Steps to recover hacked Drupal sites

, , ,

Steps 1. Take the website down. -

Immediately take down the website. There are 2 reasons for this. One reason is to prevent visitors getting malicious code, seeing error messages, etc.
The other one is to prevent hacker from causing further damage to your site.

Steps 2. Contact hosting provider. -

Inform Hosting provider they will help you to find out what happened and how to recover it.

Steps 3. Change all user and account passwords. -

Change all passwords including hosting control panel, ftp accounts .Check your site’s users accounts to see if there’s been a new user created.

Steps 4. Take backup of the website -

Take backup of website including code and database. Download the backup file from the remote server.

Steps 5. git status -

Remove all untracked files.

Steps 6. Check code execution attempts via menu_router -

select * from menu_router where access_callback = 'file_put_contents'

another option is

select * from menu_router where access_callback = 'assert';

Steps 7. Look for PHP files in directory -

find . -path "*php"

Steps 8. Find all users -

select * from all users

Steps 9. Delete all sessions-

truncate table sessions;

Steps 10. Revert to master

git reset HEAD filename 

Steps 11. Take the website Live


  • Backup All Data and Files
  • Stop Using Generic User names & Passwords
  • Maintain Secure password
  • By Protecting .htaccess
  • Check the files and Folder Permission
  • Add Re-Captcha In Login Page
  • Restrict the Upload Content
  • Update everything

Related Post

Latest Post

Recent Posts Widget

Make sure to never miss a thing...

Get the latest news from the creative industry along with other creative goodies, conveniently delivered to social media.