The Internet has exploded with hacker activity, and you’d be amazed if you knew how often your site is being probed or attacked. Most sites may receive this kind of activity, but if a failure happens to you. There are a few step you can take to recover.

BE PROACTIVE

Set up a back-up system, or insure that your host is doing it for you. If you are using dynamic database system that utilizes PHP or a Content Management like WordPress or Drupal, make sure you have security measures in place. You want to institute higher security measures on dynamic sites, because there are more susceptible to code injection and take over. Typically, with a proper back-up, once the invaders have been flushed out and passwords changed, you can have your site back in a day (fingers crossed.)

If you have been hacked, the first thing you need to do is contact your host and inform them, then contact your web-services provider if they are separate. Key information (LIKE PASSWORDS) needs to be reset on your website and hosting immediately.
*May require an expert

• *FTP accounts – scrub these with new passwords delete any unfamiliar accounts
• WordPress/Drupal/Joomla/etc logins need to be reset, especially those with admin clearances, look for unfamiliar accounts
• *Email logins should also be updated

If you would like more on this topic, read here
https://kb.asmallorange.com/customer/portal/articles/1603741

Web Maintenance – Security