What Should You Do If Your Website Was Hacked?

In the last year, we’ve gotten several calls from clients panicked because their website was hacked. It is a scary and frustrating situation, and clients are often surprised that their local small business would be targeted by these ne’er-do-wells. If you don’t have juicy data to steal, like credit card numbers, isn’t it a waste of time? Unfortunately, it’s not. Aside from data, your site’s visitors can be leveraged in all kinds of malicious ways.

Last month Wordfence ran a survey that included the following open ended question for people who reported that their site had been compromised:

What did the hackers do to your site?

They received 873 responses, categorized them all manually, and put them into a handy chart to show the results. Since several responses described multiple categories, their intentionally add up to greater than 100%.

As you can see, there are many things that attackers can do when they hack your website. Let’s take a look at each of them, so we can better understand the motive behind the attacks that we are constantly defending against.

Defaced Site or Took it Offline

These attackers who replace your site with political propaganda are using your site for free advertising for their cause. Much like the graffiti you see on the freeway overpass, those that brag about taking your site down are just looking for recognition.

Send Spam

The attacker gets a couple of benefits here. First, they’re using your server resources free of charge. Second, until your reputation is destroyed and your server is blacklisted, their email delivery originates from your domain and IP address. Ultimately they are just encouraging clicks to their malicious websites.

SEO Spam

Ranking for various keywords, or search terms is a great way to drive traffic to your site. By gaming the system with their SEO spam, these attackers direct traffic away from legitimate websites sites toward their own.

Malicious Redirect

When someone visits your website, they are automatically redirected to a different site. Their motive here is just to drive traffic to their malicious content.

Host Phishing Page

Phishing page fools your visitors into providing sensitive information. The value of your visitors’ credit card numbers is obvious. They also collect and use other data to break into all kinds of other online accounts, and can even use this strategy to steal your identity.

Distribute Malware

Malware is hosted on your compromised site, and installed on your visitors’ computers.  This gives the attacker direct access to steal your customers’ information and cause a great number of other issues for them.

Steal User Data

Stolen credentials can be used to regain entry to the site, even after the site has been restored. Attackers also try the stolen username / password combinations on other sites, since many people use the same passwords across the board. Stored credit card and other personal data can also be used in identity theft and fraudulent purchases.

Attack Site

When the attacker uses your site as a primary attack site, they are using your server free of charge for their malicious activities. They borrow your crystal clear domain and IP address to slip past the defenses of their target sites, until your domain reputation is destroyed as well.


In this case, attackers take down your site, and offer to restore it for a fee. Unfortunately, if you don’t have backups that you were able to keep out of the hands of the attacker, you may decide that paying the ransom is worth it. This is also a great reason to backup your site regularly.

Host Malicious Content

Attackers store their files on a server with a domain and IP address that have a squeaky clean reputation, making it easy for them to continue their attacks on other website victims.

Bottom line – no matter how small your small business website – it has big value for hackers.  We recommend purchasing a website security monitoring subscription, like those available from Sucuri.  They monitor your site 24/7, and in the event that there is ever a breach, they remove the malware and restore your site for you.  Much like an alarm system on your home, except home security systems won’t clean up the mess for you!