PrestaShop Hacked: What to Do?

Despite PrestaShop's reliability, no platform is completely immune to vulnerabilities - especially when third-party modules are involved. So, discovering that your online store has been hacked is not uncommon. Even giants like Facebook have suffered massive data breaches. While this is a serious issue, it’s not the worst-case scenario as long as you act quickly and effectively.

What Should You Do First?

Many store owners continue running their PrestaShop without shutting it down for maintenance, even after realizing they've been hacked. We strongly advise against this for several reasons:

User Risk: Your customers often use the same email and passwords across multiple sites, which puts them at significant risk if credentials are stolen.
Payment Data Exposure: Hackers could access sensitive payment card information.
Phishing Platform: Your site could be used to distribute phishing content, infecting other users.
SEO Damage: If Google detects malicious code, your site could be blacklisted, and recovering your reputation could take months.

As soon as you detect a breach — pause your site. Put up a maintenance page and get to work.

You Stopped the Site — Now What?

If you’ve partnered with a reliable PrestaShop development agency, your site is likely hosted on a VPS with version control. In this case, recovery could take just 1–2 days.

However, if you opted for a budget shared hosting plan without version control (only backups), the situation could be much worse. Hackers might have infiltrated your store months ago, infecting files over time. No antivirus will catch everything, and your backups could already be compromised.

In that scenario, you’ll need to:

Reinstall modules and themes from trusted sources.
Manually reapply any custom changes.

It’s a time-consuming process, but it’s essential to clean your system thoroughly and avoid future breaches.

Recovery Steps for VPS + GIT Users

Rollback Files: Use your version control system to revert to the latest clean state.
Lock File Permissions: Set file permissions to 555 (read-only) and only allow write access where absolutely necessary (like cache directories).
Block PHP File Changes: On a VPS, use tools like chattr to prevent the PHP interpreter from modifying critical files.

Even after removing the malicious code, the entry point may remain hidden. So what’s next?

Digging Deeper:

Audit Third-Party Modules: Update outdated extensions and scan them for vulnerabilities.
Scan the Database: Export your database, search for suspicious scripts or links, and run heuristic scans with AI tools.

Additional Security

Regenerate All User Passwords.
Implement Request Monitoring: Invest in monitoring tools to track POST requests for at least a year - this helps detect the original breach point and other potential vulnerabilities.

Getting hacked is frustrating, but it’s not the end of the world. It’s a wake-up call to improve your security practices and work with PrestaShop experts who can minimize future risks.

WM Web Agency has extensive experience handling such incidents. If you need help, don’t hesitate to reach out!