How To Recover From a Website Hack DerrellUpdated on May 13, 2025 3 Minute Read If your website has been hacked, acting quickly and carefully is essential. This guide walks you through the steps to recover your site and strengthen its security to help prevent future attacks. Note! If you are not sure whether your site has been hacked or not, see our guide titled “I think my website has been hacked“. Step 1: Reset All Passwords Immediately update all account credentials: cPanel and AMP login Email and FTP accounts CMS admin users (e.g., WordPress, Joomla) Database users (if applicable) Changing your passwords ensures that attackers can no longer access your hosting environment. Step 2: Scan Your Computer Before making any changes to your site, scan your local computer for malware. Keyloggers and trojans can compromise your hosting credentials even after a site recovery. Use a trusted antivirus/malware scanner. Avoid logging into your hosting account from infected or public devices. Step 3: Secure Your cPanel Applies only if your hosting plan includes cPanel. Take these extra steps to lock down your cPanel environment: Update your cPanel password to something strong and unique. Review FTP accounts and remove any you don’t recognize. Check Cron Jobs for suspicious scripts or unauthorized tasks. Inspect .htaccess and other configuration files for malicious redirects or rewrites. These steps help prevent future unauthorized access via cPanel-related services. Step 4: Clean Up and Restore If you have a clean backup created before the hack, restoring it is often the fastest way to get your site online again. Verify the backup is clean and not infected. Use cPanel or a file manager to restore website files and databases. If you used a WordPress plugin to backup your website, reinstall WordPress, and reinstall the backup plugin to restore your website. No backup available? InMotion Hosting offers a Hacked Website Repair service. Our experts will manually investigate and remove malicious content from your site. Step 5: Update and Harden Your Website Update CMS core, plugins, and themes to the latest versions. Remove unused or outdated software to eliminate vulnerabilities. Check file and directory permissions (e.g., 755 for folders, 644 for files). Limit admin access and use two-factor authentication where possible. Step 6: Scan for Malware Regularly Protect your site with ongoing malware detection and prevention. We recommend Monarx Security, which: Scans for and removes malicious PHP files automatically. Uses behavior-based detection for advanced threats. Runs seamlessly on your server with no performance impact. Monarx can be purchased with most InMotion Hosting plans and enabled from your dashboard. Step 7: Monitor for Suspicious Activity Continue to monitor your site closely after recovery: Check logs for unusual IP addresses or failed login attempts. Regularly audit user accounts and admin privileges. Set up file change alerts where possible. Step 8: Contact Support if Needed Our team is here to assist if you’re unsure how to proceed or need help with any step. From troubleshooting to advanced cleanups, InMotion Hosting provides trusted support. Contact Us Or consider our Hacked Website Repair service for a full recovery solution. Following these steps can help you recover your website, regain control, and prevent future hacks. With solutions like Monarx and professional repair services, InMotion Hosting has you covered every step of the way. Share this Article Derrell Willis Manager, Developer Relations More Articles by Derrell Related Articles Intro to Migrating your WordPress Site Data Migrating your WordPress Database Migrating WordPress Files Configuring WordPress After a Migration Testing your WordPress website after Migration How to Move WordPress from a Subfolder to the Root Directory What to expect during a mass server migration Move Your WordPress Site to a New Server Moving Websites Built with Older Technology into WordPress How to Export Your WordPress Sites
