Is My Site Broken or Hacked?!

As a rule of thumb, it’s safe to say that if you did not make any changes on your website, your webmaster hasn’t and your hosting company hasn’t then someone has hacked your site.  Websites don’t usually just stop working for no reason.

Some of the most common flags to the issue are:

  • Nothing showing up
  • There are ads for sexual performance drugs on your website, or
  • You have gotten an email from their hosting provider saying you are sending out spam.

One of the first things you can do is run a quick scan on Sucuri to see if it comes up infected.  There are instances where an infected site doesn’t show as such using their free scan but it is a good place to start.  Having used Sucuri to get sites clean and running, as usual, the turn around with them has usually been pretty fast.

The other option that might be available is turning to your hosting company.  The service options vary across hosting companies so you’ll want to check with them immediately to see if they can clean it for you.  This hasn’t always been available but with the onslaught of security breaches, most hosting companies are trying to be proactive in getting things cleaned up quickly.  And since it’s in their best interest to keep their servers clean it makes good sense.

After you have your site clean you’ll need to do some housekeeping immediately by resetting passwords for the following items:

  • Joomla login (change the password and the username)
  • FTP login
  • Hosting Account Login (especially if it is the same as the FTP login)
  • Database login, on this one you’ll need to also make that change in the config.php file of your Joomla installation.  Your webmaster or hosting company should be able to assist in this change.

Sucuri has a great article on “Steps to Stay Clean“.

If your website software isn’t up-to-date then now would be the time to make those upgrades.  Things you should look at would be the CMS (i.e. Joomla, WordPress…) version, installed extensions and template.  If you are not interested in upgrading then you might want to look at the Scuri website firewall product as a level of protection until you are ready to upgrade.


  • Get Clean
  • Reset Passwords
  • Upgrade Site
  • Backup Regularly!

Further reading: Most Common Attacks Affecting Today’s Websites & Understanding Denial of Service and Brute Force Attacks – WordPress, Joomla, Drupal, vBulletin