What to Do After a Suspected Website Hack

Immediate steps to take when a website shows spam, redirects, malware warnings, strange users, or unexpected file changes.

Overview

If a website may be compromised, speed and containment matter. Avoid random cleanup attempts that can erase evidence or make recovery harder.

When this helps

Use this article when visitors report strange redirects, browsers show warnings, admin users appear unexpectedly, or security scans flag malware.

Recommended steps

  1. Record screenshots and exact URLs showing the issue.
  2. Do not delete files until a backup and scan plan are clear.
  3. Change passwords for admin, hosting, SFTP, and related accounts.
  4. Ask XMLA to scan files, database content, users, and plugins.
  5. Patch the cause before declaring the cleanup complete.

Information XMLA may need

  • Affected URLs
  • Warning message or screenshot
  • Recent admin users or plugin changes
  • Hosting access
  • Backup availability

Next step

Contact XMLA immediately for emergency repair if the site redirects, downloads files, or displays browser security warnings.

Was this article helpful?

Still need help?

Our team is here to assist you

🤖

AI Assistant

Get instant answers 24/7

Ask XMLA AI
💬

Human Support

Expert help from our team

Contact Support