Sometimes, it is obvious that a WordPress website is hacked (for example, your home page is defaced). But other times, it is not so clear. Luckily, there are many tell-tale signs that you can see when a WordPress website is hacked. In this article, we are going to discuss 10 of these signs.
Bad links have been added to your website
One of the most common signs that a WordPress website is hacked is data injection. Hackers will try to modify your website’s database and files through a backdoor. Sometimes, the hacker will add links that redirect to questionable websites. Such links are often added to the website’s footer but you may find them anywhere. Deleting the links doesn’t guarantee that they won’t be back. The only way to fix it permanently is to find the backdoor.
You can’t login to WordPress
If you can’t login to WordPress, there is a good chance that the hackers have deleted your admin account. Since there is no account now, you can’t reset the password from the login page either. But don’t worry. There are ways to add an admin account, like for instance through FTP or phpMyAdmin.
The server contains unknown scripts and files
A good way to find unknown scripts on your WordPress website is by using a site scanner. Sucuri is a good tool for that. The plugin will scan your website and if it finds an unknown script, it will alert you. The most common place where malicious scripts and file hide is in a folder called /wp-content/. It is not easy to identify these malicious scripts and files because they will be named just like ordinary files. Only an audit of the directory and file structure will reveal them.
The server log shows unusual activity
You can access your server logs from your website’s cPanel dashboard under the option Statistics. Server logs consist of plain text and they keep a record of all errors and internet traffic on your website. They will also record all the IP address that access your website. So, if you find an unusual one, you can block it. The server log also records all errors that you can’t find on your WordPress dashboard, which may be causing the website to crash or become unresponsive.
Search results are hijacked
Incorrect titles or meta descriptions on a website’s search engine results are a sign that a WordPress website is hacked. Ironically, the titles and meta descriptions will be correct when you see it on the dashboard. This has happened because the hacker has found a backdoor to your website and has used it to inject malicious code that has changed the website data in such a way that only search engines can see the changes.
Suspicious tasks are scheduled
Cron jobs make scheduled changes easy to implement and web servers allow website administrators to add them. WordPress also uses cron jobs to complete many tasks such as publish scheduled posts. A hacker can also exploit this feature to schedule tasks that you have not authorized.
Changes have been made to core files
Any changes in your website’s core files are an indication that your WordPress website is hacked. The hacker has modified the core file by placing their code inside and they are not easy to detect because they have the same name as normal WordPress files. The easiest way to detect it is by installing a security plugin or if you know what you are doing, manually check the files for changes.
Visitors are being redirected to a website you don’t know
If your visitors are being redirected to a website you don’t know, it means your WordPress website is hacked. You may not detect it initially because it doesn’t happen to logged in users. Visitors who come to the website directly are also not redirected.
Your website is showing unknown pop-ups and pop-downs
Hackers will try to hijack your hard-earned traffic to show their own ads. Interestingly, these ads won’t appear to users who are logged in to the website or visitors who come to the website directly. Only visitors from search engines can see them. Pop-under ads will open in new windows and users don’t usually notice them.
Website traffic has dropped
Take a close look at your analytics traffic. If you’ve set up Google Analytics properly and despite that your website traffic has dropped, it is a sign that your WordPress website is hacked. A drop in website traffic can be caused by multiple reasons. One, malware may be redirecting visitors to other websites. Or, Google Safe Browsing Tool has flagged your website as suspicious and is warning potential visitors.
Despite all the in-built security features and constant updates, WordPress website can be hacked. If your website is hacked, don’t fret.
The first thing you should do is take it offline. This will prevent further damage and give you time to assess the situation. Next, you should change all your passwords and run a security scan on your system. Finally, you should contact a professional to help you clean up the mess and secure your website.