It’s an unfortunate fact that WordPress websites get hacked more than most people realise. If you ever start to suspect that your site has been compromised here are some warning signs you should be on the alert for.
Every week Google ‘blacklists’ websites for malware and phishing which is one very good reason why you should be concerned about your website’s security. You can use the Google Safe Browsing Tool if you want to check your site’s Google safety report.
Blacklisting will lead to a drop in site visitors. If you check your Google Analytics reports and realise there has been a sudden unexpected drop in traffic your website might well have been hacked. The culprit is usually malware or Trojans that redirect traffic to spammy sites.
Best thing to do? Keep an eye on Analytics.
This one doesn’t need much explanation. If you find someone has replaced your home page with content of their own then you don’t need to be a tech wizard to know you’ve been hacked.
Another very bad and obvious sign is if unexpected links start appearing in your WordPress site. Hackers like to gain entry to your site then create a ‘backdoor’ that they use to get in and create spammy links. Simply deleting the links will rarely solve the problem. You can try to close the back door and cleanse the site but all too often the bad news is that you’ll need to rebuild the website from scratch.
A sure sign you’ve been hacked is if you enter your password and it doesn’t work. Before you do anything else you should triple check you’ve entered the details correctly but if that doesn’t help you’ve probably been hacked and possibly locked out of your own website.
Assuming you have the skills you can add an admin account via FTP or by using phpMyAdmin but this won’t solve the underlying problem that your site has been compromised and it’s likely to be only a matter of time before the same thing happens again.
On a similar note it is also possible for a hacker to add their own user account via your website dashboard so be vigilant for suspicious user accounts. Discovering new user accounts is a sure sign that your site has been compromised.
Usually accounts created by hackers will have an administrator user role which is a problem especially if you are not allowed to delete them from the admin area.
You can access the server logs from your hosting account’s cPanel dashboard under statistics. These are basically text files which keep a record of errors and internet traffic. These logs can be helpful for figuring out where any problems on your site originated and can aid you in blocking suspicious IP addresses if you come under attack from hackers.
When several hacked computers or servers all focus on your site at once they are like to send too many requests for it to cope with. This means your website will slow down and in worst case scenario fail altogether.
Checking the logs will help you to identify suspicious IP addresses.
This is when you look at the Google search results for your own website and notice they show the wrong meta-descriptions or incorrect titles. The website may look the same as it always did but this is a pretty good sign your site’s been hacked.
The hacker’s objective was to modify the site data in ways that only a search engine would see and hope that you wouldn’t notice.
These types of ads generally do not appear for visitors who are logged in. Hackers use these to hijack your web traffic in an attempt to steer your visitors to their own sites which may be spammy, malicious, or even illegal.
These will usually only pop up for visitors who have visited from a search engine, and will tend to pop up in a different browser window – so keep an eye out for reports of them, as they may indicate a hack.
Fixing a hacked WordPress site can be done but will almost always require the assistance of a professional. The key is to take immediate action- don’t make the mistake of letting time pass before you grip the problem. You’re welcome to contact us if you suspect your website’s been hacked, we will do everything we can to help.