Discovering your website has been hacked is one of the most stressful things that can happen to a business online. Whether you've found strange content on your pages, Google is showing a security warning, or your hosting provider has suspended your site, the first priority is staying calm and acting methodically.

This guide walks you through exactly what to do if your website has been compromised, how to clean it up, and — most importantly — how to stop it happening again.

Signs Your Website Has Been Hacked

Sometimes a hack is obvious — your homepage has been replaced with someone else's content. But many hacks are subtle and designed to go unnoticed for as long as possible. Watch for these warning signs.

Google showing a "This site may be hacked" or "This site may harm your computer" warning when you search for your business. Your website redirecting to a different site (especially pharmaceutical or gambling sites). Strange new pages or posts appearing that you didn't create. Unusual spikes in traffic from countries where you don't do business. Your hosting provider suspending your account for excessive resource usage or malware. Customers reporting that your site looks different or is behaving strangely. Google Search Console showing security issues or a manual action penalty.

Immediate Steps: The First 30 Minutes

When you discover a hack, time matters. The longer malicious code sits on your site, the more damage it does to your SEO rankings, customer trust, and potentially your data.

Step 1: Don't panic, but do act quickly

Take a breath. Most hacks can be cleaned up and recovered from. But you need to move through the next steps promptly rather than leaving it for tomorrow.

Step 2: Document everything

Take screenshots of anything unusual — error messages, strange content, security warnings. Note the date and time you discovered the hack. This documentation helps your web developer diagnose the issue and may be needed if you need to report the incident.

Step 3: Take your site offline

If your site is showing malicious content or redirecting visitors to harmful sites, take it offline immediately. Your hosting provider can usually do this by enabling maintenance mode or temporarily suspending the site. A site that's down is better than a site that's actively harming your visitors and destroying your Google rankings.

Step 4: Change all passwords

Change passwords for your website admin panel, your hosting account, your FTP/SFTP access, your database, and any connected services (email, payment gateways). Use strong, unique passwords for each one. If you've been using the same password across multiple accounts, change all of them.

Step 5: Contact your web developer or hosting provider

If you work with a web design agency, contact them immediately. If you manage the site yourself, contact your hosting provider's support team. Many hosting companies have malware scanning and removal tools, and some offer emergency cleanup services.

The Recovery Process

Once the immediate crisis is handled, the thorough cleanup begins. This typically involves scanning for and removing malware, restoring from a clean backup, and hardening your site against future attacks.

Scanning and cleaning

Professional malware scanners like Sucuri SiteCheck, Wordfence (for WordPress sites), or your hosting provider's built-in scanner can identify malicious files. However, automated scanners don't always catch everything — a thorough manual review by an experienced developer is often necessary, particularly for sophisticated attacks.

Common things to check include core files that have been modified, unknown files in your uploads directory, malicious code injected into theme or plugin files, new admin user accounts you didn't create, modified .htaccess files, and database entries containing suspicious scripts.

Restoring from backup

If you have a clean backup from before the hack, restoring from it is often the fastest and most reliable way to recover. But you must ensure the backup pre-dates the compromise — hackers can be on your site for weeks before you notice. After restoring, apply all security updates immediately to close the vulnerability that allowed the hack in the first place.

Requesting Google review

If Google flagged your site with a security warning, you'll need to request a review through Google Search Console after cleaning up. Log in, navigate to Security Issues, review and fix all flagged problems, then request a review. Google typically processes these within a few days, though it can take up to two weeks.

Why Websites Get Hacked

Understanding why sites get hacked helps you prevent it. Most small business websites aren't specifically targeted — they're caught up in automated attacks that scan millions of sites for common vulnerabilities.

The most common causes are outdated CMS software (WordPress, Joomla, etc.), outdated or vulnerable plugins and themes, weak passwords, insecure hosting environments, no SSL certificate, and reusing passwords across multiple services. WordPress sites are particularly common targets because WordPress powers over 40% of all websites, making it a high-value target for automated attacks.

