What To Do When Your Website is Hacked

Updated: August 29, 2011

  1. If your website is infected with malware you should take down the website if possible.
  2. If you have a clean backup of the website you can restore that to fix the website. If you do not have a clean backup you will need to find and remove any code added by the hacker to fix the website.
  3. To prevent the website from being hacked again you will need to determine how the website was hacked and fix that. You should also insure that you have taken other measures to keep your website secure.
  4. If your website has been removed from the Google search engine you will need to file a reconsideration request. If your website was distributing malware and has been flagged and blocked, you may need to request a malware review from Google, Yahoo, and or Bing to have the warning removed.
  5. If data has been breached during the hack you may have a legal requirement to disclose that. You can find US state requirements here. For breaches of credit card data you should review the incident response information from issuers (American Express, Discover, MasterCard, Visa) whose accounts have have been breached in the hack.