If you suspect that your account or site has been hacked, then this article should answer all or most of your questions.
Why did it happen?
The most popular reasons are:
Outdated web application. Every popular web application (Joomla, WordPress, PrestaShop...) has had security issues, that’s why it’s always important to update your CMS to the latest version.
Outdated web application extension/plugins/modules/themes. If you have installed any third-party extensions, it’s as important to keep them updated as updating your CMS for example. Outdated extensions might become an easy target for intruders and hackers.
Weak user/administrator passwords. It is always recommended to use secure and strong passwords, especially the ones to your hosting account and to your CMS admin dashboard. You can create a strong password with the help of 1Password or any other similar service
Infected local computer - some computer viruses are known to steal your sensitive login information (FTP accounts, access to CMS) and after that add malicious code to your web files. It is highly recommended scanning your local computer files with antivirus software regularly, that will ensure that your computer and hosting files are safe 😊
If your account was hacked, please be sure it’s not related to server security. Our servers have advanced security modules (such as mod_security, Suhosin PHP hardening, PHP open_basedir protection and others) these measures assure the best possible protection from malware.
If you wish to know more about securing your WordPress website, for example, you can check this guide here.
What to do if a profile or site is hacked?
If you see changes made to the hosting account that were not made by you, there are few things to look for:
Have you provided access to your hosting account to other people?
Maybe you have a developer that is currently managing your website? If that’s the case, it’s a good idea to ask them for any changes.
Please note to never provide your login and password to anyone, if you wish for a developer to manage your website you can use our Access Manager, which was created for this exact reason.
Is there any unusual activity in the Login History? To check your profile’s login history, click on your avatar, and select Login History.
Have you made your password public? Maybe you have shared a picture on the internet with your password attached to it (for example a picture of your monitor with a sticker containing your password). In any case, it’s highly recommended changing your password.
Regardless of the answers to the previous questions, the following actions should be performed:
Check all devices from which you worked on for any viruses;
Check the browser for any suspicious extensions;
Check if your hosting’s resource usage changed;
Change passwords for all of your accounts associated with the site - devices, hosting, mail, FTP and so on;
Download your website files and check them with an Antivirus application.
Additional protection for your account is to enable login via social networks (Google, Facebook, or Github). It is also highly recommended enabling Two Step Authentication.
What to do if there are changes on the website?
After all the mentioned steps have been done, you should follow these steps:
Restore a website from a backup from a date when it was working perfectly fine. You can additionally check downloaded copy for viruses in case they were implemented earlier.
Update all of your plugins, theme, and CMS itself.