If you see an unfamiliar page when you visit your website, or a warning like the one below, your site may have been compromised by an intrusion (an unauthorised entry by an attacker). Don’t worry — this is a common situation and there is a clear set of steps to recover safely. This guide walks you through them.
First steps after a suspected intrusion
If your website has been hacked or infected with malware, take a deep breath and start with these basics:
- Change all passwords that could be affected: FTP, email accounts, the Loopia Customer Zone, databases, and any CMS admin accounts (such as WordPress or Joomla).
- Remember that the problem may not be on the server. One or more computers you use as workstations could be infected too. Trojans (malicious software disguised as legitimate programs) can sneak through even when you are careful, and they may steal email or FTP credentials.
Scan your workstations with an antivirus program
Start by running a full scan of every computer you use to manage the website with a reputable antivirus program. If you do not have one, here are some well-known free options:
- Avira
- Avast (free registration required)
- AVG
- Ad-aware
- Microsoft Security Essentials
Clean up the website
Once your workstations are clean, work through the website itself:
- Upload a temporary holding page that tells visitors the site is under maintenance.
- Download all current website material locally and then remove it from the server.
- Change the passwords for FTP, the Loopia Customer Zone and any databases.
- Go through the downloaded material carefully to find out how the attacker got in.
- Fix the underlying cause — usually by updating third-party components such as WordPress, Joomla or their plugins and themes.
- Check any databases and remove anything that should not be there. Attackers often add extra administrator accounts (for example, in a WordPress database).
- Upload a clean version of your site, then remove the temporary holding page.
Check every site in the same account
If you host more than one website in the same account, it is important to know that attackers often plant additional files in other sites so they can re-enter later, even if you only clean one of them. Always go through every website in the same account.
Restoring from backup
If you do not have your own backup of the website material, you can restore from Loopia’s backup. Please contact our support if you need help with this.