Cloudflare Docs
Visit Support on GitHub
Set theme to dark (⇧+D)

Recovering from a hacked site

​​ Overview

If your website has been hacked recently, review the recommended steps below to recover a hacked website and prevent future hacks.

​​ Recovering from an attack

  • Request details about the hack from your hosting provider including how they believe the site was hacked.
  • Request your hosting provider remove the malicious content placed on your website.
  • Resolve site warnings in Google Webmaster Tools and resubmit your site for Google’s review once the hack has been resolved.

​​ Preventing and mitigating the risks of a future hack

To reduce the probability of future hack, take the following actions:

​​ Always update your Content Management System (CMS)

If you’re using WordPress, for example, ensure you’re on the most recent version of WordPress. CMS platforms push out updates to address known vulnerabilities. Always upgrade to the latest version when it becomes available.

​​ Ensure your plugins are updated

If you’re using plugins or extensions on your website or CMS, keep them updated.

​​ Activate Cloudflare’s  WAF managed rules

Customers on a paid Cloudflare plan can activate WAF managed rules to challenge or block known malicious behavior.

​​ Secure your admin login

Many hacks are due to brute force attacks on login pages. Review services like  Rublon or  Jetpack to help secure your site from attacks designed to target CMS platforms like WordPress.

​​ Backup your site

If your site becomes hacked, avoid losing valid content by using a service like  CodeGuard to restore your site from a backup.