{"id":2259,"date":"2025-07-10T11:22:30","date_gmt":"2025-07-10T11:22:30","guid":{"rendered":"https:\/\/hostrago.com\/knowledge-base\/?p=2259"},"modified":"2025-07-10T11:22:32","modified_gmt":"2025-07-10T11:22:32","slug":"hacked-cpanel-account-troubleshooting","status":"publish","type":"post","link":"https:\/\/hostrago.com\/knowledge-base\/hacked-cpanel-account-troubleshooting\/","title":{"rendered":"How to Troubleshoot a Hacked cPanel Account (Step-by-Step Guide)"},"content":{"rendered":"\n<p>Discovering a <strong>Hacked cPanel Account<\/strong> can be alarming, especially when your website starts behaving abnormally, sends spam emails, redirects visitors, or even becomes completely inaccessible. A <strong>hacked cPanel account<\/strong> compromises your entire hosting environment, putting all website data, emails, databases, and user trust at risk.<\/p>\n\n\n\n<p>If you suspect that your <a href=\"https:\/\/cpanel.net\/\" target=\"_blank\" rel=\"noopener\">cPanel <\/a>account has been hacked, it\u2019s critical to act immediately. In this blog, we&#8217;ll walk you through the complete process of <strong>troubleshooting a hacked cPanel account<\/strong>, securing your data, cleaning up infected files, and preventing future breaches.<\/p>\n\n\n\n<p>At <strong>HostraGo<\/strong>, we prioritize security and provide full support to customers facing such incidents. Let&#8217;s explore how you can recover and secure your hosting account efficiently.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Signs That Your cPanel Account is Hacked<\/h2>\n\n\n\n<p>Some common signs include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Website redirects to unknown or malicious sites<\/li>\n\n\n\n<li>Suspicious files or scripts in your public_html directory<\/li>\n\n\n\n<li>Your website is flagged as <em>Deceptive Site Ahead<\/em> by Google<\/li>\n\n\n\n<li>Unknown email accounts or spam being sent from your domain<\/li>\n\n\n\n<li>Modified <code>.htaccess<\/code> or index.php files<\/li>\n\n\n\n<li>Login attempts or password changes without your knowledge<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Steps to Troubleshoot a Hacked cPanel Account<\/h2>\n\n\n\n<p>Let\u2019s go through the action plan step by step:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Step 1: Change cPanel &amp; FTP Passwords Immediately<\/h3>\n\n\n\n<p>The first and most important step is to <strong>change your cPanel password<\/strong> and any FTP account credentials:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Log in to your <strong>WHM<\/strong> or <strong>cPanel<\/strong><\/li>\n\n\n\n<li>Navigate to <strong>Password &amp; Security<\/strong><\/li>\n\n\n\n<li>Update all passwords \u2014 use a strong, unique combination<\/li>\n<\/ol>\n\n\n\n<p>Repeat this for:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>FTP accounts<\/li>\n\n\n\n<li>Email accounts<\/li>\n\n\n\n<li>MySQL users (if suspicious activity is seen)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Step 2: Scan Files for Malware and Suspicious Code<\/h3>\n\n\n\n<p>Use cPanel\u2019s built-in tools or third-party scanners like:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>ClamAV Virus Scanner<\/strong><\/li>\n\n\n\n<li><strong>ImunifyAV (Free &amp; Pro)<\/strong><\/li>\n\n\n\n<li><strong>SiteLock<\/strong> or other malware cleanup tools<\/li>\n<\/ul>\n\n\n\n<p>Scan these directories:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>\/public_html<\/code><\/li>\n\n\n\n<li><code>\/tmp<\/code><\/li>\n\n\n\n<li><code>\/home\/username\/.trash<\/code><\/li>\n<\/ul>\n\n\n\n<p>Remove or quarantine any suspicious files immediately.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Step 3: Clean Up Infected Website Files<\/h3>\n\n\n\n<p>After scanning, follow these tips:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Delete or replace compromised files<\/li>\n\n\n\n<li>Re-upload fresh files from a clean backup<\/li>\n\n\n\n<li>Remove <strong>eval()<\/strong>, <strong>base64_decode()<\/strong>, or long obfuscated code from PHP files<\/li>\n\n\n\n<li>Check <code>.htaccess<\/code> for unwanted redirects or rewritten paths<\/li>\n<\/ul>\n\n\n\n<p>If you use a CMS like WordPress, reinstall core files and plugins.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Step 4: Restore from Backup (If Available)<\/h3>\n\n\n\n<p>If the hack is severe or you can\u2019t fully clean it:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Use cPanel\u2019s <strong>JetBackup<\/strong> or <strong>Backup Wizard<\/strong><\/li>\n\n\n\n<li>Choose a backup date <strong>prior to the hack<\/strong><\/li>\n\n\n\n<li>Restore files, databases, and emails<\/li>\n<\/ol>\n\n\n\n<p>If you don\u2019t have backups, contact <a>HostraGo Support<\/a> \u2014 we may be able to recover data from server-level snapshots.