Most webmaster realizes that their WordPress site has been hacked when their browser is alerting them while they visit their own site, or their hosting provider took their site offline. This is completely insane because it means that their site has been infected long enough for the hackers to do damage. The damage they did cause the hosting provider to shut off the site or caused google to detect that the site is hosting malware, SEO spam or phishing attack. In this article I am going to tell you about the symptoms of hacked WordPress site so that you can detect early whether your WordPress site has been hacked or not.
So without wasting time lets start
Symptoms of Hacked WordPress site
Below are some of the known symptoms of hacked WordPress site. Please have a look
1. Sudden drop in a website traffic
This is one of the common symptoms of hacked WordPress site. If you see a sudden drop in your website traffic without any reason, then probably your website has been hacked. Another reason for the sudden drop in your website traffic is Google’s safe browsing tool, which is showing your visitor a warning sign about your website being hacked or infected with malware. That’s why every webmaster has to take care of its WordPress site security.
2. Bad Links added your site
One of the common symptoms of hacked WordPress site is data injection. Hackers generally creates a backdoor which gives them access to modify your WordPress files and Database. Some of these hackers add links to some spammy website. Generally these links are in the footer area but they can be anywhere. Deleting these links will not guarantee that they will not come back.
You have to find a way to close the backdoor created by the hacker.
3. Your Site Homepage is defaced
Some hackers would not do anything suspicious that led you know that your WordPress site has been hacked. But on the other hand some hackers wants you to know that your site has been hacked. They generally deface your site’s homepage. They replace your homepage with their own message. Some will try to extort money from site owners.
4. You are unable to login to your site
If you have entered your credentials correctly and still are unable to login to your site, probably your site has been hacked. Since hacker has deleted your account so you are not able to reset your password from the login page. However there are other ways to reset your password but your site will not be safe until your figure it out how the hacker has gained access to your site.
5. Unknown files and scripts on your server
Sometimes hacker places some malicious files on your site’s directory. The most common place where you will find malicious code and scripts is the wp-content folder. These files are named like WordPress files to hide in plain sight. Deleting these files immediately will not guarantee that these files will not come back. You will need to audit the security of your website.
6. Unusual activity in server logs
Server logs are basically plain text files which records all the activity going on in your site. It also records all the ip addresses used to access your site. By looking at your site’s server logs you can block suspicious ip addresses from accessing your site.
7. Your Website is often slow or unresponsive
If without any reason your WordPress site becomes slow and unresponsive then the most probable reason is the random denial of service attack. These attacks use several hacked computers and servers from all over the world using fake ips. Sometimes they are sending too many request to your server making your site to slow down.
You can always check your server log to see which ips are making too many request and block them.
8. Failure to send or Receive WordPress emails
If your are unable to send or receive WordPress emails then there is a chance that your email server has been hacked for sending spam emails.
9. Google Chrome or another browser alerts you to the hack
If you or your visitor see one of the following in the chrome then your website probably been hacked or infected with malware.
The hacker has gained access to your site and using it for the phishing campaign.
10. Google Search Result flag your site as hacked or Harmfull
If your or your users notice the following in the search results that include your site, it is likely been hacked.
Google often removed hacked site from search results. But in case the site may still be listed, but will be flagged with a message saying that “The site may be hacked” or “This site may harm your computer”.
“This site may be hacked” means that google detected something out of the ordinary on your site, such as unusual changes to existing pages or adding new ones with SEO spam or redirects.
11. Google Search console alerts you to Malware on your site
Google Search Console or Google’s Webmaster tool will alert you to problems that Google may encounter when indexing your site and will provide you with stats showing your site visit via search. Search Console can email you alerts about your site including if it detects that your site is infected with malware.
Go to “Search Console Preferences” and enable email alerts there. This will notify you immediately when Google detects malware on your site and you may be able to fix the problem before they start displaying warnings.
12. Your Follower contact you about your site being hacked
If you have several thousand visitor a day and your site is visibly hacked, it is likely that a customer may contact you before you are alerted or Google detects the hack. Immediately let your customer know that you are taking action. In worst condition you also consider taking your site offline.
That’s all for today. Stay tune for the next tutorial. If you have not subscribed to our weekly newsletter then please subscribe by clicking the link below