Restoring a Hacked Website


“My website was hacked and is now broken, what can I do?”

We have spent much of the past week helping a web agency to restore two of its websites which were unfortunately hacked over the recent bank holiday weekend.

A week after the event and both sites are up and running and now secure but it is a very good reminder of why websites should be regularly maintained. The two sites in question had parts which had not been updated for some time and areas where security was poor.

Many website owners seem to think only websites by major brands, those which process payments, have large memberships or have ‘important’ information on are targeted by hackers. Whilst it is cases like that which make the headlines, smaller sites are hacked with far more regularity.

A 2020 study by the UK Governments Department for Digital, Culture, Media and Sport found almost half of businesses (46%) and a quarter of charities (26%) in their study reported having cyber security breaches or attacks in the last 12 months.

With this in mind there are a couple of very simple steps which can, and should, be taken to mitigate the risk and to secure any website.

Keep It Updated

Keep your website, the website hosting and any scripts or software you are using on your website up-to-date – Outdated settings, software and scripts are the number one entry point of hackers in our experience.

Secure Passwords

We all have too many passwords and remembering them all can be a challenge. It often seems easier to use one password for multiple things or to use two simple words together, or a year or something related to the website or business. However such practises are not good and are really not secure. If keeping your website online and safe is a priority then it should have its own unique secure password.

Spring Clean

Often when websites are updated or when things stop working they are left on the server and forgotten about. If there are WordPress plugins you tried and decided you didn’t need, old contact form scripts or pages from your old site which are no longer public then all those should be removed. It will both make things more secure and easier to manage going forward.

Save A Backup

The importance of regular and recent backups of all your website files and any databases associated to them can be key in quickly restoring a website. Some website hosts offer this service as a part of a hosting package, and while this is good, it is also good practice to have your own back up of all of your files and any databases stored offline.

The above are some of the basic steps that everyone should follow to ensure the security of their website, the failure to do these simple things are what we most commonly see as the issue behind most hacked websites.

The website’s which we were working on this week did have automated backups online however the hack on the website files had also removed critical infromation from those backups, rendering them useless.

In this case we were able to remove all bad files from the website’s and to restore them using some older backups of the site’s files. The aim of the attack in this case was to use the website to send out spam emails, unrelated to the website itself. However as a by product of how the site was attacked critical business data, order information and user accounts dating back several years were deleted. Were it not possible to recover this information it would have had serious consequences for the business.

So to answer…

“My website was hacked and is now broken, what can I do?”

In the first instance its always a good idea to contact the company who host your website. They may be able to restore your website to an older, working version and also to scan it for any bad files. Some web hosts charge for this service, some do not, it varies from host to host.

Contact us

If they can’t help in restoring things then do get in touch with Hathway Creative and we will take a look at what has happened and advise the best way to proceed.

Sometimes a part of a website will simply stop working not because it was inters interfered with but simply due to its age, an update made to the hosting or a change of php version which can cause old or outdated scripts or features on a website to fail.

These can normally be updated and fixed and this is one of the things we do, both for new clients and as a service to other website design companies.

With over twenty years experience working in this field Hathway Creative have helped to repair and restore numerous websites over that time, from WordPress and Joomla websites to Forums, Shopping Cart websites and standard html sites we have managed to recover websites that have been breached and ensure their future security.