Website Hacked or Compromised? Fix It Fast
If your website has been hacked, redirecting, or showing unusual behaviour, this guide will help you identify the issue, remove malware, and secure your site.
Signs Your Website is Hacked
Redirects to Other Sites
Your website redirects visitors to spam or unknown pages.
Unknown Files
Suspicious files appear in your hosting account.
Google Warnings
Your site shows "This site may be hacked".
Slow or High Usage
Unusual CPU usage or slow performance.
Step-by-Step Fix
Step 1: Scan for Malware (CPGuard)
Open CPGuard
Go to Security → CPGuard in cPanel or DirectAdmin.
Run Virus Scan
Scan your account for infected or suspicious files.
Check CMS Threats
Identify vulnerable plugins or themes.
Step 2: Remove Malware
Delete Infected Files
Remove or quarantine flagged files.
Restore Backup
Restore a clean backup if available.
Check .htaccess
Remove malicious redirects or code.
Step 3: Secure Your Website
Update Everything
Update WordPress, plugins, and themes.
Change Passwords
Update hosting, FTP, email, and WordPress passwords.
Remove Unused Plugins
Delete anything not actively used.
Enable Firewall
Use WAF protection via CPGuard.
Step 4: Check for Backdoors
Search for Suspicious Code
Look for files with random names or encoded code.
Check Admin Users
Remove unknown WordPress admin accounts.
Review Cron Jobs
Ensure no malicious scheduled tasks exist.
Common Hack Types
Redirect Hack
Visitors redirected to spam or malicious sites.
Injected Malware
Hidden scripts inside files.
Phishing Pages
Fake login or scam pages hosted on your site.
Quick Fix Checklist
- ✔ Scan site with CPGuard
- ✔ Remove infected files
- ✔ Update all software
- ✔ Change all passwords
- ✔ Enable firewall protection
Prevent Future Hacks
Keep Software Updated
Outdated plugins are the biggest risk.
Use Strong Passwords
Avoid weak or reused credentials.
Regular Scans
Run CPGuard scans regularly.
Limit Access
Only give access to trusted users.
