On Alert: Signs that Your WordPress Site Has Been Hacked

On Alert: Signs that Your WordPress Site Has Been Hacked

Many WordPress site owners and administrators have no doubt experienced an unease or wariness at one point or another when it seems that something just isn’t right with their site. Perhaps loyal visitors have dropped out in droves or it takes a long time to edit or post new content to your page. Or maybe the signs are more blatant, such as seeing one day that your homepage has been radically altered, the speed of your site drastically reduced or there are mysterious and unknown accounts operating in your admin area.

You Have Been Hacked Sign illustration design over white

Chances are that if you see this or other problems, your site has been hacked or otherwise compromised. It may have been a large-scale malware attack, or some nefarious lone individual may have inserted files and scripts onto your server or hijacked your site’s emails or search results. Regardless, recognizing that there is a problem is the first step in combating the attack and getting rid of the offending parties and data.

Here are six signs that your site has been hacked or may be under attack, compliments of the good folks over at WPbeginner.com. If you notice any of them contact your WordPress website consultant immediately or visit the WP forum board for help

  • For those users who have Google Analytics installed on their site, noticing a sudden and drastic drop in user traffic could be a sign that your site is in trouble. Malware and trojan attacks can take control of your traffic and redirect it to a spam site, or your “safe browsing” (tool compliments of Google) may have been directed to give a warning to your users that your site is unsafe.
  • Known as “data injection,” often a hacker will build a backdoor into your WordPress site which allows them to modify your files and database. Then they add bad links to your site that direct users to spam pages. Look especially for these links in the footers of your pages, and when discovered find and close the backdoor the hacker used (simply deleting the links won’t do much to remedy the situation).
  • Many sites offer users the ability to register. This usually garners a good bit of spam accounts which are easy to delete. But a problem arises when a site owner doesn’t enable users to register, and yet new user accounts start popping up. Check your admin area to make sure there are no suspicious user roles there that allow access to administrator controls.
  • If your website is slow or completely unresponsive, there’s a good chance it’s been compromised. Most often this occurs because of “denial of service” attacks, which arise from hacked computers and servers. It could also be someone trying to break into your site. Check your server logs to see which IPS are bombarding your site with requests and block them immediately.
  • Periodically check the results from the search bar of your website. If the wrong title or meta description appears, this is a sure sign your site has been attacked. Once again, a hacker has used a backdoor to insert malicious code which changes your site’s data in a way that is only seen by search engines, and not by casual viewers.
  • For those hackers trying to make money from their efforts, inserting popup ads onto your site is a common tactic. Basically they’re trying to garner profit by displaying spam ads for illegal websites, but these popups aren’t visible to logged in users, rather just to users coming to your site from a search engine. And these ads often appear in a new window and remain unnoticed. They’re hard to get rid of, so it’s best to call in the experts to help fix the problem.

Share this post