Enter a URL
There are other site scanners as well. Sucuri has one, as do services like Siteguarding. Run your URL through one or more of these services to see if any of them come up with a worrisome result.
Cleaning a Compromised Site
I already linked to our primary article on how to recover from a site hacking, but I’ll go over some tips here.
The first thing you should do is determine the extent of the hack. If your admin account is compromised, it could access more than one page. If it’s a hack of your CMS, they might not have had access to your back-end data. It’s also possible that the hack came through your advertising rather than your site itself, and so recovery is as simple as reporting and removing that specific malicious ad from rotation.
If your account has been compromised, look into other potential accounts that might have been compromised as well. Too many people share passwords and account names, and if a hacker compromises one, they might be able to compromise another. Check your email accounts for unauthorized access, as well as other important accounts.
One critical thing to check is recovery information. I’ve personally had a Microsoft account hacked where the hacker added their own information to the recovery list; if I tried to change my password, they would get the password reset email too and could change it back. If I hadn’t noticed, they could have then locked me out of the account entirely. Always look for changed or unusual contact information and remove it before you change your account information.
If any third party service, be it your web host, your email, or your bank is compromised, look for any specific hacking recovery information from that service. Some services, like PayPal, have specific processes you can follow to make sure you recover and re-secure your account.
As for your site itself, figure out how much of your site has been compromised, in what ways, and for how long. Ideally, it’s not a widespread hack, and it hasn’t been hacked for long. Look for any backups of your site you have taken, and examine them to see if they were compromised as well. Ideally, you can simply restore your site from a previous backup, recover any lost content, and re-secure your site. If you have no backups, well, now’s the time to start them. Well, “now” as in after your site has been cleaned; you don’t want a compromised backup.
Remove any compromised files and replace them with clean files. Update any and all plugins, themes, and CMS platforms as necessary. If any plugins are older than six months or so without an update, consider replacing them with an actively maintained plugin.
Finally, consider implementing as many layers of security as possible. Two-factor authentication is generally a good idea to prevent unauthorized access to your accounts. You should also install a plugin or monitoring service like Sucuri to help monitor and prevent future attempts to hack your page.
Oh, and make sure you follow any laws regarding compromised user information. In America, for example, if a data breach includes personally identifiable information, you must notify your users within a certain period of time, as determined by state or regional law. Failure to disclose a breach can leave you liable for extreme damages.