What to Do in the First 30 Minutes After Your Website Gets Hacked

Discovering your website has been hacked triggers pure panic: strange redirects, a defaced homepage, a browser warning with your business name on it. Panic leads to rushed decisions that make recovery harder. What you need is a short, ordered checklist. Here it is.
Minutes 0 to 10: contain the damage
First, do not delete anything. Wiping files destroys the evidence needed to find how the attacker got in, and if you miss the entry point, they will be back within days. Instead, take the site offline or enable maintenance mode so visitors stop being exposed to malware or scam redirects. Then change every password that touches the site: hosting account, admin users, database, FTP, and your email if it shares a password with any of them. Attackers plant admin accounts fast, so lock the doors before anything else.
Minutes 10 to 20: assess and preserve
Contact your host and report the compromise; good hosts have incident procedures and can isolate the account. Confirm your most recent clean backup exists and note its date, but do not restore yet. Restoring over an infected site without knowing the entry point often just reinstalls the vulnerability. Jot down a quick timeline: when things last looked normal, what was recently updated or installed, and any odd emails or login alerts you ignored. Those details save hours later.
Minutes 20 to 30: call in the cleanup
Unless you are comfortable auditing files and databases, this is where professionals earn their fee. A proper cleanup scans every file, removes injected code and backdoors, patches the vulnerability that let the attacker in, and then restores or rebuilds from a verified clean backup. Afterward, request a review through Google Search Console if your site was flagged, so the warning gets lifted quickly. Expect the full process to take hours, not weeks, when handled by someone who does it routinely.
The better plan is never needing this checklist. Awesome Website Guys care plans include security monitoring, malware scanning, daily backups, and a team that handles cleanups when the worst happens. If your site has no one watching it, get a care plan in place before an attacker finds it first.


