How to Recover a Broken Website

By Jacqueline Sinex, Tuesday, September 9, 2025
Illustration fixing a broken site concept
Illustrated concept piecing together a broken website

Since most organizations rely on their website for marketing and customer service, it can be devastating to discover that your website is suddenly broken. While there are several possible causes for a website malfunction, site owners always need a quick solution to bring it back online.

What usually causes websites to break?

There are several reasons that a website can “break”. Causes can range from malfunctioning software to unexpected malware.

  • A recent update to the website might have caused an issue with the code.
  • There could be a conflict with a plugin or software platform.
  • A hacker might have infected the site with malware.
  • Someone could have mistakenly deleted files that are critical to the site’s operation.

 

What to do if you find your website is malfunctioning or offline

First, assess the situation.

Gathering as much detail as possible will help website administrators as much as the web developer and other IT professionals involved.

  • Is the website completely offline without anything displaying?
  • Are web pages displaying with partially broken and missing features?
  • Are there any visible error messages?
  • Did you make any recent changes to the website?
  • Was there any recent maintenance on the site or server?
  • Is the website defaced with any strange spammy content?
  • Is this a custom website built on a certain software platform?
  • Is this a template-based website on a hosted service like Wix or Square Space?

 

In most cases, you will need these three things to address the issue:

  • The website admin login
  • The server where the site is hosted
  • Access to backups

 

With that in mind, make sure you know all vendors associated with aspects the website:

  • The web hosting company
  • Your web developer
  • Anyone on your team who manages the website
  • Your IT manager or MSP provider
  • Your domain name registration or DNS provider

 

It’s a good idea to have these contacts handy in case they need to be contacted for support or if the person troubleshooting needs access to those tools.

To solve the website problem, you will need to gather access details for yourself or the technical professional assisting. To resolve the issues it is often necessary to login to the web hosting server and to the website software platform where you manage content and settings for the website.

For example, if you have a WordPress-based website, you will need your admin login for the WordPress admin interface.

And if your web developer or IT admin needs to evaluate the files and database, they will need your FTP credentials and your web hosting control panel login (such as cPanel).

 

Review backups and restoration options.

If the website is experiencing an error that is too complex to solve quickly, it may be necessary to restore a previous backup. Most web hosting companies keep a regular backup for redundancy and emergency hardware issues. Depending on your web hosting service plan and tools, you may have access to restore a backup yourself. In some cases, you may need to escalate a support ticket to the helpdesk to request a restoration for a fee.

Before you start down a winding rabbit hole, it’s a good idea to know what the options are.

Having a provider restore a backup may only take a few minutes or hours, versus the many longer hours of research and troubleshooting that could have been required.

If the problem only started recently, chances are there is a backup copy from previous days or weeks that is still in good working order.

There are subscription-based backup services that allow you to create and restore backups from a dashboard. An example of such a service that has a plugin and cloud storage options is Updraft for WordPress sites. But if there was not a service like this already in place, there won’t be a backup available to restore from that provider yet.

The prominent web host WPEngine boasts a robust Backup Point system via their administrative portal.

cPanel, which is the most popular control panel dashboard and used by WEBii customers, includes a backup tool in its suite of options. Since it is not automatically set to a schedule, the website owner needs to login regularly and create a new backup, and there must be enough storage space to support any backups.

Keep in mind that even after a successful restore, there may be follow up actions to take. If the site was compromised by a hacker, the new restored version needs to be verified as a clean copy and probably hardened with additional security practices to prevent the same incident from recurring.

Did something change on the website?

 Probably the best case scenario is being able to revert one small change to bring the website back to normal. So when starting this journey to relieve your website emergency, find out exactly what changed before the “breakage”.

Was there a recent content update that occurred right before?

Walk back the steps – edit by edit – page by page. It may be possible to “undo” the edits in a website editor, or at the least review them for typos and conflicting code. Page building platforms like Elementor have a history panel to wind back to previous versions. Repositories like Github allow developers to revert a branch or code change.

Was there a recent change to the server environment?

If a server admin or IT pro was working on other technology and server upgrades, this could have caused conflicts with the website. Coordination with these parties is critical to find out what was modified and align everything properly, or get help restoring a previous version.

Was there a software update?

Plugin software releases updates all the time. Sometimes these are very simple harmless code clean ups or security patches, while other times they are significant upgrades. For programs like WordPress, there may be multiple plugins installed and operating different critical features. If one of those plugins fails, it might throw others into a frenzy. Web developers recommend the slow and cautionary method of deactivating and reactivating each plugin one by one until the culprit is found. Once the conflicting item is found, it might be patched or removed completely.

It’s also helpful for developers to use tools like Developer Console to look for any obvious errors. If a debug error does appear, it could give insight into the exact feature causing the problem.

Website Security Theme Image WEBii

Website security theme image created by WEBii assisted by AI tools

 

What are signs that the website may have been hacked?

 There are many different methods that hackers use to abuse websites and different reasons that motivate them. Sometimes the website owner notices the problem, while other times they are alerted by a web host or other vendor.

One obvious sign of malicious website abuse is when the content has been defaced with completely irrelevant – and probably spammy – information. When visiting an important page in the website, it no longer displays the intended content and design from the business – instead a spammy or suspicious looking web page appears. It’s not uncommon for the malicious content to include casino or gambling references, adult content, supplements, or other popular products that encourage money-making leads.

At first, it can be confusing how this happened, because you may not be able to clearly see the spammy content inside of the editor of the website CMS. The hacker could have used database injection methods to abuse the site, or they may have infected the files on the server with other malware that redirects visitors to other URLs.

However, other times, a hacking attempt does not show an obvious design flaw on the front-end. The infection could be misdirecting emails to use the website’s tools as a spamming tool. Or, the malware could be redirecting website payments to an unauthorized party. These activities can be detrimental to the business who owns the website and also a big risk for the web hosting and email vendors.

 

If you suspect a website has been hacked, there are some things you can do:

  • Login to your website admin dashboard and immediately change all admin passwords.
  • Review the user logins for your website administrators and for FTP accounts. Remove unauthorized users immediately. If there are extraneous user accounts who no longer work on your website, consider removing those as well.
  • Run a malware scanning program on the website. For a CMS platform like WordPress, there are helpful plugin services like Wordfence that you can install and run within the site’s admin. If you still have full access to the admin dashboard, this is a great tool.
  • Enlist the help of a website cleaning and security service. Examples are Sucuri, Wordfence, and SiteGuarding. These services will offer an expert cleaning service and other tools to prevent further infection. They typically offer different levels to choose from and perhaps an “urgent” service option.
  • Review the files on your web server (even outside of the website content) for files with recent time stamps that were added or changed. Look for suspicious files with unrecognizable names that could be malware.
  • If possible, run a malware scan on the server level. This might be a tool available from your web hosting provider, another IT provider, or a third-party service. Allow it to detect infected files and report them back to you, so you can make decisions on which items need to be deleted or replaced. For example, malware files and scripts that redirect to other infected files could be hidden in a subdirectory.
  • The database could also contain malicious content. It’s important to consider the database in scans and know your database backup options.
  • If there are configuration files that contain sensitive login credentials, change those passwords and update the configuration settings.

 

Sometimes the case of a broken infected website is too severe. If cleaning the site is not realistic, restore a previous backup copy that you can confirm was not yet infected.

 

Hardening the website after a restoration

Once the website is back online and operational without any infection, make immediate plans to harden the site to prevent future infections. Afterall, once a hacker has located and successfully compromised your site, it is more likely to try to abuse that same domain again.

