When I’m developing a WordPress website or doing WordPress website maintenance, people often asked how do I know if my WordPress website has been hacked?
More often than not, there are some telltale signs that can help you to find out if the WordPress website is hacked or compromised.
This article will cover some of the most common signs of a WordPress website is hacked and what are the most recommended steps or ways to clean it up.
1. Sudden Drop of Website Traffic
One of the sign of a WordPress website is hacked is when you notice that there is a sudden drop of traffic in your analytics report (if your analytics tracking code is set up properly).
However, a sudden drop in website traffic can also caused by many other reasons. For example, malware on your WordPress website may also redirecting your visitor to another website or spam website.
Another possible factor for a sudden drop in website traffice can be that Google’s safe browing tool is showing warnings to users when they landed on your website.
There are more than 10,000 websites blacklisted by google due to malware. Its important for website owner to pay attention to their WordPress security. You can see your website’s safety report using Google’s safe browsing tool.
With our WordPress Maintenance and Support Service, we also do help to monitor and notify website owner when the website is being blacklisted by search engine like Google. So you will be alerted
2. Your Website is Slow
Nowadays, websites are easily targetted with random denial of service (DDoS attacts). DDoS uses several hacked servers by using fake IP addresses all over the world. They can send tons of request to your website server and actively trying to break into your website.
Such attack will slow down your website, unresponsive and unavailable. You can check your server logs to see which IPs is making too many requests to your website and block their IPs or block the user agents that they use to attack your website.
3. Unusual Activity in the Server Logs
When you login to your hosting account, you will be able to access to your server log files. Server logs stored all the records of all errors occurring on your website or server.
Those server logs can help you to have a detailed view of what’s going on when your WordPress website is under attack. They also contain IP addresses that used to access your website, so that you can block those suspicious IP addresses.
The logs also show server errors that you may see inside your WordPress admin dashboard that causing your website to crash or unresponsive.
4. Bad Links Added to Your Website Contents
This is one of the most common signs of a hacked website. Hackers uses backdoor to access to your WordPress website and modify the database.
Some of them add links that redirect to spammy websites. Usually those links are added at the footer of the website, but they could be anywhere including within your website content.
You will need to find and fix the backdoor and start protecting your website from being hacked again in future.
5. Unable to Login to WordPress Dashboard
If you are unable to login to your WordPress website (you’re 100% sure that you use the correct username and password), then there is a good chance that hackers gained access to your account and deleted your WordPress admin account. If this is the case, means that you won’t be able to reset your password from the login page since the account is basically non exist anymore.
You can try to add back your admin account using phpMyAdmin. This feature is accessible via your hosting dashboard. However, your website will still remain unsafe until you figure out or solve how your website being hacked.
6. Suspicious New User Accounts in WordPress Admin
If you are seeing new user accounts in your WordPress admin dashboard, but you don’t remember you allowing new user registration, then your WordPress website is likely hacked.
Usually those accounts will have the administrator user role, and you may not be easily remove it from your WordPress admin dashboard. You may try to remove those suspicious account by using phpMyAdmin. Again, you will need to find out why hackers managed to go into your WordPress admin dashboard.
7. Unknown Files and Scripts on Server
If hackers have a way to go into your server, they will be able to add some files or scripts into your server. Some hackers may also modify your WordPress core files by inserting their own code inside the files. The easiest way is to track those files by installing a security plugin and monitor the health of your WordPress website.
If you website is hosted on SiteNotion’s WordPress Managed Hosting, we will include a Defender plugin that will scan all your WordPress files and alert you when it finds an unknown file or script on the server. From there, you can decide whether to remove it or keep it for time being. Do note that not all unknown files bad. Some are critical files that added by your plugins provider and should not be removed.
8. Failure to Send or Receive WordPress Emails
Some hackers will user your hacked server to send spam emails. If you’re unable to send or receive WordPress emails, then there is a chance that your WordPress mail server is compromised and being used to send spam emails.
9. Hijacked Search Results
When you search your website on Google and it shows incorrect website titles or meta description, but when you login to your WordPress dashboard, you still see the correct title and meta description. If this is the case, then there is a sign that your WordPress website is hacked.
Hackers can gain access to your website via backdoor and inject malicious code to modify your website data in a way that it only visible to search engines.
10. Users Randomly Redirected to Unknown Websites
If you realized that your website is redirecting visitors to another website, that means that your WordPress website is hacked.
This hack often goes unnoticed as it does not redirect logged-in users. It means if you login to your WordPress admin dashboard and view your website, you will be viewing the correct website. But if you log out from your admin dashboard and view your website, you will be redirected to another unknown website.
These types of hacks are caused by backdoor or malware being injected on your website.
How to Secure and Fix your Hacked WordPress Website
Fixing Hacked WordPress Website
I can totally understand how frustrated it is when your WordPress website is hacked. Cleaning up a hacked website can also be incredibly painful and difficult. That’s why we recommend you to let experts to clean up your website.
If your website is hosted with our WordPress Managed Hosting or subscribe to our WordPress Maintenance and Support service, then we will clean it up for you if the WordPress website is hacked.
If you want to clean up your site on your own, you may take a look at our guide on fixing hacked WordPress website.
Securing WordPress Website from Future Attacks
Once your website is clean, you should make some changes on your website to make it difficult for hackers to gain access into your website.
There are several layers of protections to secure your website:
- Do not use the default “admin” as your username, use stronger password combination, and use 2-step verification to protect your WordPress admin area from unauthorized login.
- Change the default login URL. The default login URL is https://domainname.com/wp-login.php/. If you’re using this default URL, hackers/bots can easily guess the URL and try to login to your WordPress admin dashboard.
- Implement a Firewall on your hosting.
- Use a security plugin to scan your WordPress file regularly.
