All guides
Emergency support6 min read

Magento hacked store: first response checklist

What to do in the first hour if a Magento store appears hacked, including evidence preservation, containment and safe recovery.

Preserve the current state first

If you suspect a compromise, do not immediately delete files or restore a backup without thinking. Take a snapshot of code, database and logs so you can understand what happened and avoid restoring the same problem.

Contain the risk

Disable suspicious admin users, restrict admin access, block obvious malicious traffic, take affected payment components offline if needed and check whether checkout has been modified.

Then remediate properly

Once the store is stable, find the entry point. Missing patches, exposed config, weak credentials, abandoned modules and writeable web roots are common causes.

Next step

Got this problem on a live store?

Send the URL or book a call. You will get a practical answer on whether it needs a patch, an upgrade, emergency work or just a cleaner maintenance plan.