There is a lot of malicious activity on the Internet. The WWW is the Wild Wild West. The last frontier of the old west. Websites get hacked and the more popular a certain type of website is, the bigger target that website becomes. WordPress is the most popular CMS website program in the world so it is a huge target for hackers. So how do you know if your website has been hacked?
Signs Your WordPress website has been Hacked
1. No signs at all!
This is the really scary part about WordPress hacks. A lot of hacked sites try to stay hidden so you don’t notice your site is hacked. There is code in the background that is running and spreading viruses or links to other websites and the hacker would rather you not notice and do nothing about it. It is crucial to have WordPress security plugins configured and website hardening performed. The WordPress site needs to be scanned periodically to make sure it is clean. We recommend Sucuri WP Security plugin for this.
At IDP we perform managed WordPress hosting services. This involves hardening the file system, installing and setting up WordPress security plugin, configuring the plugin and setting up a malware scanner to scan the site.
2. Website Outages Website Down
If your website is under attack and hackers are running scripts against it trying brute force attacks and password guessing there is a good chance your website will go up and down. Or break completely and go down. It is a good idea to have an uptime monitor that alerts you if your website goes down. We use uptime robot and also Sucuri to monitor our WordPress websites for our clients. If you have a problem you need to be notified so you can watch it and take action before it gets worse. If you do not have any uptime monitor in place you will never know the health of your website.
3. This site may be hacked
If your website is compromised and contains Malware or Malicious content Google will detect it and you will start to see warning notifications in Google search results. Right under your listing in Google it will say This site may be hacked. We recommend that all website be connected to a Google Search Console account. Google Search Console (formerly Webmaster Tools) provides technical data about your website and errors. In this case you could login to your Search Console account and check what pages are infected and see what the infected code looks like. So it would help you diagnose the problem. Also the search console has a tool to report to Google that the site has been fixed.
4. Desktop Virus Program Going Nuts
This one is pretty obvious! If you go to your website and your anti virus program on your computer goes nuts then your website is probably hacked. You may see a big red warning banner appear or you may get redirected to another website.
We do not see website defacement as much anymore. Normally hackers are trying to hack sites and stay hidden and not draw attention. They would rather keep the malicious code on your WordPress website undetected. A few years ago defacement was much more common. If your website got hacked the hacker would deface the home page “Your Site was Hacked by Abdul”. Basically, the purpose was to put their signature on your home page.
6. Admin Control
If you login to your WordPress site and there are other Admin users listed then your website has been hacked. Best practice is to check regularly the list of users in the WordPress admin to make sure hackers have not gained access to your WordPress admin. We rarely see this happen, but it is possible. If this does happen you have a lot more cleanup work to do. The hacker probably injected bad stuff in the database and could probably re-create their admin account at will even after you delete them.
At IDP we provide managed WordPress web hosting which includes security, backups and disaster recovery. Your WordPress site will be secured properly, hardened, monitored and fixed if it is infected with Malware. Disaster recovery and backups are included at no additional charge with the managed WordPress hosting package.