Discovering your site is hacked is stressful, and stress leads to mistakes — deleting the wrong thing, restoring a backup that reintroduces the hole, or tipping off the attacker before you understand what happened. A calm, ordered process gets you out faster.
Step by step
- Back up the current state first — even infected, it's evidence and a safety net.
- Change all passwords: WordPress, hosting/cPanel, FTP, and database.
- Take the site offline or into maintenance mode if it's harming visitors.
- Review access and error logs to find the entry point and timeline.
- Remove the malicious code and any rogue users, files, or scheduled tasks.
- Close the vulnerability that allowed it — the most important step.
- Harden, monitor, and request removal from any blacklists.
Then prevent the next one
Recovery isn't finished when the site loads again. Updates, backups, monitoring, and a hardened configuration are what stop a repeat — because a site that was vulnerable once is a target until the underlying weakness is gone.
When to call in help
If your site is already down, hacked, or eating bandwidth, every hour of guesswork costs money. Ximbalo runs a full diagnostic, finds the root cause, and gives you a clear repair estimate before any work begins.
Book a consult or request a $250 assessment from the homepage — we get you back online and hardened against the next attack.