10 signs your WordPress site is hacked

WordPress is a huge blogging platform. There are millions of users and it seems that the number is rapidly growing each and every day. People even tend to transfer their websites created in other content management systems to this open source system more often than you might think. And, while this is good, this means that hackers will also put WordPress to a number-one spot when trying to invade random sites.

Usually, if you get hacked, you will know about that instantly. Your site will become inaccessible; you won’t be able to log in and sometimes a hacker will even leave a message on your front page. But more often than not, you might not even notice that something has changed. In this article, we’re about to show you several signs that might show you that your WordPress site got hacked and a few solutions to the problem.

1. Unsuccessful login

This sign is pretty much evident. If you have used a username and password combination for a while without ever having trouble, you may get suspicious if suddenly WordPress doesn’t recognize your account. If a hacker got to log in to your site, the chances are that he will quickly change your admin privileges. Maybe he got to change your password or completely deleted your account. Before you start to panic after the first time WordPress message you about incorrect username/password, please consider the fact that you might have entered a wrong combination or that you may have turned on the caps lock button.

Solution: Try recovering the password via email or use another account to log back in. To make sure that you login stays safe, we recommend installing Login Ninja plugin for WordPress.

2. Malicious content is added to your site

Site contains a malware warning

If you start noticing unfamiliar content on your site, you may start worrying. When they get a chance to access your admin area, hackers will be able to change your core and both your theme and plugin files. That means that they get to change anything they want. While some hackers will drastically modify the looks of your site and maybe even spell out that you got hacked, the other ones will be much more subtle about it.

Solution: Try looking for hidden content in the website code. There might be links to malicious sites hackers planted in the footer of your site, or they might have installed popups which will open on a regular basis to your customers. Use Security Ninja to scan your site or continuously monitor your site for such problems.

3. Suspicious visits

If you are not tracking your website, you should start doing so immediately. A simple way to do is using Google Analytics which, among many other features, can tell you how many visits do you get and where are those visits coming from. After some time, you will get to know your website. That means that you will know where are the visits coming from, you will know when you launch a new campaign and when there are new promotion links released in the wild. But if you suddenly notice that your site is getting a huge number of new visits from the suspicious domain, you will want to investigate this further because your site might just get hacked. Usually, that kind of visits will result in a 100% bounce rate which means that only one page was accessed. Hackers will frequently use automated systems that will lead other bad sites to yours. Whether it’s the bad code that gets executed on your site or you have become a part of a spamming network, things can get serious, and you will have to check your site for malicious code.

Solution:Use Google Webmasters Tools to find suspicious domains

4. A sudden drop in traffic

Safe browsing Ssite status

Unlike the last mentioned sign of getting hacked, this one might alert you because there is suddenly a drop in the number of visits. Instead of referring new visits to you, a hacker might send visits away from your site. This might happen because a hacker redirected your site to another one. The other reason of getting fewer visitors is that Google blacklisted your site. This action would show a message to every user who may choose not to open your site because it is infected.

Solution: Use Google’s Safe Browsing Site Status to check if your site is marked as unsafe and is currently dangerous to visit.

5. Search engine results are strange

If you haven’t noticed any changes on your site, but you do find out that search results in Google and other search engines are strange (show different titles and other meta-data), this might be a clear sign of a hacked site. A hacker might have changed your content in a way which can be visible only to an expert. Still, the change would be visible in the search engine results.

Solution: Check your site with Google Webmasters Tools, and check if your site got hacked with this free online tool.

6. You can’t send/receive emails

Once a hacker gets access to your site, he will probably want to use your server for spamming everyone else. When you find out that you can’t send or receive new emails from your WordPress, this can be a clear sign that you got hacked. Check your email once again, then check it with your provider to make sure that there aren’t any errors.

Solution: Test your WordPress mail function with this free plugin.

7. Site doesn’t exist

Server not found

There are times when hackers won’t access your site to plant malicious code, redirect users or use your email for spam. Sometimes, all they will want to do is to crash your site. Rarely, a hacker will successfully delete everything from the entire server. That’s why it is important that you host your files at a renowned hosting company which will take of security and also keep daily or at least weekly backups of your website. It’s a good practice that you also do your own backups from time to time so that the site can be quickly restored.

8. Suspicious files

Similar to malicious content which may be added to existing files, a hacker might plant extra files anywhere within your root folder. It’s a good thing to know your way around WordPress, but if you’re not that experienced, you should have a security tool at your disposal which can check all of your files and activities. Recently, we reviewed Security Ninja which is a perfect tool for checking all of your WordPress files.

Solution: Try looking for files which don’t belong to your WordPress installation. Use Security Ninja to scan your site on a regular basis and find those files automatically. Then delete the files or remove the malicious code from infected files. Don’t forget the Core Scanner add-on for Security Ninja.

9. New members

Depending on your site, you might be the only one able to add new members. In that case, an email telling you about newly registered users might trigger an alarm. If there are other admins who have the ability to add new members, check with them about suspicious activity.

Solution: Change login URL with a free plugin, limit access to your WordPress login page by using .htpasswd file and use Login Ninja to protect your login form all the time.

10. Check out scheduled events on your server

Sometimes, a hacker won’t do a thing to your website once they find their way in. Instead, they will leave scheduled events which may harm your site sometime in the future. This technique is dangerous because a hacker can leave inexperienced victim clueless at first. You may be infected and know nothing about it.

Solution: Check  your CRON jobs on a server you’re using and make sure there are no suspicious scheduled tasks.

 

We hope that this list will help you manage even a safer WordPress site. Even if your site is clean, please don’t take that for granted. Always make sure that your site is as safe as it can be. We suggest security plugins for WordPress which can save you in most times. Still, don’t be the one using unsafe password, and be careful when hacking into your own WordPress site.

Currently, we are working on a free online tool which will help you take care of the security of your WordPress site. We can’t reveal much about the tool, for now, so stay with us and don’t forget to sign up for our newsletter and push notification – we’ll notice you about the security tool as soon as we launch it.

START YOUR OWN BLOG

This guide is an introduction to mastering the art of blogging. It provides easy to follow steps to start, maintain, and grow your blog.

Read the guide

One thought on “10 signs your WordPress site is hacked

  1. […] files shouldn’t be changed. If they are, it’s entirely possible that you got hacked. See these 10 most common signs that your WordPress site is hacked. If you don’t have much experience with WordPress, you won’t have a clue what’s happening, […]

Leave a Reply

Your email address will not be published. Required fields are marked *