Website Hack Protection and Incident Recovery

Our company is engaged in the development, support and maintenance of sites of any complexity. From simple one-page sites to large-scale cluster systems built on micro services. Experience of developers is confirmed by certificates from vendors.

8+Years of workmore info 900+Completed projectsmore info 100+In house employeesmore info 19+Partnersmore info

Development and maintenance of all types of websites:

Informational websites or web applications

Business card websites, landing pages, corporate websites, online catalogs, quizzes, promo websites, blogs, news resources, informational portals, forums, aggregators

E-commerce websites or web applications

Online stores, B2B portals, marketplaces, online exchanges, cashback websites, exchanges, dropshipping platforms, product parsers

Business process management web applications

CRM systems, ERP systems, corporate portals, production management systems, information parsers

Electronic service websites or web applications

Classified ads platforms, online schools, online cinemas, website builders, portals for electronic services, video hosting platforms, thematic portals

These are just some of the technical types of websites we work with, and each of them can have its own specific features and functionality, as well as be customized to meet the specific needs and goals of the client.

Offered services

Showing 1 of 1 servicesAll 2065 services

Website Hack Protection and Incident Recovery

Medium

~3-5 business days

FAQ

Our competencies:

Free consultation

Book a free consultation if you have any questions. A dedicated specialist will advise you.

Cost calculation

If you know what exactly you need to develop, or you already have a ready-made technical task.

Development stages

Latest works

Development of a web application for FEEDME
1161
Development of an online store for the company FURNORO
1041
Development of a web application for Enviok
822
CRM development for Chasseurs
847
Website development for SBH Partners
999
Website development for Red Pear
451

Show more works

Website Hack Protection and Recovery

Website hacking has two phases: resolving consequences (active hack) and strengthening protection (prevention of recurrence). Work in this order, not the other way around.

Signs of Hacking

Google/Yandex shows malware warning
Site redirects to third-party resources
New unknown files or pages appear
Unexplained new admin users
Server sends spam (blacklisted IP)

Phase 1: Containment

# Put site into maintenance mode
php artisan down  # Laravel

# Snapshot for forensics
tar -czf /tmp/hacked-site-$(date +%Y%m%d).tar.gz /var/www/mysite/

# Block suspicious IPs
ufw deny from 1.2.3.4

Phase 2: Diagnosis

# Find modified files from last 7 days
find /var/www/mysite -type f -newer /var/www/mysite/composer.json -name "*.php" 2>/dev/null

# Search for backdoors
grep -r "eval(base64_decode" /var/www/mysite/ --include="*.php"
grep -rn "system\|exec\|passthru\|shell_exec" /var/www/mysite/uploads/ --include="*.php"

# PHP in uploads — sign of webshell
find /var/www/mysite/uploads -name "*.php" -type f

# WordPress: verify checksums
wp core verify-checksums
wp plugin verify-checksums --all

Phase 3: Cleanup

# Deploy clean copy from Git
git clone [email protected]:myorg/mysite.git /var/www/mysite-clean

# Transfer only media files (no PHP)
rsync -av --include="*.jpg" --include="*.png" --include="*.pdf" \
  --exclude="*.php" /var/www/mysite/uploads/ /var/www/mysite-clean/uploads/

# Verify with ClamAV
clamscan -r /var/www/mysite-clean/uploads/

# WordPress: reinstall core
wp core download --force

Phase 4: Hardening

# Block PHP execution in uploads
location ~* /uploads/.*\.php$ { deny all; }

# Hide server version
server_tokens off;

# Protect configuration files
location ~* \.(env|htaccess|git)$ { deny all; return 404; }

# Correct file permissions
find /var/www/mysite -type f -exec chmod 644 {} \;
find /var/www/mysite -type d -exec chmod 755 {} \;
chmod 600 /var/www/mysite/.env

# Fail2ban for brute force
# /etc/fail2ban/filter.d/wordpress.conf
# failregex = ^<HOST>.*"POST /wp-login.php

Preventive Measures

2FA for all admin accounts
WAF (Cloudflare, ModSecurity)
Auto-update critical components
Login attempt limiting (Fail2ban)
Regular audit of files and users

Notifying Search Engines of Recovery

Google Search Console → Security Issues → Mark as fixed → Request review
Yandex Webmaster → Security → Request check

Warning removal: Google — 1–3 days, Yandex — 1–5 days.

Hack recovery — 1–3 days. Security hardening — 1–2 days additional.