Discovering your website has been hacked is unsettling, but acting in the right order limits the damage and speeds up recovery.
Step 1: Don't panic-delete anything yet
Before making changes, take note of what looks wrong (strange redirects, unfamiliar admin accounts, defaced pages) so you can investigate properly.
Step 2: Restore from a clean backup if you have one
If you have a backup from before the hack, restoring it is usually the fastest path back to a working site. This is why regular backups matter — many Hostinger plans include them automatically.
Step 3: Change all your passwords
Update your hosting account, domain registrar, and website admin (e.g. WordPress) passwords immediately, in case credentials were exposed.
Step 4: Update everything
Outdated plugins, themes, and core software are common entry points. Update everything to the latest version once your site is clean.
Step 5: Scan for lingering malware
A scan helps confirm the hack is fully removed, not just hidden. Many hosting providers offer security scanning tools or can recommend one.
Step 6: Review who has access
Remove any admin accounts or access you don't recognize or no longer need.
Built-in protection: Hostinger includes security monitoring tools on hosting plans, 20% off with code QGNAFFBUSPYA.
See secure hosting plans