Your Perth business website has been compromised. Perhaps customers are reporting a Google warning when they try to visit your site. Perhaps you noticed unfamiliar content or redirects to gambling sites. Perhaps your hosting provider sent an abuse notification at 2 AM. Whatever brought you here, you need a clear plan of action.
This guide applies to any website platform — WordPress, Shopify, Squarespace, Magento, Laravel, or custom-built applications. The principles of incident response, evidence preservation, and recovery are the same regardless of the technology stack. We have helped Perth businesses across every industry recover from website compromises, and this guide condenses that experience into an actionable framework.
Perth's Cyber Threat Landscape
Western Australia has unique characteristics that shape its cyber risk profile:
Mining and Resources Supply Chain
Perth is the operational hub for Australia's mining and resources sector. Businesses in this supply chain — from Welshpool equipment suppliers to West Perth engineering consultancies — are attractive targets for attackers seeking intellectual property, tender information, or a foothold into larger mining companies.
Geographic Isolation and Time Zone
Perth's UTC+8 time zone means when a hack occurs at midnight Perth time, it is the middle of the working day in Eastern Europe (where many cybercrime operations are based). Most east coast Australian security firms are two to three hours ahead, and international incident response teams may be asleep. This time zone gap can mean longer response times unless you have a plan in place.
Small Business Dominance
Over 97% of WA businesses are small businesses. Many lack dedicated IT staff, let alone cyber security specialists. Websites are often built once and maintained infrequently, creating a large population of vulnerable targets.
Tourism and Hospitality
Perth, the Swan Valley, Margaret River, Broome, and the Coral Coast attract significant domestic and international tourism. Hospitality websites handling bookings and payments are prime targets for data theft.
Emergency Response Checklist
Execute these steps in order. Do not skip ahead — each step builds on the previous one.
Step 1: Confirm the Compromise (5 Minutes)
- Visit your site in an incognito/private browser window
- Check Google Safe Browsing:
transparencyreport.google.com/safe-browsing/search?url=yoursite.com.au - Log into Google Search Console and check the Security Issues section
- Ask your hosting provider if they have flagged anything on your account
- Check your email for any alerts from security plugins or monitoring services
Step 2: Contain the Damage (15 Minutes)
- Enable maintenance mode or take the site offline
- Change every password: hosting panel, CMS admin, FTP/SFTP, database, email
- Revoke all active user sessions in your CMS
- If you have SSH access, check for active connections:
whoandlast - Notify any staff members who have admin access to change their passwords and scan their devices
Step 3: Preserve Evidence (15 Minutes)
# Create an evidence directory
mkdir -p ~/incident-evidence/$(date +%Y%m%d)
# Backup the infected site
tar -czf ~/incident-evidence/$(date +%Y%m%d)/site.tar.gz /var/www/html/
# Backup the database
mysqldump --single-transaction -u user -p database > ~/incident-evidence/$(date +%Y%m%d)/database.sql
# Copy server logs
cp /var/log/apache2/*.log ~/incident-evidence/$(date +%Y%m%d)/
cp /var/log/nginx/*.log ~/incident-evidence/$(date +%Y%m%d)/ 2>/dev/null
# Document file modification times
find /var/www/html -type f -printf "%T+ %s %p\n" | sort -r > ~/incident-evidence/$(date +%Y%m%d)/file-timeline.txt
This evidence is critical for two reasons:
- Forensic analysis — understanding what happened and how to prevent it
- NDB compliance — if personal data was accessed, you need evidence for your OAIC notification
Step 4: Assess the Scope (30 Minutes)
Determine which tier of compromise you are dealing with:
| Tier | Description | Indicators | Typical Recovery |
|---|---|---|---|
| 1 — Defacement | Homepage replaced with attacker's message | Visible change, usually political | 2–4 hours |
| 2 — SEO Spam | Thousands of spam pages indexed under your domain | Japanese/Chinese text in Google results | 4–8 hours |
| 3 — Data Theft | Customer data accessed or payment details stolen | No visible symptoms; discovered via fraud reports | 8–24 hours + NDB |
| 4 — Full Compromise | Attacker has server-level access, multiple sites affected | Cryptomining, multiple backdoors, rootkit | 1–5 days |
Step 5: Clean and Restore
The cleanup process depends on your platform:
For WordPress (most common in Perth):
# Verify WordPress core file integrity
wp core verify-checksums
# List plugins with available updates
wp plugin list --update=available
# Check for users you do not recognise
wp user list --role=administrator
For any platform:
- Compare every file against a known-good version (Git repository, vendor download, or pre-hack backup)
- Remove all files that should not exist
- Update every component to its latest version
- Regenerate all secrets (API keys, salts, tokens)
- Rebuild from scratch if the compromise is too deep to clean confidently
Step 6: Harden and Monitor
Post-recovery security measures:
- File integrity monitoring — WO Security Shield watches every file on your site and alerts you within minutes of any change
- Web Application Firewall — Cloudflare has a Perth edge node, providing both security and performance benefits for WA visitors
- Automated backups — daily, stored off-server (AWS Sydney region for Australian data residency)
- Two-factor authentication — on every account with admin access
- Regular updates — set a weekly calendar reminder
Step 7: Request Google Review
1. Google Search Console → Security Issues
2. Review what Google detected
3. Click "Request a Review"
4. Describe: what you found, what you removed, what you implemented to prevent reoccurrence
5. Wait 1–3 business days for the warning to be removed
6. Monitor rankings — Perth local results typically recover within 2–6 weeks
NDB Compliance for WA Businesses
The Notifiable Data Breaches scheme applies to all Australian businesses with annual turnover over $3 million (and some smaller businesses in specific sectors including health and financial services).
