Recovering from a hacked site
If your website has been hacked recently, review the recommended steps below to recover a hacked website and prevent future hacks.
To recover from an attack, reach out to your hosting provider to request:
- Details about the hack, including how they believe the site was hacked.
- That your hosting provider remove any malicious content placed on your website.
Once the hack has been resolved, you should resolve site warnings in Google Webmaster Tools ↗ and resubmit your site for Google’s review.
To prevent the risk of a hacked site:
- Activate Cloudflare's WAF managed rules so they can challenge or block known malicious behavior.
- If you use a Content Management System (CMS), make sure you have the most recent version installed (CMS platforms push out updates to address known vulnerabilities).
- If you use plugins, make sure they are updated.
- If you have an admin login page, protect it with Cloudflare's Rate limiting rules or a Cloudflare Access policy.
- Use a backup service so you can avoid losing valid content.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark