Self-Hosted Forum Hacked, Now What?

Posted by Adrian Speyer on Oct 10, 2013 10:04:28 AM
Find me on:

2 minute read

forum hacked checklist

The most heart-stopping moment a forum owner or administrator can have is the realization that their self-hosted forum has been hacked.  All the user data has been compromised and now it's up to you and your team to fix it. If it's some small solace, companies of all sizes have been hacked, so don't be so hard on yourself. The real test will be how you respond and how you maintain your community's confidence. The below checklist was built to help guide you through the process.

Forum Hacked Checklist

  1. Shut It Down: If your site is compromised, make sure you shut it down right away. Lock down login for all users. Change all passwords for your admins and to your database.

  2. Notify The Community: As soon as you have secured the site, place a message on the homepage giving some details, and clear indications you will update users as you get more info.  Link to a resource that will have updated information (for example a homepage or Twitter account). As a last resort, redirect traffic to another domain where you can share updates. You should also email all users and inform them to change their password on any service where they used the same password. It's also important to tell your community members that security is paramount. Explain that the site has been shut down so as to not take any chances while the problem is being investigated.

  3. Figure Out How It Happened: Before you bring your site back, you need to figure out how it happened. If you are not sure how it happened, speak with your host, search Google for known exploits, ask for help in the community or seek out professional help. You not only need to figure out how it happened, but you will have to ensure that you remove this issue from reoccurring. Nothing would be worse than having your site hacked again using the same exploit.

  4. Continue Communication: When a site is down, you can never communicate enough with your community. They trusted you with their data, the least you can do is keep them apprised of the developments. Be present on social media and publish frequent updates.

  5. Clean Up The Mess: Do a clean install, and import your community data from a trusted back-up. Test your site and maybe consider hiring a company to do a penetration test.

  6. Relaunch and Reset: When you feel ready to get going again, ensure you force all users to change their passwords. Also be ready to share with the community what happened and changes you have made to secure the forum for the future.

The checklist above should be a good start on what to do if your self-hosted forum gets hacked. Do you have a piece of advice we missed? Have an insight to share? Please share in the comments.

Vanilla Forums offers a secure cloud based solution for your community. We can also help you migrate your old forum to our platform. Try Vanilla Forums Cloud Solution free for 30-days.

Topics: Community

Related posts

Subscribe to the Community Corner Newsletter and get expert insight and analysis on how to get the most out of your online community every Friday.

Search this blog

Recent Posts

community playbook

Have an Article for Vanilla's Blog?

Send us an email to with your topic idea and we'll circle back with our publishing guidelines.

Customer Experience Update