To do this, press Ctrl + Shift + ESC, if we are talking about Windows; punch the resource through the webmaster panel in Google – they will show where there is malicious code, the number of pages in the index;
check the server access logs for suspicious activity — for example, mass requests from the same IP address or from different addresses but with very similar characteristics;
check the logs for why the performance of the site has increased dramatically — from what moment something started to “load” it.
Experts advise to carry out such a check at least once a week in order to notice the hacking in time.
Instructions — what to do if the site is hacked
If you do not have a full—time programmer or you are not strong in technical aspects, you can order services to restore the site. Specialists will find and eliminate malicious code, test site security, eliminate vulnerabilities and unblock the site in search engines. They are also likely to give recommendations on how to strengthen security.
If you want to restore the site yourself, you will have to go through these steps.
First of all, put a stub that gives 200 server response. Indicate on it that technical work is underway on the site and it will be available again soon.
Collect information from the logs — access_log and error_log, the FTP server log. Write down all the errors and anomalies that you found, with the date and pages.
Contact the hosting provider and tell us about your situation. On the one hand, he will be able to analyze the hacking, on the other hand, he will be warned that such situations are possible. Which is especially important if you use shared hosting.
Go through the antivirus on all computers from which your site was accessed.
Check if your IP address is in spam databases.
Replace the password to the hosting, site admin panel, FTP server. The password must be quite complex. Here again, a service similar to Keypass can help, which generates long passwords containing various characters.
Restore the operation of the site using a backup.
If you haven’t updated the CMS for a long time, you should definitely do it at least now. Look at all notifications from the engine about updates and download them.
Scan the site for malicious scripts with one of the services that we mentioned in the section about checking the security of the site.
Install security plugins and scripts if you don’t have them yet.
Set up authorization by IP address for the admin, disable PHP functions that are not usually used on the site.
Notify Google that the site is “cured”. Inform the service that you have cleared your site and ask them to remove it from the blacklist.