Website defacement is a practice where an attacker replaces the content or the visual appearance of the website with their own content. These attacks are usually conducted by either exploiting vulnerabilities in unmaintained CMS platforms without the latest security updates or by using stolen hosting account usernames/passwords.

• Step 1: Verify that this is a malicious takeover of your website. An unfortunate but legal practice is to buy recently expired domain names to 'take over' the traffic they had for advertising purposes. It is very important to keep payments for your domain name in order.
• Step 2: If your website has been defaced, first regain control of your website login account and reset its password, see the Account Hijacking section for help.
• Step 3: Make a backup of the defaced site that can later be used for investigation of the defacement.
• Step 4: Temporarily turn off your website - use a simple landing page or 'parked' page.
• Step 5: Determine how your site was hacked. Your hosting provider may be able to help. Common problems are older parts of your site with custom scripts/tools running on them, out of date content management systems, and custom programming with security flaws.
• Step 6: Restore your original site from backups. If neither you, nor your hosting company have backups, you may have to re-build your website from scratch! Also note that if your only backups are at your hosting provider, an attacker may be able to delete those when they take control of your site!

Have this recommendations helped?

• Yes
• No

• Backups - In addition to the services and suggestions below, it’s always a good idea to make sure you have backups (that you store somewhere other than the same place your website is!). Many hosts and website platforms have this included, but it’s best to also have additional, offline copies.

• Keep software up to date - If you are using a Content Management System (CMS) such as WordPress or Drupal, make sure that your website technology is updated to the latest software, especially if there have been security updates.

• Monitoring - There are many services that can constantly check on your site and email or text you if it goes down. This Mashable article lists 10 popular ones. Be aware that the email or phone number you use for monitoring will be clearly associated with managing the website.

• My Website is Down
• Keeping your site alive
• Security in a Box
• Threat modeling, Surveillance Self Defense Guide
• DDoS proactive and reactive measures