If you suspect that your account or site has been hacked, then this article should answer all or most of your questions.
Why did it happen?
The most popular reasons are:
Outdated web application. Every popular web application (Joomla, WordPress, PrestaShop...) has had security issues, that’s why it’s always important to update your CMS to the latest version.
Outdated web application extension/plugins/modules/themes. If you have installed any third-party extensions, it’s as important to keep them updated as updating your CMS for example. Outdated extensions might become an easy target for intruders and hackers.
Weak user/administrator passwords. It is always recommended to use secure and strong passwords, especially the ones to your hosting account and to your CMS admin dashboard. You can create a strong password with the help of 1Password or any other similar service
Infected local computer - some computer viruses are known to steal your sensitive login information (FTP accounts, access to CMS) and after that add malicious code to your web files. It is highly recommended to scan your local computer files with antivirus software regularly, which will ensure that your computer and hosting files are safe 😊
If your account was hacked, please be sure it’s not related to server security. Our servers have advanced security modules (such as mod_security, Suhosin PHP hardening, PHP open_basedir protection, and others) these measures assure the best possible protection from malware.
If you wish to know more about securing your WordPress website, for example, you can check this guide here.
What to do if a profile or site is hacked?
If you see changes made to the hosting account that were not made by you, there are a few things to look for:
Have you provided access to your hosting account to other people?
Maybe you have a developer that is currently managing your website? If that’s the case, it’s a good idea to ask them for any changes.
Please note to never provide your login and password to anyone, if you wish for a developer to manage your website you can use our Access Manager, which was created for this exact reason
Is there any unusual activity in the Login History?
You can see a detailed login history in your Account Activity
Have you made your password public?
Maybe you have shared a picture on the internet with your password attached to it (for example a picture of your monitor with a sticker containing your password). In any case, it’s highly recommended to change your password
Regardless of the answers to the previous questions, the following actions should be performed:
Check all devices from which you worked for any viruses
Check the browser for any suspicious extensions
Check if your hosting’s resource usage changed
Change passwords for all of your accounts associated with the site - devices, hosting, mail, FTP, and so on
Download your website files and check them with an antivirus application
Additional protection for your account is to enable login via social networks (Google, Facebook, or Github). It is also highly recommended to enable Two-Step Authentication.
What to do if there are changes on the website?
After all the mentioned steps have been done, you should follow these steps:
Restore a website from a backup from a date when it was working perfectly fine. You can additionally check downloaded copy for viruses in case they were implemented earlier
Update all of your plugins, theme, and CMS itself