Comprehensive guide for identifying and reporting website security breaches, with step-by-step instructions for gathering essential investigation information.

Signs of a Potential Hack

Common indicators that your site may have been compromised include:

• Unexpected changes to your website’s content or appearance
• Unusual traffic patterns or server behaviour
• Unauthorized admin users or unexplained user account changes
• Suspicious files or directories in your hosting account
• Search engines flagging your site as potentially harmful

Steps to Take

1. Don’t panic: While a potential hack is serious, staying calm will help you gather accurate information.
2. Don’t make changes: Avoid modifying your site or hosting account, as this might remove evidence needed for investigation.
3. Document everything: Start recording all unusual activities or changes you’ve noticed.
4. Gather information: Collect as much detail as possible (see the next section for specifics).
5. Report the issue: Create a support ticket with all the gathered information.

Information to Provide

When reporting a suspected hack, please include:

• Detailed description of why you think the site was hacked
• Screenshots of any suspicious activities or changes
• Steps to replicate the issue (if possible)
• Timestamps of when you first noticed the problem
• The last known time when the site was functioning normally
• Any recent changes made to the site before the suspected hack
• List of all plugins and themes installed on your WordPress site
• Any error messages you’ve encountered

How to Report

To report a suspected hack:

1. Log in to our support portal at https://support.wpcloud.ca/clientarea.php
2. Create a new support ticket
3. Choose the appropriate category related to security issues
4. Provide all the gathered information in the ticket description
5. Attach any relevant screenshots or log files

Alternatively, you can send an email to support@wpcloud.ca with all the necessary information.

What Happens Next

Once you’ve submitted a ticket:

• Our SOC team will be notified and will begin investigating your case.
• We may reach out for additional information if needed.
• We’ll provide updates on the investigation and any necessary steps to secure your site.

FAQs

Q: How long does the investigation usually take?
A: The duration varies depending on the complexity of the issue. We strive to begin investigations promptly and will keep you updated on the progress.

Q: Will my site be taken offline during the investigation?
A: In most cases, we can investigate without taking your site offline. However, if we detect active malicious activity, we may need to temporarily disable your site to prevent further damage.

Q: Can you recover my site if it’s been hacked?
A: In many cases, yes. Our team can often clean and restore hacked sites, especially with recent backups that WPCloud has available at all times.