What do you do if you think your website has been hacked

Rufaro Madamombe Avatar
you-have-been-hacked

Earlier, we talked about ways to secure a website against hacking. If you read that post, you’d see that it was more focused on preventing hacking than recovering from hacking. So what do you do if you think your website has been hacked and how can you regain control. Let’s take a look.

Don’t panic just yet

So you think your website has been hacked, instead of getting yourself into a heart attack, why not actually confirm if it has been hacked. You can use this tool from Google which will check to see if your website is safe or not. If it’s found to be unsafe, chances are that it has been compromised by a hacker.

After that, try accessing the actual website and see if you experience any problems that were not there before The reason you’d want to do this is because sometimes, people can pull a joke on you by telling you that it’s hacked when it’s not just so you can panic for nothing.

It’s okay to go offline

Let’s say you’ve discovered that the website has been hacked. It’s better for you to take the website offline by requesting your hosting company to temporarily make it unavailable. This will give you time to assess with your Information Security team how much damage was done without worrying about the hacker doing more damage.

Keep your customers informed

You could also set up your domain name to be redirected to another page so that your users can see a notice of what’s going on. There’s nothing fancy about getting hacked so it’s alright to let your customers know quickly what is going on than leaving them in suspense and wondering why they can’t access the services you offer on your website. Trying to cover it up and seem like you’re in control will only harm you especially if you don’t manage to get the website back up very quickly.

Cleanse the circle of trust

While your security team is fixing the technical problems, make sure that they reset all the passwords of all the users who have administrative privileges. This will make sure that if the hacker had gained access to the website through an admin user’s account, they will no longer have the access to that account anymore.

Another way to make sure that your website is safe in the future is to limit the number of people who have administration access to the website and to make sure that it has a strong password that looks something like L4@NEFGhmimx7i3x.

Get your safe treasure box and use it

If you had safe guarded your website with the bare minimum methods, you should have a backup of your website stored somewhere safe. After doing all the above you’re not only taking care of your customers but you’re also making the whole process of figuring out what was the exploit more efficient for your Information Security team.

You can now restore your backup to the servers and get your website up and running. If you didn’t have a backup then your team will have a difficult time getting things back the way they were. So to make your website more secure in-case someone attempts to hack it again, you can consider implementing some of these security tips.

2 comments

  1. Anonymous

    I just hacked GZU …

Join Waitlist We will inform you when the product arrives in stock. Please leave your valid email address below.