Website Hacks

So it happened. Your website got hacked. You should feel shame.

Ok, it does happen to nearly everyone. Plus our guide on how to secure your website is still in production. So perhaps not too much shame? But still. We know what happened – you forgot to Update your CMS. Whether WordPress, Drupal, Joomla or whatever one you use, you let that update slide and someone took advantage of you. Why would anyone ever care about your site, right?

Now you feel targeted, like someone has a Personal vendetta against you. But who? Why?

Well, truth be told it was likely just a Drive by hack, aimed at outdated CMS installs. You just happened to get hit. The hackers (I cringe to even call them that, it doesn’t take much skill to hack an outdated CMS) simply took advantage of the fact that you made a mistake and didn’t update your software. They really don’t care about you other than the fact that your site was vulnerable.

Honestly, if you wanted the shortest guide in the world to preventing most hacks, it would consist of:


There, done. 99.99% of hacks prevented.

Seriously, I can’t recall the last time I’ve run across A sophisticated hack thankfully.

Anyways, I digress. So your site is hacked. Maybe our EZP team found The hack and notified you. Or maybe Google chrome gave you the dreaded “This site may harm your computer” red screen warning when you went to it. Who knows, who cares right? You just need to fix it.

Thankfully, there are some Easy solutions:

Restore from Backups.

Perhaps Your site isn’t updated often. Possibly you’ve caught the hack fairly close to when it actually occurred. Or maybe it’s not terribly difficult to get your site back up to date if you restored from backups prior to when the hack Occurred. In these cases this is your easiest bet. Simply delete the files and database in your account and restore from backups from a date prior to the hack. Done!

NOTE: You must delete the files first, do not simply restore the backup. Restoring the backup will only overwrite the files contained in the backup and this will typically leave behind a hackers backdoor php file and your website will simply be hacked again – often within minutes!

If yoU are on our shared hosting, your site is backed up nightly via R1soft. There is a walkthrough on R1soft backups here.

VPS & Dedicated clients, you may also have R1soft, but some of you are running your own backups to our backup servers. There is a tutorial on restoring cPanel backups here.

Plus, we know you aRe all keeping regular backups of your website on your workstation, right? So you could easily restore from those? No? Ok, read on then!

Use Sucuri to fix your hacked website.

Alright, so restoring from backups aren’t an option. Maybe your site has a lot of user generated content and losing any is really bad. Maybe you pushed a big update live and accidentally deleted it from your workstation (or your dog ate it). Who knows why, there are many reasons.

Fortunately, we’ve teamed up with the good people at They’ve got the best WAF on the market (seriously, it actually offers protection – so if you miss an update by a few days you’re actually protected!) and they offer hack Cleanup services. Within just a few hours they will have your site hack free and ready to rock again. Worth every penny. Just shoot us a support ticket and we’ll get it running for you.

DIY Hack Cleanup.

That’s right, do it yourself. If you can’t bear the thought of spending MORE Money on your site, or you just hate that someone hacked you and you want to find out exactly how and fix it yourself – maybe even toss the exploited plugin to the curb (because how dare they cause you to get hacked, it’s not like you forgot to update things!) – well, we hear you. We love to tinker, to try new things, to find out exactly how “stuff” works. Figuring out how a hack occurred is right up our alley!

So, if you have a little tech Savvy and are prepared to invest some time and energy you can absolutely do this. That said, DIY hack cleanup is a big endeavour and because of this, we’re going to write a completely separate post on it for you. Why? Because one of our admins FORGOT TO UPDATE HIS CMS and we are going to use his site as an example. 🙂