Web Insights

FEATURED STORIES SUBSCRIBE FREE WEB SERVICES  

HOW TO RECOVER A BROKEN WEBSITE

By Jacqueline Sinex, Tuesday, September 9, 2025 Latest & Greatest
How to Recover a Broken Website

Designing for Trust: How to Build Credibility in Your Website

Why Humans Still Matter: The Irreplaceable Role of Human Insight

in Web Design

Web Design Approaches to Login Page Design

Unlocking the Power of User-Generated Content

Beyond Pretty Pictures: Why Solid Web Design Matters (More

Than You May Think)

Getting Creative with Your 404 Not Found Page Design

Press Room
WEBii Celebrates the Launch of ExamiFire

WEBii Ranked as a 2024 Top Ethnic Minority-Owned Business in Austin

Contributors

Jacqueline Sinex (217)

Julianna Truitt (2)

Aimee Johnson (4)

Illustrated concept piecing together a broken website

Julissa Guadagni (5)

Since most organizations rely on their website for marketing and customer service, it can
be devastating to discover that your website is suddenly broken. While there are several Jane Baxter Lynn (1)

possible causes for a website malfunction, site owners always need a quick solution to
Lara Hollers (1)
bring it back online.

Kathleen Hackney (1)

What usually causes websites to break?

Lidia S. Hovhan (1)
There are several reasons that a website can “break”. Causes can range from
malfunctioning software to unexpected malware. Jessica Perkins (2)

A recent update to the website might have caused an issue with the code. Megan Marshall (137)
There could be a conflict with a plugin or software platform.
A hacker might have infected the site with malware. Elizabeth Foley (1)
Someone could have mistakenly deleted files that are critical to the site’s operation.
Nathan Montgomery (1)

Melanie Reyna (1)

What to do if you find your website is Laura Patterson (1)

malfunctioning or offline Karina Harchandani (6)

First, assess the situation. Maisie Cantrell (44)

Gathering as much detail as possible will help website administrators as much as the
Eli Newman (7)
web developer and other IT professionals involved.

Ryan Feldman (3)

Is the website completely offline without anything displaying?
Are web pages displaying with partially broken and missing features?
Marketing Editor (9)
Are there any visible error messages?
Did you make any recent changes to the website?
Ruth Hawk (198)
Was there any recent maintenance on the site or server?
Is the website defaced with any strange spammy content?
Stacey Welchley (4)
Is this a custom website built on a certain software platform?
Is this a template-based website on a hosted service like Wix or Square Space? Phillip Smith (5)
In most cases, you will need these three things to address the issue: Meredith Schraeder (2)

Web Insights
The website admin login
FEATURED STORIES SUBSCRIBE FREE WEB SERVICES  
Jessica Jones (2)
The server where the site is hosted
Access to backups
Jen Sayroo (1)

Samantha Rivera (2)

With that in mind, make sure you know all vendors associated with Lizzy Cederberg (6)
aspects the website:
Rachel Schelter (3)
The web hosting company
Your web developer Alan Safai (5)
Anyone on your team who manages the website
Your IT manager or MSP provider Carmen Sutherland (1)
Your domain name registration or DNS provider
Brian Disbot (18)

Joey McGirr (1)

It’s a good idea to have these contacts handy in case they need to be contacted for
support or if the person troubleshooting needs access to those tools.
Lanie Crow (3)

To solve the website problem, you will need to gather access details for yourself or the
Ally Hugg (10)
technical professional assisting. To resolve the issues it is often necessary to login to the
web hosting server and to the website software platform where you manage content and
Bryan Lokey (13)
settings for the website.

For example, if you have a WordPress-based website, you will need your admin login for Bobby Martinez (20)

the WordPress admin interface.

Morgan (6)

And if your web developer or IT admin needs to evaluate the files and database, they will
need your FTP credentials and your web hosting control panel login (such as cPanel). Rachael Pierce (27)

Review backups and restoration options.

