Email hacking is one of the very unfortunate downsides to living in our highly-connected, digital world. Below are a few tips to consider to prevent or lower the chance of this happening, and what to do if your account has been hacked.

Change your password

This is the very first thing you need to do to ensure the hacker can’t get back into your account. It is essential that your new password is complex and totally unrelated to previous passwords. Always use at least 8 to 10 characters with a variety of upper and lowercase characters, and add a few symbols and numbers. cPanel users have the option of using the password generator to create complex passwords.

Tip! It is best to keep this password unrelated to your personal life.

Not sure how to change your email password?

No problem! Here are articles with steps included to help you:

How do I change my Email Password in cPanel

How to change my email password in Website Panel (.Net)

Let your email contacts know

Part of a hacker’s strategy is to get access to your address book with the aim of hacking others as well. Send a message to all your email contacts as soon as possible so that they know to avoid opening any emails, which is probably loaded with malware, that have come from “you”. 

Change your Customer Zone password and security question

Customers are able to access their domain’s control panels via their customer zones. It would be best to update your security question and answer if the hacker gained access via the Customer Zone. You are able to update the password here as well. 

Check your forwarding settings

It is not uncommon for hackers to modify your email settings so that a copy of every email you receive is automatically forwarded to them. Not only can they monitor your logins for other sites, but they’ll keep a watchful eye over any interesting personal information! So, check your mail forwarding settings to ensure no unexpected email addresses have been added. Don’t forget to check your email signature to ensure nothing "spammy" has been added.

Click here to see forwarding rules via cPanel.

Click here to see forwarding rules via Website Panel (.Net) 

Scan your computer for malware and viruses

This is also important. If you find anything, please ensure it is addressed, and then change your email password again. If you don’t have an anti-virus then it would be best to invest in one. Free versions have limitations to what they can scan. Comprehensive security software will provide you with an effective digital shield. 

Update your website CMS

If you are using software such as WordPress or Joomla, it is extremely important to keep these up to date. After every update, the software developers release notes which points out what security issues they fixed that existed in previous versions. Hackers will then exploit this vulnerability and gain access to your site to send emails if you have a contact form in place.

Add a Captcha

Captcha is used to prevent bots from automatically submitting forms with SPAM or other unwanted content. Google and other companies use it to prevent bots from creating multiple Gmail accounts. Users will have to enter this additional information every time they have to submit a form. If your website does not have a Captcha yet, consult your web developer to have one added.


Look out for oddly named website files

After a website has been hacked, it would be best to do a restore of the site from before it was compromised as the hacker may have left a file that will allow them to return. Immediately thereafter the site should be updated and secured. If a backup is not available, have your web developer look out for oddly named website files that does not belong in your website folder.

Re-install plugins and themes

Backdoors on a WordPress install are most commonly stored in themes and plugins. These should be treated exactly the same as your CMS and must be kept up to date as they will have their own security vulnerabilities.

Add your website to cWatch

Simply put Website Security is a protection tool for your website, web servers and web applications against the increasing sophistication of hacker threats. A complete website protection software provides early detection, immediate remediation and proactive preventive measures.