Key Obligations
Assessment (within 30 days):
- Determine if personal information was accessed
- Assess whether serious harm is likely
- Document your assessment process
Notification (if harm is likely):
- Notify the OAIC via the online form at
oaic.gov.au - Notify affected individuals with: what happened, what data was involved, recommended protective steps
- Include contact details for your business
What constitutes "serious harm":
- Financial data (credit cards, bank details) — almost always notifiable
- Health information — almost always notifiable
- Government identifiers (TFN, Medicare, driver's licence) — almost always notifiable
- Name + email + password — usually notifiable if passwords were not properly hashed
- Name + email only — generally not notifiable unless combined with other factors
Perth Businesses in Specific Sectors
Some sectors have additional obligations:
- Healthcare — My Health Records Act imposes separate notification requirements
- Financial services — APRA-regulated entities have separate incident reporting obligations
- Government contractors — WA government contracts often include specific cyber incident notification clauses
Cost of Professional Recovery in Perth
| Service | Cost (AUD) | Timeline |
|---|---|---|
| Basic malware cleanup | $400–$1,200 | 4–8 hours |
| Advanced cleanup with forensics | $1,200–$4,000 | 1–3 days |
| Full forensic report (NDB-grade) | $4,000–$10,000 | 3–7 days |
| Complete rebuild with hardening | $5,000–$20,000 | 1–4 weeks |
| Ongoing security monitoring | $75–$300/month | Continuous |
Cost of NOT Repairing Properly
| Impact | Estimated Cost |
|---|---|
| Lost revenue (1 week of downtime) | Varies — $500 to $50,000+ depending on business |
| NDB penalty (failure to notify) | Up to $50 million |
| Customer trust damage | Unquantifiable but often the most expensive |
| SEO recovery (if Google delists you) | 3–12 months of lost organic traffic |
| Repeat hack (if not hardened properly) | Double the original cleanup cost |
WA-Specific Resources
- WA ScamNet (Department of Mines, Industry Regulation and Safety) —
scamnet.wa.gov.au— report cyber crime affecting WA consumers - ACSC (Australian Cyber Security Centre) —
cyber.gov.au— report incidents and access free resources - OAIC —
oaic.gov.au/privacy/notifiable-data-breaches— NDB notification portal - ReportCyber —
cyber.gov.au/report— official incident reporting for Australian businesses - Cloudflare Perth edge — using Cloudflare gives Perth visitors sub-10ms latency to the WAF, significantly better than routing through Sydney
Get Emergency Help Now
If your Perth business website is currently compromised, WO Security Shield offers emergency response with typical turnaround under 4 hours. We handle every aspect of recovery — from initial forensics through cleanup, hardening, and ongoing monitoring — so you can focus on your business and your customers.
Do not wait for the problem to get worse. Every hour a compromised site stays online means more potential data exposure, further ranking damage, and increasing NDB compliance risk.
Related Articles
- WordPress Hacked Site Repair Perth: Complete Recovery Guide — WordPress-specific repair guide for WA businesses
- Website Malware Cleanup in Perth — step-by-step malware removal for Perth sites
- WordPress Security Incident Response: What to Do in the First 60 Minutes — detailed emergency response protocol
- SEO Spam Injection: How Attackers Hijack Your Search Rankings — understand the most common attack in Australia
- How Much Does WordPress Malware Removal Actually Cost? — pricing guide for Australian businesses