Believe it or not, WordPress site hacking happens more than a lot of people realize. But… thankfully, there are some pretty sure-fire ways to figure out that it has happened.
And in this blog post, we are going to share with you 10 signs that may indicate a hacking… so that you can better prepare yourself to identify the problem when it occurs.
At any rate, here is what to look for.
1… A Sudden Unexplained Drop In Traffic
If you take a look at your Google Analytics report and realize that traffic has dropped off suddenly, for no apparent reason, then it is possible that hacking is to blame. This problem is usually caused by malware or Trojans that redirect traffic to spammy sites.
But… it is also possible that Google’s safe browsing tool is redirecting the traffic. If they detect that your site has been hacked, then they may re-direct traffic away from your site for the safety of their browser users.
Each week, Google ‘blacklists’ many thousands of sites for malware and phishing – so be aware of your site safety. You can even use the Google Safe Browsing Tool to see your site’s Google safety report.
2… Did Someone Change Your Website’s Homepage?
This is probably one of the most obvious signs that your website has been hacked. If hackers change your home page and replace your content with their own message – then you have every reason to believe that you have, indeed, been the victim of a hacking.
It is also a bad sign if links start showing up in your WordPress site that you didn’t put there. Some hackers gain entry to your site and create a ‘backdoor’ that they use to get in and create spammy links. Deleting the links will often not solve the problem. You need to close the back door too… and you will likely need some software help to do it.
3… Are You Unable To Log In?
If you find yourself unable to Log In to your WordPress site, then there is most definitely a chance that some hacking has taken place. If hackers are good enough, they can delete your admin account after gaining access to your site – thereby locking you out of it.
This is a hard problem to solve… but you can add an admin account via FTP or by using phpMyAdmin. But… even if you get this sorted out and manage to get logged back in, your site will remain compromised and the problem could repeat itself if you don’t figure out how the hack happened and prevent it the next time.
On a similar note, it is also possible for a hacker to ad their own user account in your site… so be aware of suspicious user accounts, because finding user accounts that you never created could be another sign that your site has been compromised.
Usually, suspicious accounts from hackers will have an administrator user role… and this can become problematic, especially if you are not allowed to delete it from the admin area.
4… Have You Encountered Any Unknown Scripts Or Files On Your Server?
It is not uncommon to find unknown files in one or more folders if you get hacked. The most common place to find them is in the /wp-content/ folder. The files are usually named similarly to WordPress files, so they can be difficult to spot.
Using a scanner like Sucuri can help, because it will alert you when it finds an unknown script or file on your server. Other than that, searching for them by hand can be an exhausting and sometimes impossible endeavor.
5… Are You Finding Unusual Activity In Your Server Logs?
You can access the server logs from the hosting account’s cPanel dashboard, under statistics. These are basically text files that are stored on your server that keep a record of errors and internet traffic. These logs can be helpful for figuring out how problems on your site got started, and can aid you in blocking suspicious IP addresses if you come under attack from hackers.
6… Is Your WordPres Site Unresponsive Or Slow?
Basically, this tends to happen the most when several hacked computers and/or servers all focus on your site and send in too many requests at once. This will make your website slow, and will sometimes even render it unresponsive or unavailable.
Checking the logs can help you to block suspicious IP addresses. You will be able to recognize them because they will be making far too many requests… and they will not appear ‘humanlike’ in their behavior.
7… Are You Having Problems With Your WordPress Email?
One of the most common uses for hacked servers is spam. If you cannot send or receive WordPress emails using the email account set up with the WordPress hosting service, then there is a chance that it was hijacked to send spam emails.
8… Weird Search Results
If search results from your website are showing the wrong meta-description or an incorrect title, then it is possible that your site was hacked. This is especially true if the meta information was changed, but your site visibly remained the same.
Most likely, the hacker exploited a back-door and used it to inject malicious code into your site, which modified the site data in ways that only a search engine would see.
9… Are There Suspicious Scheduled Tasks In Your Site That You Didn’t Create?
As you probably know, web servers allow users to set up cron jobs. WordPress uses cron for various different things, like publishing scheduled posts, deleting comments from the trash after they have been there for a certain amount of time, and other things.
Have you come across some scheduled tasks that you didn’t create, or that don’t seem to add up? If so, it is possible that a hacker has been involved and has scheduled their own tasks without you knowing it.
10… Are You Getting Strange Popup Ads On Your Site?
These types of ads generally do not appear for visitors who are logged in. Hackers use these to hijack your web traffic in an attempt to steer your visitors to their own sites… which may be spammy, malicious, or even illegal.
These will usually only pop up for visitors who have visited from a search engine, and will tend to pop up in a different browser window – so keep an eye out for reports of them, as they may indicate a hack.
How Can You Fix A Hacked Site?
Fixing a hacked WordPress site can be a super painful and difficult process, which is why we generally recommend that you get professional help. Sucuri is a pretty awesome security plugin that we have heard a lot of good things about, so you might want to check them out – but, there are a lot of security plug-ins out there that can do the trick.
The key, of course, is to take action, and not to let too much time pass without getting rid of the problem, once and for all.