You don’t have to be a WordPress expert to know that your website has been hacked. In fact, you don’t have to know anything about servers or back-end. You don’t even have to actively manage your site to know that your website has been hacked. Sure, the indications and proof are clearer if you can comb through the logs and check your config data. But any casual WordPress admin and even everyday users can often tell when a site has been hacked. You can do this by simply observing how it performs and knowing a hack when they see one.
Today, we’re here to offer a quick set of clear signs that Your WordPress site has been hacked so that you can know immediately and make the right decisions to fix it.
8 Signs of a WordPress Site Hack:
- Your Homepage Doesn’t Look the Same
- Your Login Has Stopped Working
- Web Traffic Falls Off a Cliff
- Your Pages are Unusually Slow or Unresponsive
- New User Accounts & Admin Accounts Appear
- WordPress Emails Stop Working
- New Unauthorized Pop-Up Ads Appear
- The Wrong Data Appears in Search Results
Pro Tip: Pretend to Be New
Hackers often find ways to hide their hacks from admins so they can abuse users and website traffic. To run a regular easy-to-do test log in as a “new” user. Search for your site on Google, read and click the link, see what a non-admin user would see. If you have been hacked, the results might be drastically different.
1) Your WordPress Site Homepage is Defaced
Most hackers try to be subtle and won’t change your homepage. But some are brash braggarts who like the world to know when they’ve hacked someone. For these particular hackers, detecting a hack is offensively easy. Simply open your front page, possibly from a Google link instead of your usual bookmark. Brash hackers who like to brag often change the front page by adding an element or completely redesigning the page to announce their hackery.
2) Your Login Stops Working
Through the other route, if you usually log in first to tend to your admin tasks, then the first sign of hacking may be that your login has stopped working. Sometimes when a hacker takes a WordPress site, they will change admin login credentials. They will even delete “rival” admin accounts once they have set themselves up as the new controlling admin.
So if your login stops working even though you are certain you’re typing it perfectly, then there is a very high chance that you have just been aggressively hacked.
3) Website Traffic Falls Off a Cliff
Most WordPress site owners monitor their website traffic, even if you don’t dive deep into other analytics just yet. Site traffic is something that basic management tools will tell you and is one of the premier assessment metrics for how your website is doing.
So if you notice that your traffic suddenly falls off a cliff, this is a very common sign that you have been hacked. Hackers will often use re-directs to actively steal your website traffic, making it difficult for users to find their way to your legitimate site or even cloning your site in an attempt to steal your customers, their login credentials, or their payment information.
4) Unusually Slow or Unresponsive Pages
Hacker has several different tactics that can slow down your WordPress site’s page load speed and page responsiveness. The most well-known attack involves DDOS or Distributed Denial of Services. This is a malicious attack where hackers use a network of controlled sites or servers to access your site over and over again until there are no resources available for legitimate users. This method will overload a server and has been known to temporarily take down a site.
The other options are those in which a hacker is using your server or WordPress site for their own purposes which is sapping resources from running the site itself. The latest crazy is crypto-jacking, where the hacker runs a crypto-currency mining program on your web server, eating all the resources and leaving your site non-functional.
5) New Admin Accounts & Suspicious New User Accounts
By default, WordPress allows anyone to make a basic user account and without protections, you’ll get the occasional “bot” account, spam-spreading account, and so on. But if you do not have open user registration and new users start popping up, this is darn suspicious and often a sign of hacking.
Worse is when you notice new admin accounts that are not approved, and perhaps other admin accounts that have been altered or removed. An unauthorized new admin is a sure sign that you have been hacked and the hacker has helped themselves to your admin privileges.
6) WordPress Site Emails Stop Working
Many servers that offer WordPress hosting will also help you get an email set up connected to your WordPress site domain. This allows you to receive and send emails from, say, “email@example.com” and “firstname.lastname@example.org”. You can give each user an email account and you can manage your site emails from that account.
However, if emails stop sending and receiving reliably through your WordPress mail host, this can mean that a hacker has taken over your mail server and is using it for their own nefarious purposes. Often to send spam emails which can get you on the internet blacklist.
7) Sudden Unauthorized Pop-Up Ads
Using your enter-as-a-new-user trick, explore your site and take a look at the bottom and sides of each page. If there are new unauthorized pop-ups or banner ads, this is a different kind of hack. New ads can mean that a hacker is trying to take advantage of your natural web traffic in order to promote their own spammy products.
These ads are often designed only to show up for new users, or those who navigate through a search engine. They are often hidden from admin accounts and possibly from anyone with the page bookmarked instead of searching.
8) Wrong Data in Search Results
Searching for your website on Google, take a close look at what the metadata says underneath the website and page name. If it is not the information you set or is remarkably spammy even if you don’t know what was set, your site has been hacked. Click the link (with your firewall up) and see if it takes you to an all-new or altered homepage or even if Google gives you a “this might be dangerous” flag before entering.
If so, your WordPress site has been hacked.
Comment below if you have noticed any clear or suspicious signs that your WordPress site has been hacked? We do recommend using a WordPress security plugin such as iThemes Security and BlogVault for backups and to protect your site from hackers.