I would understand – as I have in the past – that when an attack on your website occurs, your first reaction would be “It’s the hosting company,” or “I’ve never liked that web designer’s shoes anyway”. But alas, the biggest vulnerability in your website is … you. In an internet that is largely run by amateurs (“I can run my own website, right?”), most hack attacks happen due to end-user – that’s you, if you run your own website – sloppiness and ignorance. While hosting companies, content management systems and most web designers have security at the top of their minds, end-users often don’t. They don’t secure their computers. They don’t update their website’s operating system. They install suspicious plugins on their computers or internet browsers.
Well then, now that we’ve set this record straight, let’s look at the way forward. It’s one thing to be aware of vulnerabilities, and another to take measures to prevent the most obvious attacks on your website. But I recommend, additionally, to ultimately accept the fact that your website is vulnerable, and in doing so, start to set up a back-up plan in case an attack would occur. Prepare for the worst.
Your website can be attacked via the server that hosts it, via the content management system that runs it (admin login or FTP), or via the computer that accesses the content management system.
HOST : First, choosing a reputable hosting company is imperative. Making sure no one can access your website from the server’s side, is essential. Additionally, I recommend to work with a local hosting company that has a solid online or telephonic support desk – you want them to be there when you need them. Check with your hosting company whether they keep back-ups of your website – a good hosting company will be able to go back in time and restore the website’s files from before the hack attack, assuming you detect the attack early.
So, what to do if your website does get hacked? Somebody – or something – has gained access to your website’s root files, to its content management administration or to your computer. Here are a couple of checks you can run:
Run a security check at
Type your website into Google search, and look for any malware notifications from Google.
If you can locate the files (or parts of files) that have been infected, remove the files (or parts of the file). Don’t forget to replace them with the clean files from your computer.