top of page

🌐 6 Signs Your Website Has Been Hacked – And What to Do About It

  • Writer: Alex Hughes
    Alex Hughes
  • May 19
  • 3 min read

A hacked website isn’t just a problem—it’s a potential business crisis. With over 30,000 websites hacked every day, and small businesses making up more than 40% of those targeted, no site is too small to be at risk.


Whether it’s malware, defacement, lost traffic, or stolen data, the impact can be severe. The good news? With the right steps, you can recover and strengthen your defences for the future. Here's how to tell if your website has been hacked and what to do next.


website hack

🛑 How to Tell If Your Website Has Been Hacked

Some signs of a website hack are obvious, others are more subtle. Here are six key indicators to look out for:


🔹 1. Browser or Google Warnings

If Google Chrome, Firefox, Safari or another browser flags your website as unsafe, that’s a serious red flag. This typically happens via Google Safe Browsing, which detects and warns users about malicious websites.


👉 You might also see your site listed with a "this site may harm your computer" warning in search results.


🔹 2. Unexpected Changes to Your Website

Has your website started showing strange ads, redirecting visitors to other pages, or displaying content you didn’t upload? These are common signs of website defacement or redirection attacks.


Other issues include:

  • New pages you didn’t create

  • Offensive or irrelevant content

  • Slow loading or constant error messages


🔹 3. New Admin or FTP Accounts

If a hacker gains backend access, they might create new admin users or FTP accounts to keep control—even after you remove malicious code.


⚠️ If you're locked out of your own admin area, act fast. It likely means access has been hijacked.


🔹 4. Alerts from Your Web Host

Many hosting providers monitor for unusual activity. If they suspend your site or warn you about spam, malware or resource overuse, take it seriously.

Hosts often detect issues before you do, such as:

  • Unusual bandwidth usage

  • Spam emails being sent

  • Suspicious files uploaded to your server


🔹 5. Sudden Drop in Website Traffic

If traffic to your site suddenly falls off a cliff, it could be a sign of SEO damage. Search engines might delist or penalise your site if they detect malware or spammy redirects.


Use tools like Google Search Console to check for manual actions or crawl issues.


🔹 6. Your Emails Are Going to Spam

If emails from your domain are landing in spam folders—or not arriving at all—your server IP may be blacklisted. This often happens when hackers use your site to send bulk spam or phishing emails.



🛠️ What to Do If Your Website Has Been Hacked

Recovering a hacked website can be stressful, but a clear step-by-step approach will help you get back on track.

1. Take the Website Offline

Put your website into maintenance mode to prevent further damage or visitor exposure. You can use a simple “under maintenance” message while you investigate.

website hack

2. Reset All Passwords and Permissions

Immediately change:

  • Your CMS (e.g. WordPress) admin password

  • Email and hosting logins

  • FTP and database access credentials

  • Any third-party integrations


Use strong, unique passwords and enable two-factor authentication where possible.


3. Scan for Malware and Remove It

Use a security plugin or online scanner to identify malicious files or code injections. Common locations include:

  • Plugins and themes

  • .htaccess files

  • PHP scripts in core folders


Not sure what to look for? You might need help from a website security expert or managed IT team (like us!).


4. Restore from a Clean Backup

If you have a backup from before the hack, use it to restore your website. Make sure the backup is malware-free before uploading it.


If you don’t have a backup, consider rebuilding from scratch or manually removing threats—though this can be complex.


5. Contact Your Hosting Provider

Let your host know what’s happened. They can help with:

  • Removing your site from blacklists

  • Checking server logs for suspicious activity

  • Re-securing your hosting environment


6. Inform Regulators and Users

If personal data may have been accessed, you might have a legal obligation to report the breach under UK GDPR. You should also let your customers know—especially if they need to change passwords or be cautious with recent emails.



🔒 How to Prevent Your Website Being Hacked in Future

Prevention is always better than cure. Here are some website security best practices to help you stay safe:

✅ Run regular security scans and audits

✅ Keep your CMS, plugins and themes fully updated

✅ Use strong passwords and limit user access

✅ Enable two-factor authentication for admin logins

✅ Install a firewall and malware monitoring tool

✅ Back up your website regularly and store backups securely

✅ Train your team on basic cybersecurity awareness



💡 Final Thoughts

A hacked website can feel overwhelming, but you’re not alone—and you can recover. Acting quickly, following the right steps, and building a stronger security foundation are key to bouncing back.


If you’re unsure where to start, or need help investigating or securing your website, our team at IT Desk is here to help.



bottom of page