If the website is experiencing an error that is too complex to solve quickly, it may be
necessary to restore a previous backup. Most web hosting companies keep a regular
backup for redundancy and emergency hardware issues. Depending on your web hosting
service plan and tools, you may have access to restore a backup yourself. In some cases,
you may need to escalate a support ticket to the helpdesk to request a restoration for a
fee.

Before you start down a winding rabbit hole, it’s a good idea to know what the options
are.

Having a provider restore a backup may only take a few minutes or hours, versus the
many longer hours of research and troubleshooting that could have been required.

If the problem only started recently, chances are there is a backup copy from previous
days or weeks that is still in good working order.

There are subscription-based backup services that allow you to create and restore
backups from a dashboard. An example of such a service that has a plugin and cloud
storage options is Updraft for WordPress sites. But if there was not a service like this
already in place, there won’t be a backup available to restore from that provider yet.

The prominent web host WPEngine boasts a robust Backup Point system via their
administrative portal.

cPanel, which is the most popular control panel dashboard and used by WEBii customers,
includes a backup tool in its suite of options. Since it is not automatically set to a
schedule, the website owner needs to login regularly and create a new backup, and there
must be enough storage space to support any backups.

Keep in mind that even after a successful restore, there may be follow up actions to take.
If the site was compromised by a hacker, the new restored version needs to be verified as
a clean copy and probably hardened with additional security practices to prevent the
same incident from recurring.

Did something change on the website?

Probably the best case scenario is being able to revert one small change to bring the
website back to normal. So when starting this journey to relieve your website emergency,
find out exactly what changed before the “breakage”.

Was there a recent content update that occurred right before?

Walk back the steps – edit by edit – page by page. It may be possible to “undo” the edits
in a website editor, or at the least review them for typos and conflicting code. Page
Web Insights
FEATURED STORIES SUBSCRIBE FREE WEB SERVICES  
building platforms like Elementor have a history panel to wind back to previous versions.
Repositories like Github allow developers to revert a branch or code change.

Was there a recent change to the server environment?

If a server admin or IT pro was working on other technology and server upgrades, this
could have caused conflicts with the website. Coordination with these parties is critical to
find out what was modified and align everything properly, or get help restoring a previous
version.

Was there a software update?

Plugin software releases updates all the time. Sometimes these are very simple harmless
code clean ups or security patches, while other times they are significant upgrades. For
programs like WordPress, there may be multiple plugins installed and operating different
critical features. If one of those plugins fails, it might throw others into a frenzy. Web
developers recommend the slow and cautionary method of deactivating and reactivating
each plugin one by one until the culprit is found. Once the conflicting item is found, it
might be patched or removed completely.

It’s also helpful for developers to use tools like Developer Console to look for any obvious
errors. If a debug error does appear, it could give insight into the exact feature causing the
problem.

Website security theme image created by WEBii assisted by AI tools

What are signs that the website may have been

hacked?
There are many different methods that hackers use to abuse websites and different
reasons that motivate them. Sometimes the website owner notices the problem, while
other times they are alerted by a web host or other vendor.

One obvious sign of malicious website abuse is when the content has been defaced with
completely irrelevant – and probably spammy – information. When visiting an important
page in the website, it no longer displays the intended content and design from the
business – instead a spammy or suspicious looking web page appears. It’s not
uncommon for the malicious content to include casino or gambling references, adult
content, supplements, or other popular products that encourage money-making leads.

At first, it can be confusing how this happened, because you may not be able to clearly
see the spammy content inside of the editor of the website CMS. The hacker could have
used database injection methods to abuse the site, or they may have infected the files on
the server with other malware that redirects visitors to other URLs.
However, other times, a hacking attempt does not show an obvious design flaw on the
front-end. The infection could be misdirecting emails to use the website’s tools as a FEATURED STORIES
Web Insights
SUBSCRIBE FREE WEB SERVICES  
spamming tool. Or, the malware could be redirecting website payments to an
unauthorized party. These activities can be detrimental to the business who owns the
website and also a big risk for the web hosting and email vendors.