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Step 5: Update All CMS\/Plugins\/Themes<\/h3>\n\n\n\n<p>If you&#8217;re using CMS platforms like:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>WordPress<\/li>\n\n\n\n<li>Joomla<\/li>\n\n\n\n<li>Drupal<\/li>\n<\/ul>\n\n\n\n<p>Immediately update:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Core software<\/li>\n\n\n\n<li>All plugins and extensions<\/li>\n\n\n\n<li>Themes or templates<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">Step 6: Check Email and Cron Jobs<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Remove unknown cron jobs (go to <strong>cPanel > Cron Jobs<\/strong>)<\/li>\n\n\n\n<li>Delete suspicious email forwarders or auto-responders<\/li>\n\n\n\n<li>Change passwords for all mailboxes<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Prevention Tips: How to Avoid Getting Hacked Again<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Keep software updated<\/li>\n\n\n\n<li>Use only trusted plugins\/themes<\/li>\n\n\n\n<li>Regularly scan and back up your website<\/li>\n\n\n\n<li>Use SSL for encrypted connections<\/li>\n\n\n\n<li>Monitor login and access logs<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Need Help from Experts?<\/h2>\n\n\n\n<p>If you&#8217;re unable to fix a <strong><strong>hacked cPanel account<\/strong><\/strong> or feel overwhelmed, don\u2019t panic \u2014 we\u2019re here to help.<\/p>\n\n\n\n<p>\ud83d\udcde <a href=\"https:\/\/hostrago.com\/contact-us\">Contact HostraGo Support<\/a> \u2014 Our team will assist you in malware cleanup, data recovery, security hardening, and server scanning.<\/p>\n\n\n\n<p>Looking for secure and hardened web hosting?<br>\ud83d\udc49 <a href=\"https:\/\/hostrago.com\/\">Explore HostraGo\u2019s Secure Web Hosting Plans<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Final Thoughts<\/h2>\n\n\n\n<p>Getting a <strong>hacked cPanel account<\/strong> under control requires immediate action, technical knowledge, and the right tools. From changing passwords to scanning files and restoring backups, each step plays a key role in restoring your website and protecting your data.<\/p>\n\n\n\n<p>With HostraGo, you get not just high-performance hosting, but also peace of mind through reliable support and built-in security features that protect your business 24\/7.<\/p>\n\n\n\n<p>\ud83d\udee1\ufe0f Stay safe, stay updated \u2014 and let us help you maintain a secure hosting environment.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Discovering a Hacked cPanel Account can be alarming, especially when your website starts behaving abnormally, sends spam emails, redirects visitors, or even becomes completely inaccessible&#8230;.<\/p>\n","protected":false},"author":1,"featured_media":2260,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[21],"tags":[539,542,491,536,541,540,537,538],"class_list":["post-2259","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cpanel","tag-cpanel-malware-scan","tag-cpanel-password-reset","tag-cpanel-security","tag-hacked-cpanel-account","tag-hostrago-cpanel-fix","tag-restore-hacked-website","tag-website-hacked","tag-whm-security"],"menu_order":0,"_links":{"self":[{"href":"https:\/\/hostrago.com\/knowledge-base\/wp-json\/wp\/v2\/posts\/2259","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostrago.com\/knowledge-base\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostrago.com\/knowledge-base\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostrago.com\/knowledge-base\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostrago.com\/knowledge-base\/wp-json\/wp\/v2\/comments?post=2259"}],"version-history":[{"count":1,"href":"https:\/\/hostrago.com\/knowledge-base\/wp-json\/wp\/v2\/posts\/2259\/revisions"}],"predecessor-version":[{"id":2261,"href":"https:\/\/hostrago.com\/knowledge-base\/wp-json\/wp\/v2\/posts\/2259\/revisions\/2261"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hostrago.com\/knowledge-base\/wp-json\/wp\/v2\/media\/2260"}],"wp:attachment":[{"href":"https:\/\/hostrago.com\/knowledge-base\/wp-json\/wp\/v2\/media?parent=2259"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostrago.com\/knowledge-base\/wp-json\/wp\/v2\/categories?post=2259"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostrago.com\/knowledge-base\/wp-json\/wp\/v2\/tags?post=2259"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}