If you think your hosting account, website, or email has been compromised, it’s critical to act quickly. This guide walks you through the immediate steps to take, how to limit damage, and how we can help restore your services securely.
Common Signs of a Compromised Account
You might notice:
-
Unexpected login notifications or unknown IP addresses
-
Website defacement or strange redirects
-
Suspicious files or code injections
-
Emails being sent without your knowledge
-
Passwords no longer working
-
Google or browser warnings on your site
If you notice any of these red flags, take action immediately.
Step 1: Change Your Passwords
Update all related login credentials as soon as possible:
-
Your client area password
-
Your cPanel password
-
FTP, email, and database passwords (if applicable)
-
WordPress or CMS admin credentials
Use strong, unique passwords and avoid reusing old ones.
Step 2: Enable or Reset Two-Factor Authentication (2FA)
If you already have 2FA enabled, reset it to invalidate any unauthorized token access.
If you don’t, enable 2FA now to prevent future breaches.
-
Go to My Profile > Security Settings to set it up.
Step 3: Scan Your Website for Malware
Use one of the following tools:
-
Security plugins like Wordfence (WordPress), ImunifyAV, or SiteLock
-
Manual review of recent file changes in File Manager or via FTP
Look for suspicious scripts, base64-encoded files, or unexpected .php uploads in /public_html/.
Step 4: Contact Support Immediately
Open a Trust & Safety support ticket and include:
-
The date/time of the suspicious activity
-
A description of what you noticed
-
Any recent changes you made (plugins, logins, etc.)
We’ll help verify the compromise, investigate logs, and take appropriate measures such as suspending malicious processes or isolating affected files.
Preventing Future Incidents
-
Keep CMS software, themes, and plugins updated
-
Avoid using cracked or unauthorized plugins or templates
-
Regularly scan for vulnerabilities
-
Enable login alerts and keep contact email up to date
