My account has been compromised. How do I fix it?

If your web hosting account has been compromised you should proceed with the following steps to secure/fix it.

1. You need to check if the script you use for your web site is up to date. You must update it to latest version. You need to contact your software vendor or web developer regarding steps how you can do the update.

2. You should scan your account for any files uploaded by the attacker under your public_html folder. They may upload php shells to be able to edit your files even after you update your software. Any files not uploaded by you must be removed from public_html.

3. You must change the permissions of your configuration files which contain passwords to 600. Each script has such a file which contains the login details for MySQL. It needs to be chmod to 600 so that others can’t read it and steal the password.

4. You must change your password for cPanel to a hard to guess password. A hard to guess password is [email protected]!z;[email protected]%Zdf.

5. Change the MySQL password to a new one which is hard to guess and then update it in the configuration file of your script. For WordPress the configuration file is called wp-config.php. The MySQL password can be changed from cPanel -> MySQL databases.

6. You should scan your computer for viruses in case your password was stolen by a trojan on your computer.

If your web site files were injected with malware, you should follow the steps above and also remove the malware code from your files. The malware is a virus which usually resides within iframe html code. You need to check your files and remove the malware from the infected ones.

There is nothing else you need to do regarding this. If your account gets compromised again after you have updated your software, that means you missed to update/secure some script which was used to hack your account. You will need to recheck everything from scratch and see if you missed to update any modules/extensions you installed in your account. It is very important to keep your account up to date and secure.

Was this helpful?

What’s your goal today?

1. Sign up to our newsletter and keep up to date with the latest news. Our team consist of highly skilled ex-sysadmins and hosting veterans, ready to share their unique hosting-related knowledge with you.

Sign up for ScalaHosting monthly News Letter and we will keep you up to date about the most valuable pieces of content we publish on our blog

2. Explore our VPS Hosting - with our 30-day unconditional money-back guarantee and free, effortless migration, you can try our award-winning Managed Cloud VPS solutions risk-free.


Working in the web hosting industry for over 13 years, Rado has inevitably got some insight into the industry. A digital marketer by education, Rado is always putting himself in the client's shoes, trying to see what's best for THEM first. A man of the fine detail, you can often find him spending 10+ minutes wondering over a missing comma or slightly skewed design.



    May 28, 2021 / 19:02

    some of the sites hosted in our reseller account had files that we didn’t upload, help us to make secure our host

    1. ScalaHosting
      ScalaHosting Staff

      March 15, 2022 / 13:29

      Hello, Elias,
      Make sure you check your account’s access logs to try and figure out who uploaded the files. That way, you’ll be able to take appropriate actions. Feel free to get in touch with our technical support experts if you have any further questions.

  2. Bradley Jones

    December 17, 2021 / 14:13

    My current IP is I have a dynamic IP so that may change, if it does I will submit a request for any change

    1. ScalaHosting
      ScalaHosting Staff

      March 15, 2022 / 12:36

      Hello, Bradley,
      As long as you have the correct login information, you should have no problems accessing your hosting account, regardless of the IP. If issues do arise, feel free to get in touch with our technical support experts who will assist you further.

Write a Comment


This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.