actions to secure your account to guarantee the integrity of the server.

If you have any questions about how to apply one or more steps to your GreenGeeks hosting account, the GreenGeeks Support Team will be happy to assist you from your GreenGeeks Dashboard.

The post What to Do After Your Website or Web Hosting Is Compromised appeared first on GreenGeeks.