OK, now it’s time for the plan for the worst part—what should you do if your site is hacked?
Remember, don’t panic! The damage is probably already done and isn’t likely to get much worse (if you act quickly). Try to stay calm and provide your web host with as much information as you can, not necessarily limited to but including:
The domain name of the site that has been hacked, with a URL to a page illustrating the problem if possible.
Your cPanel username and your server’s IP address (or the server name if you know it). You can typically find the server IP address in the welcome account information that your web host sent you (you should never delete this information).
Your host will probably need to confirm that you are the legitimate owner of the site. Receiving an e‑mail or call from you isn’t necessarily good proof that you are who you say you are (as these can be spoofed). Your web host may ask you for your billing information...