In this series, we will provide instructions to help anyone with moderate computer skills to fix a hacked website. Even before that point, though, you need to know if your site has been hacked. It could be behaving erratically for other reasons. You can check this by running our
free online website malware scanner.
If you think your site is being blocked because of malware, you can check Google's
safe browsing site status page. It will tell you if Google's software has scanned the site and deemed it unsafe to visit.
These outside-in scans won't detect all malware. Attacks such as crypto-mining, email spam, and spyware won't be caught. To be really sure your site is uncompromised, you should run an internal scan of the site on your own server.
These instructions apply primarily to sites built on content management systems (CMSs) such as WordPress and Drupal. Much of the advice, though, applies to all types of sites, so long as you have full control of the server.
Follow the steps below, then continue to the next article, which will explain how to clean up the problem.