Has my WordPress Site Been Hacked?
If your WordPress site has been hacked, then you need to take action quickly. The problem is that it may not be immediately obvious that your WordPress site has been hacked. Here are some warning signs you should know (and where necessary how to check for them).
Your website is defaced
This may sound like it should be obvious, but if you always load your website from a cache, you will keep on seeing the page you originally loaded, which will look fine. You can check this by refreshing the page so it loads from new.
A customer tells you they notice something strange about your website
Listen to what customers tell you about your website. Never assume that they have just made some kind of mistake because you can’t replicate the issue yourself. If in doubt, run a malware scan.
You have administrators you don’t recognize
How easy it is for you to spot this will depend partly on how well you manage your access privileges and partly on how regularly you check your user accounts for administrators. You should only be giving administrative access to people who really need it for as long as they need it. You should also have a clear process for being granted this access so you always know exactly who your administrators are, hence making it very easy to spot any new additions when you check, which you should do regularly.
If you’re not managing administrative accesses this way, then you’re setting yourself up for trouble in all kinds of ways. One of these is that you’re much less likely to spot when someone has set up an unauthorized administrator account.
You have scheduled tasks you don’t recognize
Hackers can use scheduled tasks (or, as WordPress calls them cron jobs) to make your server do whatever they want it to do at the time when you are least likely to notice it.
There is unusual activity in your server logs
The two logs you should check regularly are your access logs and your error logs. Your access logs tell you how many people are logging into your site and from where. If there’s a sudden drop in traffic and/or an increase in unusual login activity (say an upsurge of visitors from a far-away country), then your site may have been hacked.
Your error logs, as the name suggests, shows all the errors generated by your server. You will need to check these individually to see if any of them look suspicious.
On a side note, be careful what error messages you display on your WordPress site. It’s very easy to give “too much information”. Remember that the average internet user is highly unlikely to be able to understand complex error messages, let alone appreciate them. Malicious actors, however, can find them very useful.
You have issues with your WordPress emails
One of the biggest reasons why WordPress sites are hacked is because malicious actors want to use legitimate domains to send spam emails. Issues with sending and/or receiving WordPress emails can be a clue that your server has been hacked for this purpose.
Your website has performance issues
If your website becomes slow or unresponsive, it may be a sign that you have been hacked or infected by malware. On the other hand, it may not, so it makes sense to check the innocent options before you worry about hackers and malware.
First of all, check the obvious and see if your host has issues. If not, then check your change records and see if you have made any changes recently. If you have, try reversing them and seeing if that solves the problem. If not, then take a good, hard, and honest look at your website and see if there is any sign that this problem could still be of your own making. For example, if you have stuffed your site with plugins, then you could simply have wound up overloading it.
Only once you have checked all of these options should you start thinking about hackers and malware, although it is fair to say that both are definite possibilities.
Your search results take a hit
If you’re running Google’s Search Console (formerly known as “Google Webmaster Tools”), which is highly recommended, then it will flag up any issues about your site, including any malware it detects. If it’s not, then you can look at Google Analytics and see what that can tell you.
Alternatively, you can try searching on your targeted keywords and seeing what results, if any, you get. If you do come up in search, take a close look at the meta-description. If it has been changed, there is a strong possibility that your WordPress site has been hacked.
What does it mean when a website is suspended?