If you suspect a website has been hacked, there are some things you
can do:

Login to your website admin dashboard and immediately change all admin
passwords.
Review the user logins for your website administrators and for FTP accounts.
Remove unauthorized users immediately. If there are extraneous user accounts who
no longer work on your website, consider removing those as well.
Run a malware scanning program on the website. For a CMS platform like
WordPress, there are helpful plugin services like Wordfence that you can install and
run within the site’s admin. If you still have full access to the admin dashboard, this
is a great tool.
Enlist the help of a website cleaning and security service. Examples are Sucuri,
Wordfence, and SiteGuarding. These services will offer an expert cleaning service
and other tools to prevent further infection. They typically offer different levels to
choose from and perhaps an “urgent” service option.
Review the files on your web server (even outside of the website content) for files
with recent time stamps that were added or changed. Look for suspicious files with
unrecognizable names that could be malware.
If possible, run a malware scan on the server level. This might be a tool available
from your web hosting provider, another IT provider, or a third-party service. Allow it
to detect infected files and report them back to you, so you can make decisions on
which items need to be deleted or replaced. For example, malware files and scripts
that redirect to other infected files could be hidden in a subdirectory.
The database could also contain malicious content. It’s important to consider the
database in scans and know your database backup options.
If there are configuration files that contain sensitive login credentials, change those
passwords and update the configuration settings.

Sometimes the case of a broken infected website is too severe. If cleaning the site is not
realistic, restore a previous backup copy that you can confirm was not yet infected.

Hardening the website after a restoration

Once the website is back online and operational without any infection, make immediate
plans to harden the site to prevent future infections. Afterall, once a hacker has located
and successfully compromised your site, it is more likely to try to abuse that same
domain again.

Prevention techniques include:

Add a firewall security layer from a service like Sucuri, SiteGuarding, Wordfence, or
other reputable providers. These providers reference a large database of known
security vulnerabilities and dangerous IP addresses to automatically detect threats.
Some web hosts provide their own security package you can add onto your web
hosting service.
With some premium firewall services, you can block certain countries that are
known for generating suspicious traffic. This is helpful if you do not do business
with those outside locations and there is no need for people in those countries to
view your website.
Enforce strong passwords and 2-factor authentication for admin logins. You can
enhance sites with WordPress and other tools to activate this for all admins, which
makes abusing logins less likely.
Ask all admins and vendors with login access to your site to check their own local
devices for malware. If one person’s computer was infected, it is possible for it to
gain access to the other platforms they logged into while on that computer. By
keeping everyone’s machine clean, that doorway for abuse can be closed.
Audit plugins installed on the website and remove the expendable ones. The less
software you have to maintain, the easier it is to keep the site healthy.
Do not store sensitive credentials in unencrypted files.
Keep the server technology up to date. For example, having the latest stable of PHP
running is best practice. The web developer may need to upgrade the website’s
design theme and features to remain compatible as technologies change.
 Web Insights
FEATURED STORIES SUBSCRIBE FREE WEB SERVICES  
Getting efficient help from web developers
Sometimes it is necessary to get a professional web developer involved in fixing the
website. It’s important to understand that troubleshooting issues can be complex and
require a lot of assessment, research, and trial. Site owners will need patience to allow
the developer to cautiously do this work. By having all of the details related to the unique
situation and technologies and logins involved, their job will be more efficient.

Final Thought

Experiencing a broken or hacked website can feel overwhelming, but with a clear plan and
the right tools, you can recover quickly. The best defense is preparation—regular backups,
strong security practices, and trusted support partners ensure your site stays resilient
and ready for the future.

Jacqueline Sinex, Managing Director

website security

Posted in: How To, Security and IT, Tech Support, Web Site Maintenance, WWW Learning Center

<< Designing for Trust: ..

Your email address will not be published. Required fields are marked *

C O M M E NT *

Name *

Email *

Website

POST COMMENT

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Web Insights, The WEBii Blog. Copyright 2022. WEBii.net. WebXess, Inc. Since 1996. 8500 Shoal Creek Blvd. Suite 4-104, Austin, TX 78757.

Free Newsletter How to Do Keyword Research Share Your Story Contact WEBii