Joomla: Website hacked - you should do that now

If your Joomla website has been hacked, you need to respond quickly. It is important that you take your homepage directly off the net to avoid further damage. We show you exactly which steps are necessary here.

Joomla hacked: Take the website off the internet and find a vulnerability

To ensure that your website is no longer accessible to anyone, first dial in to your server via FTP and then work through the following steps:

1. Then create a password protection using an htaccess file. This means that your website can only be accessed by entering a password.
2. In the next step, use a current antivirus program to check your computer for Trojans or viruses.
3. Now find out when your website was hacked. To do this, run a free security scan. In the evaluation, you already receive valuable information that will help you to close the leak and to recognize dangerous scripts.
4. Create a current backup of your website including the MySQL database. This will prevent further data from being deleted.
5. If there are still older data backups, you can also restore the website. However, it is important to catch the timing before the attack. The free tool WinMerge will help you with this. It compares files and folders and shows you all changes. Take an old backup file and compare it with the currently created version. Depending on whether you can find such a clean backup, you now have to do it differently:

Joomla hacked: restore website from backup

If you have found a clean fuse, put it back on. You can delete the previously created htaccess file with the password from the server. The next step is to prevent further hacker attacks with four simple steps.

1. Change all passwords at Joomla. This includes your database password, your admin password, the password for logging in to the hosting as well as all mail and FTP passwords. Our video shows what a really secure password is.
2. Always keep your Joomla version and all plugins up to date.
3. Invest in a firewall like Sucuri for your site.
4. Make a backup of your site and the MySQL database at regular intervals.

Joomla hacked: restore website without existing data backup

If you don't have a backup, restoring is not that easy. Since you are not sure whether the hacker has installed a backdoor script, you will have to delete all data from the server and set up your page again.

• For smaller websites, you can copy your texts and save them locally in a text editor on your computer. In addition, create a list of all extensions and modules that you want to use again.
• Then delete the entire Joomla installation and reinstall Joomla.
• After all extensions have been installed and you have adapted your template, copy the content back into the interface.
• This procedure is tedious for large pages. Here it is worth hiring a professional after the hacker attack. The cleans up for you and you get help on security. This can be particularly worthwhile if you make money with your site.

If you want to give your homepage a new look, there are free Joomla templates here.