WordPress by itself is secure. The developers behind it are working hard to make sure that any security flaws and vulnerabilities are fixed as soon as they are found out. However, no security is perfect and in addition, malicious hackers are working around the clock to find a security hole.
Therefore, it’s only natural to worry about your site getting hacked. In fact, you should be prepared to find your site hacked one day.
Although it seems to be an inevitable case, you can minimize the damage done by creating a regular backup of your site and by improving its overall security. Oh wait, why bother improving your site’s security if you expect it to get hacked in any case? Well, if you have very poor security, the hacker can cause greater damage to your site and you’re going to have a harder time trying to recover and fix it. If you have stronger security, they may be able to hack into your site but they can only do so much, making fixing and recovery easier.
How can you be certain that you are hacked? Sometimes you won’t notice right away that you are hacked. Are you worrying that your site might be hacked? Do you think that you’ve been compromised? Here are the most common signs that your WordPress site has been hacked.
- 1 Inability to Login or Loss of Administrative Access
- 2 Suspicious Traffic Dips and/or Spikes
- 3 Your Site Shows Weird Search Engine Results
- 4 Google Displays “This site might be hacked” or “This site may harm your computer”
- 5 Suspicious New User Accounts
- 6 Popups or Pop-Under Ads Suddenly Appear on Your Site
You might think that you just entered your password incorrectly, so you’ll try again and again and again, but to no avail. If you are sure that you are using the correct login credentials (especially if you use password managers like LastPass), but still can’t login, there is a huge possibility that you’ve been hacked.
A hacker might’ve gained access to your username and password, logged himself in, and changed your credentials or even created a new user with admin privileges and demoted or even deleted your account.
Sometimes, you might be able to login, but you’ll find that you suddenly lost administrative privileges and someone took over your site, publishing their own content, often with malicious nature and intention.
To prevent this issue from happening, make sure that you are not using the default “admin” username provided by WordPress and also make sure that you are using a strong password. In addition to that, your PC or any device that you are frequently using to access your website might be compromised. Someone might have installed a keylogger in your device and used it to learn about your username and password, so make sure that your device or PC is secured and clean from any kinds of infection.
Although it’s not a good idea to immediately infer that you are hacked because of sudden traffic dips and/or spikes on your site, it’s still a good indicator of it.
These sudden fluctuations in your traffic can be caused by peak days (especially if you have a seasonal content or website) or because of the changes from search engine algorithms resulting in your SERP ranking changes, which can increase or decrease your search visibility and can greatly affect the amount of traffic that your site gets.
Of course, it can also be due to hacking. Hackers can add a script that will redirect your visitors to another website, thereby reducing your incoming traffic. Alternately, they might also be sending more traffic to your site, which they will do so after injecting or adding a malicious content to your site (i.e. a scam or phishing page). Check if there are suspicious links or pages that were suddenly added or suddenly appeared on your website. If there are, you’ve been hacked.
We’re pretty sure any serious website owners check how their website would look in search engine results pages from time to time. One way of doing that is using the search engine command site. For example, you’ll enter site:yoursite.com in a search engine like Google to see how many pages of your website are indexed by the said search engine and how each and every one of them looks in their SERP.
Little do people know that this technique can also help in finding hijacked and injected content in a website.
If you suddenly see pages in a different language appear in your search results (unless you really have pages in a different language), then you are most likely hacked. Hackers might’ve injected malicious content in your website and they might be using it to redirect visitors to another site (that often hosts malicious content) or to trick them into signing up or clicking on a link to an offer that “you” are currently promoting which is actually a phishing attempt. Not only does this hurt your traffic and your website, but your reputation is also at risk.
If you search your website using Google and you get these errors, you are most likely hacked or you might have a bad advertisement on your website. These error messages are often caused by malicious advertisers which is most often found in banners, pop-unders, and pop-ups.
The first message, “This site might be hacked”, indicates that Google detected something unusual on your site. On the other hand, the message “This site may harm your computer” means that your website is hosting malicious content.
These errors can be caused by someone injecting malicious links or content into your site. Someone might’ve been able to hack into your website and have given themselves enough privilege to publish their own content or edit your existing ones to add malicious links, content, or scripts.
It can also be caused by one of your advertisers. If you use banner ads or pop-unders, they can and are often used (in case of pop-unders) to trick your users into downloading malicious apps or by tricking them into signing up to phishing offers. Make sure that you are putting ads from reputable companies on your website. In the end, the best way to make sure that you are only getting clean advertisers is to use reputable ad networks such as Google AdSense.
This wouldn’t be a very suspicious one if you enabled registrations in your website, however it’s an excellent habit to check if there are new admin users that suddenly pop out of nowhere or if there are suddenly, say, new editors or new contributors in your site when you’ve only allowed new subscribers to register.
On the other hand, if you disable registrations and still see new users being added to your site, someone might have gained admin access to it or even to your hosting account – an excellent sign that you’re hacked.
If this happens, make sure that you change all credentials at once, including your FTP, hosting and WordPress usernames. and passwords. Remove any existing accounts – even your own admin account – and replace them with a new one (before removing an admin account, create a new admin account, log in it, and use it delete every other user).
What’s the ultimate goal of a hacker? To gain something. Often times, hackers hack a site to inject malicious content into it for profit; they steal credit card information, personal information, and other important data. But sometimes, the simpler the hack, the better the return on their effort. Popups and pop-under ads bring revenue on day one and there’s no need to try and trick users into submitting their credit cards and personal info.
Although it doesn’t bring massive profit to hackers compared to stealing sensitive information, popups are the easiest way to earn some bucks while spending next to nothing. In addition to that, they are able to use the site for further their motives or can even destroy it anytime they want, so proper action is necessary once you’ve noticed that pop-unders and/or pop up ads suddenly showed up in your site.