 

Prevention techniques include:

  • Add a firewall security layer from a service like Sucuri, SiteGuarding, Wordfence, or other reputable providers. These providers reference a large database of known security vulnerabilities and dangerous IP addresses to automatically detect threats.
  • Some web hosts provide their own security package you can add onto your web hosting service.
  • With some premium firewall services, you can block certain countries that are known for generating suspicious traffic. This is helpful if you do not do business with those outside locations and there is no need for people in those countries to view your website.
  • Enforce strong passwords and 2-factor authentication for admin logins. You can enhance sites with WordPress and other tools to activate this for all admins, which makes abusing logins less likely.
  • Ask all admins and vendors with login access to your site to check their own local devices for malware. If one person’s computer was infected, it is possible for it to gain access to the other platforms they logged into while on that computer. By keeping everyone’s machine clean, that doorway for abuse can be closed.
  • Audit plugins installed on the website and remove the expendable ones. The less software you have to maintain, the easier it is to keep the site healthy.
  • Do not store sensitive credentials in unencrypted files.
  • Keep the server technology up to date. For example, having the latest stable of PHP running is best practice. The web developer may need to upgrade the website’s design theme and features to remain compatible as technologies change.

 

Getting efficient help from web developers

Sometimes it is necessary to get a professional web developer involved in fixing the website. It’s important to understand that troubleshooting issues can be complex and require a lot of assessment, research, and trial. Site owners will need patience to allow the developer to cautiously do this work. By having all of the details related to the unique situation and technologies and logins involved, their job will be more efficient.

 

Final Thought

Experiencing a broken or hacked website can feel overwhelming, but with a clear plan and the right tools, you can recover quickly. The best defense is preparation—regular backups, strong security practices, and trusted support partners ensure your site stays resilient and ready for the future.

Posted in: How To, Security and IT, Tech Support, Web Site Maintenance, WWW Learning Center

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest & Greatest

Press Room

WEBii Celebrates the Launch of ExamiFire
WEBii Ranked as a 2024 Top Ethnic Minority-Owned Business in Austin

Contributors

avatar for Jacqueline SinexJacqueline Sinex (217)
avatar for Julianna TruittJulianna Truitt (2)
avatar for Aimee JohnsonAimee Johnson (4)
avatar for Julissa GuadagniJulissa Guadagni (5)
avatar for Jane Baxter LynnJane Baxter Lynn (1)
avatar for Lara HollersLara Hollers (1)
avatar for Kathleen HackneyKathleen Hackney (1)
avatar for Lidia S. HovhanLidia S. Hovhan (1)
avatar for Jessica PerkinsJessica Perkins (2)
avatar for Megan MarshallMegan Marshall (137)
avatar for Elizabeth FoleyElizabeth Foley (1)
avatar for Nathan MontgomeryNathan Montgomery (1)
avatar for Melanie ReynaMelanie Reyna (1)
avatar for Laura PattersonLaura Patterson (1)
avatar for Karina HarchandaniKarina Harchandani (6)
avatar for Maisie CantrellMaisie Cantrell (44)
avatar for Eli NewmanEli Newman (7)
avatar for Ryan FeldmanRyan Feldman (3)
avatar for Marketing EditorMarketing Editor (9)
avatar for Ruth HawkRuth Hawk (198)
avatar for Stacey WelchleyStacey Welchley (4)
avatar for Phillip SmithPhillip Smith (5)
avatar for Meredith SchraederMeredith Schraeder (2)
avatar for Jessica JonesJessica Jones (2)
avatar for Jen SayrooJen Sayroo (1)
avatar for Samantha RiveraSamantha Rivera (2)
avatar for Lizzy CederbergLizzy Cederberg (6)
avatar for Rachel SchelterRachel Schelter (3)
avatar for Alan SafaiAlan Safai (5)
avatar for Carmen SutherlandCarmen Sutherland (1)
avatar for Brian DisbotBrian Disbot (18)
avatar for Joey McGirrJoey McGirr (1)
avatar for Lanie CrowLanie Crow (3)
avatar for Ally HuggAlly Hugg (10)
avatar for Bryan LokeyBryan Lokey (13)
avatar for Bobby MartinezBobby Martinez (20)
avatar for MorganMorgan (6)
avatar for Rachael PierceRachael Pierce (27)
Top Web Developer in Austin

Web Insights, The WEBii Blog. Copyright 2022. WEBii.net. WebXess, Inc. Since 1996. 8500 Shoal Creek Blvd. Suite 4-104, Austin, TX 78757.