No website is 100% secure, whatever the platform, whatever the company. As a platform, WordPress does not spend its money on Fort Knox-like security, so the odd infiltration from a nuisance hacker is a possibility. Here are ten signs that your site may have been hacked so that you can quickly take steps to resolve the issue.
Through the regular monitoring of your stats, you will probably have recognized a pattern in action. If that activity suddenly changes though, while it could be nothing, it could also be a sign that you have been hacked. A sudden drop in your stats could show that a Trojan is hijacking and redirecting your traffic, while a large increase could show that a redirected network is in the process of being set up. Google recognizes websites with Trojans, so ignoring this issue could lead to your website being blacklisted.
If you can’t login despite numerous attempts, making sure that you are definitely pressing the correct buttons, then a hacker could have changed your password. In this case, you can reset your password by having a link sent to your backup email address. However, in some cases, the hacker may have completely deleted your admin account. In this case, you could use FTP to add another or contact WordPress to get the problem resolved.
Unless you have paid a premium, there will be a certain amount of advertising on your site. However, this will be discretely positioned and not inappropriate. The sudden appearance of adverts within your content or on your front page may show that a bot or hacker is using your account. The best way to check for this is to monitor your own site as a visitor on a regular basis so that you can spot any embedding easily, without going to the trouble of rifling through code and page setups.
If your emails start refusing to send, it could show that a spambot has invaded your site. What has likely happened is that your site has been infiltrated and the bot has sent out a great many emails, which have been flagged as spam, either by recipients or by work servers. This could lead to your email being picked up by spam monitors, and your being added to blocklists, which can be very difficult to get off. It could also damage the recipient’s email depending on the nature of the emails that are being pinged out from your account.
Similar to the sudden appearance of adverts, the appearance of links that you or your site administrator haven’t put on your site is likely to indicate the presence of a hacker. WordPress doesn’t embed links on to your site without your express permission, and any nefarious links are likely to be a bid to piggyback on to your traffic, sending visitors to a phishing site or, even worse, malware. Obviously, this could really damage your reputation, as visitors will apportion a certain amount of blame on to you for not ensuring the safety of your own site, so it’s best to make sure that you or your site manager check for this on a regular basis.
If you notice that all the hard work you did on Search Engine Optimization (SEO) has suddenly been reversed, and your site is now not showing up on your Google searches, it could mean one of two things. Firstly, that your tags have been altered and your website is now showing up for a different set of keywords, or that your site has been removed – either by the hacker, or it has been blacklisted by the search engine for flagging up as a malicious site.
Not all WordPress sites are set up to allow the registration of new users, but if yours is, then it’s worth checking that list on a regular basis. Random users are usually easy to spot, with usernames made up of long strings of random letters or numbers. You can use the User Registration Addon function within WordPress to control this, or you could turn the function off altogether to block against future attacks.
Similar to the above, if you have the suspicion that you may have been hacked, then one thing you can look for is the addition of files to your media library that you don’t recognize. It is important to be careful here, as clicking within WordPress often means downloading, and you don’t want to unwittingly download anything that sabotages your machine. Often, files are placed on your site to trick visitors into downloading malicious content.
If your site is slow or is completely hanging, you may be the victim of an attack. In this case, random IP addresses are sending a multitude of requests to your server. If your site has suddenly slowed, it may be worth checking your server logs to see if you are receiving an unusual amount of requests. It could, of course, be that you have added more content, and you need to shorten the code you are using or compress recently added media, but again it is worth checking this against your quota to see if you are overusing your file drop and putting a strain on your site. It could alternatively be that a malicious user has dropped large files into your system, as with the previous scenario.
Finally, one of the most obvious warning signs is if you have received a notification from your own host that your site may have been compromised, or if a post or file has been flagged up. WordPress have their own monitoring systems that are designed to help you, so it is important not to ignore any messages that they send you. Make sure you check it out every time you are notified, as it may indicate the presence of a hacker.
Remember, not all of these instantly means that you have been hacked. Check a couple of things first before jumping to conclusions. Then, either reset your password and delete any content or users that shouldn’t be there. If your password has been changed, WordPress folks are very responsible and will be able to help you. Don’t despair, you and your site will live to fight another day!