Chykalophia Docs
Troubleshooting

I think I was hacked

Immediate steps to take if you believe your website or business accounts have been compromised.

troubleshootingsecuritywordpressbeginner

Discovering — or even suspecting — a hack is alarming. Your instinct might be to start changing things immediately, but acting in the right order matters. This guide tells you exactly what to do, step by step, to contain the damage and start recovery.

Quick summary

Stop, document, and contain — in that order. Don't delete anything yet. Contact us immediately. The most important actions are: change your passwords, contact us, and don't use the compromised accounts for anything sensitive until they're secured.

This needs urgent attention

If you believe your site or accounts are actively compromised, email support@chykalophia.com with "URGENT: Possible hack" in the subject line and your site URL. We'll prioritize your case.

Signs your site may have been hacked

Not sure if it's actually a hack? Look for these warning signs:

  • Google or your browser shows a "This site may be hacked" or malware warning
  • Visitors are being redirected to a different, unrelated website
  • New pages, posts, or users appeared that you didn't create
  • Your site is sending spam emails without your knowledge
  • Your hosting provider suspended your account due to "malicious activity"
  • You see strange code or gibberish text in your content
  • Your site has been defaced (replaced with different imagery or messages)
  • Your admin password no longer works

Step 1 — Don't panic — and don't delete anything yet

Stop what you're doing. Don't start deleting files or changing things without guidance.

Take screenshots of everything unusual — error messages, strange content, unfamiliar admin users, anything out of the ordinary.

Write down when you first noticed the issue and what you were doing at the time.

Preserving evidence helps us understand how the breach happened — which is essential for preventing a recurrence.

Step 2 — Change your passwords immediately

Start with the accounts that control the most access.

Change your WordPress admin password — from a different device or network if possible.

Change your hosting account password.

Change your email account password — especially if you use the same email for your website and financial accounts.

Change your domain registrar password.

Enable two-factor authentication on every account that supports it. See setting up two-factor authentication.

Use a different device to change passwords

If your usual computer may be compromised, use your phone or a different computer to change passwords. This prevents a keylogger (software that records keystrokes) from capturing your new passwords.

Step 3 — Contact us

Contact us at support@chykalophia.com before you do anything else to your site. Include:

  1. Your site URL
  2. What you noticed and when
  3. Any screenshots of unusual activity
  4. What you've already changed

We'll take it from there. Our recovery process includes:

  • Scanning the site for malware
  • Removing any malicious code or injected content
  • Identifying unauthorized users and removing them
  • Checking and restoring from a clean backup if needed
  • Hardening your site's security to prevent recurrence

Step 4 — Check other accounts

A compromised site often signals a wider problem. Check:

  • Were your email credentials used anywhere else? If you reuse passwords, every account with the same password is at risk.
  • Are any financial accounts linked to the compromised email address?
  • Check your email's sent folder for emails you didn't send.
  • Check your bank and payment accounts for unauthorized transactions.

Step 5 — Notify affected parties if needed

If customer data may have been exposed:

Make a list of what data your site stores. Customer names, emails, addresses, order history?

Consult a legal or compliance advisor if personal data was likely accessed. Depending on your region and industry, you may have legal obligations to notify affected individuals.

Data breach regulations

Many countries and US states have laws requiring businesses to notify customers within a certain number of days of a data breach. Contact a legal advisor if you're unsure of your obligations.

Common questions

Need a hand?

If you're stuck, email support@chykalophia.com and we'll help. Include your website address and a screenshot if you can.

I got a suspicious email — what now?

How to assess whether an unexpected or suspicious email is a phishing attempt, and what to do next.

How to clear your cache & hard refresh

Step-by-step instructions for clearing your browser cache and doing a hard refresh on Mac, Windows, iPhone, and Android.

On this page

Signs your site may have been hackedStep 1 — Don't panic — and don't delete anything yetStep 2 — Change your passwords immediatelyStep 3 — Contact usStep 4 — Check other accountsStep 5 — Notify affected parties if neededCommon questionsRelated guides
I think I was hacked | Chykalophia Docs