Hacked Website

The most common reasons for a hacked (defaced) website include:

- Outdated web application. Every popular web application (Joomla, WordPress, PhpBB...)  has had security problems and that's why you have to use always the latest version.

- Outdated web application extension. If you have installed any third party extensions, you have to keep them up-to-date just as you keep your main web application. Very often users neglect this fact and outdated extensions become easily exploited by intruders.

- Weak user / administrator passwords. You must ensure that all users have strong passwords, especially the admin and the ones who can create content to your site.

- Infected local computer - some computer viruses/worms are known to steal FTP logins and after that add malicious code to web files. For this reason make sure to have an updated antivirus software and scan your computer for viruses regularly.

- Insecure Environment. Generally this is the least probable scenario. However, there are still web hosts which cannot properly isolate users from one another on a shared server. Other hosts cannot find the correct balance between security and usability in order to protect web sites without making them unusable.

We at Siteground are proud to offer the most secure web environment along with having the best security specialists. Thus, if your website has been hacked or you have other security problems, don't hesitate to take advantage of our web hosting offer.


  1. Reply September 28, 2015 / 14:42 Carolyn BiblesSiteGround Team

    I am receiving spam - Mail delivery failure messages from email messages I did not send! What should I do? I can forward the messages to you if that would be helpful. The email address listed is the one the messages are being sent from which is my email from one of my siteground accounts. Another email address I have that you can use to contact me is cebmntc@sbcglobal.net.

    Thank you,
    Carolyn Bibles

    • Reply September 29, 2015 / 07:17 escalationsSiteGround Team

      Post a ticket via your SiteGround user area and provide all relevant information so that our support team can review the case in details.

  2. Reply April 11, 2016 / 06:08 Roger MullinsSiteGround Team

    I am getting a 403 Forbidden Error on my website.
    I don't know or understand what that means but I cannot access most files on my website.
    The response I got on my ticket said I needed to "Resolve" issues but didn't tell me what those issues are nor how to resolve them. I have had excellent service from Siteground for several years but telling me I need to resolve issues and not telling me what those issues are or how to resolve them is not good service.
    Please help !

    • Reply April 11, 2016 / 12:51 escalationsSiteGround Team


      It is and always has been in our best interest to assist the customers in resolving such cases as good and quickly as possible. If the information provided in the initial notice in not sufficient to you, please post an update in our HelpDesk with a request for additional information and our technical support team will gladly assist you. Technical support for such issues is provided solely through our HelpDesk system.

  3. Reply July 25, 2016 / 22:50 JoySiteGround Team

    I have been receiving 403 error messages on my site since mid May. I reopened a ticket several times and it has not been addressed. I am paying for Hack Alert and my site has been reported as "clean." However, Mcafee Site Advisor Red listed my site and I am getting over 50 403 error codes per day from the Google Search Console

    • Reply July 26, 2016 / 08:44 escalationsSiteGround Team

      The best we could suggest is to update your ticket so that our team can review the case again and provide adequate solution. Make sure to include all details related to the case in your post.

  4. Reply April 7, 2017 / 19:34 seanSiteGround Team

    I have received hundreds of emails in the last 24 hours. All of them are about a "failed transaction" and show the credit card has not been accepted. Also the sender's email address is our own: sales@lilyofangeles.com.

    We also received one email showing that someone else is replying to messages that our customers send us.

    I have already changed passowrds of Magento, SiteGround, Yahoo, etc...

    Should I do anything else?
    Kind regards,
    Sean Sahrai

    • Reply April 11, 2017 / 11:38 Ivan AtanasovSiteGround Team

      You should also scan all local computers that are used for access to your website(s), hosting accounts, and emails. This will allow you to secure your local systems so that issues with compromised logins will not be observed.

      Additionally, I would recommend that you post a ticket from your User Area -> Support. We will review the local DNS Zone for your domain and will provide you with a proper SPF record which you can add in the authoritative DNS Zone, assuming you are sending messages from our servers.

      Of course, we will also scan your account against our malware detection filters.

* (Required)