Preventing Future Hacks

Prevention is always better than cure. These measures significantly reduce your risk of being hacked.

Keep everything updated

Update your CMS, plugins, and themes as soon as security patches are released. The majority of successful hacks exploit known vulnerabilities that have already been patched — the site just wasn't updated. Set up automatic updates where possible, or ensure your maintenance provider handles this regularly.

Use strong, unique passwords

Every account connected to your website should have a strong, unique password. Use a password manager like 1Password, Bitwarden, or LastPass to generate and store complex passwords. Enable two-factor authentication (2FA) on your admin panel and hosting account.

Install a security plugin

For WordPress sites, security plugins like Wordfence, Sucuri Security, or iThemes Security add layers of protection including firewalls, malware scanning, login attempt limiting, and file integrity monitoring. The free versions of these plugins provide solid baseline protection.

Regular backups

Automated daily backups stored off-site (not just on the same server as your website) are essential. Services like UpdraftPlus, BlogVault, or your hosting provider's backup system should run automatically. Test your backups periodically by actually restoring one to make sure they work.

Choose quality hosting

Cheap hosting often means shared resources with hundreds of other sites, poor security measures, and slow response times when things go wrong. Quality web hosting includes server-level firewalls, malware scanning, automatic patching, and responsive support when you need it most.

GDPR Implications of a Hack

If your website collects personal data (contact forms, email signups, customer accounts, ecommerce transactions), a hack may constitute a data breach under GDPR. Irish businesses should be aware that you may need to notify the Data Protection Commission (DPC) within 72 hours of becoming aware of a breach, you may need to notify affected individuals if the breach poses a high risk to their rights, and you should document the breach regardless of whether notification is required.

Consult with a data protection specialist if you're unsure whether your situation requires notification. The DPC provides guidance on its website at dataprotection.ie.

Frequently Asked Questions

How much does it cost to fix a hacked website?

Professional malware removal typically costs between €200 and €500 for a standard WordPress site. Complex infections or sites with significant damage may cost more. Services like Sucuri offer annual plans (around €200/year) that include unlimited cleanups plus ongoing monitoring and firewall protection.

Will my Google rankings recover after a hack?

Usually yes, though it can take time. Once Google verifies your site is clean and removes the security warning, your rankings should gradually return. The longer the hack went undetected and the more pages were affected, the longer recovery takes. Most sites see significant recovery within 2–4 weeks of cleanup.

Can I prevent hacks completely?

No security is 100% guaranteed, but following the prevention steps above reduces your risk dramatically. The goal is to make your site harder to hack than the millions of other vulnerable sites out there — most automated attacks move on to easier targets.

Should I just rebuild the site from scratch?

If the hack is severe and your site was due for a redesign anyway, rebuilding can be a good option. But for most situations, a thorough cleanup and security hardening is faster and more cost-effective than starting over.

My hosting provider cleaned the hack but it came back. Why?

Hackers often install backdoors — hidden access points that let them back in even after the visible malware is removed. A proper cleanup needs to find and remove all backdoors, not just the obvious malicious code. This is why professional security services are sometimes necessary over basic hosting support.

How do I check if my website has been hacked right now?

Run a free scan at Sucuri SiteCheck (sitecheck.sucuri.net), check Google Search Console for security issues, and search site:yourdomain.ie in Google to see if any suspicious pages appear. If your Google Business Profile has been suspended, that can also indicate your site has been flagged for security issues.

Should I rebuild my site on a more secure platform after a hack?

Not necessarily. WordPress sites are commonly targeted but are perfectly secure when properly maintained. The issue is usually outdated software, weak passwords, or poor hosting — not the platform itself. A thorough cleanup plus the prevention steps above is usually more cost-effective than a full rebuild. If you do decide to rebuild, follow our redesign checklist.