In a typically expected scenario, when you get hacked, the hacker leaves a message on your front page. But more often, you might not even notice that something has changed. In this article, we will talk about 9 major cues that point towards a hacked WordPress site.
And don’t worry! We’ll walk you through on how to fix a hacked WordPress site and tighten the security thereafter.
9 Signs of a Hacked WordPress Site
- Unable to Log In
- Traffic Drops
- Blocked Emails
- Unwanted Ads
- New User Account
- Defaced Homepage
- Suspicious Schedule Activities
- Unusual Server Log
- Flagged Website
1. Unable to Log In
Your first clue? WordPress doesn’t recognize your username and password.
There are automated programs that run thousands of possible password combination in a trial and error process. If a hacker got to log in to your site, the chances are that he will change your login credential and can even delete your admin account. By deleting your admin account, the hacker can lock you out of your own website.
2. Traffic Drop
Malware that targets websites will divert visitors to spammy sites. Or the hacker can redirect your traffic to their site which is often illegal and are designed to con users. Logged in users are often not redirected only those that visit on a casual basis. Google will blacklist your website in such case, showing a warning message to anyone trying to visit your site. If you notice google analytics showing a sudden drop in traffic, this can be a sign of a hacked WordPress site.
3. Blocked emails
Hacker can break into your site and send thousands of spam emails using some malicious scripts. People who receive these emails will mark your site as spam and add your website to the block list. If you face problem in sending/receiving emails, there is a chance your mail server has been compromised. You will have to resolve the issue quickly to avoid long-term damage.
4. Unwanted Ads
Hackers can enter through a back door and show popup ads to visitors. These popup ads are redirected in a new tab as they are generally trying to make money by diverting your traffic to their spammy or even illegal site. Users accessing your site directly or logged in users cannot see these ads. They only appear to the user visiting through the search engine. Check your site through different web browsers and ask your friends to access your website every now and then.
5. New user account
If your website allows users to register, spam accounts are normal and you can simply delete them. But if you don’t allow users to register and notice new accounts you can assume your site is at risk. You will have to look at the allowed privileges of these accounts. If they have administrative privileges it will confirm your site is under attack and you will not be able to delete them from admin panel.
6. Defaced homepage
Some hackers tend to make it very obvious that they have hacked your website. They will leave a message on your homepage or add spammy links. They can add explicit or otherwise unwarranted content that will be visible to site users. In the worst case, there will be an invisible code added to your site that will slow the loading time and affect your search engine ranking.
7. Suspicious schedule activities
Sometimes hacker doesn’t do any damage instantly, they will schedule their malicious activities to take place in future. These scheduled tasks are called CRON job. This is very dangerous for the fact that the user won’t know the site was hacked for weeks or months. It is very difficult to actually track the source of hack in such cases as the hacker would have left your site by then.
8. Unusual server log
You can access server logs from your hosting account Cpanel dashboard. They are basically testing files that are stored on a server and keep the record of errors and internet traffic. Server log contains all the IP addresses used to access your site. If you see any unusual activity like your site making a connection with random IP address, it is a sign that your site can get hacked. You have to block any suspicious IP address you come across in server log.
9. Flagged website
Google gives out warnings to the user if the site is infected. If Google comes across any of the above unusual activities caused by a hacker it will flag your site as nonsecure. There will be a warning message to anyone accessing your website. As a result, users will be cautioned that interacting with your website can infect their system and can steal their information. This type of warning can be particularly harmful to an e-commerce website.
How To Fix A Hacked WordPress Site
Even after all the prevention measures, hackers keep finding new ways to attack WordPress sites. If your site gets attacked by some malicious virus follow these 7 steps to get rid of a hacked WordPress site.
- Site Scan
- Get In Touch With Your Hosting Provider
- Get Professional Help
- Restore Backup
- Secure Users Account
- Change password
- Close Hidden Backdoors
1. Scan your site
Scanning your website remotely helps to find malicious payloads and malware locations. You can use plugins like WordFence, Sucuri Security, 6scansecurity to scan your website. Scanning your site will help you locate the hack. You will be able to take better action once you know the exact source of the hack.
2. Get In Touch With Your Hosting Provider
If you host your website on a shared server, there is a possibility that the hacker can gain access to your site through another site. Good hosting companies have experienced staff and are very helpful in this situation. So before doing anything yourself contact them and follow there advice. Your hosting company will help you locate the back door to your site. Backdoor is usually a method of bypassing authentication and gaining the ability to access a server.
3. Get Professional Help
Even if you don’t have a shared hosting you can get professional help. This is a good solution for those who don’t really have much experience in WordPress and don’t want to mess things even more. Getting professional help can be a little expensive, if you run a big business you should still go for it. Compromising the security of a big business site can lead to serious consequences. But if you have a small business or a blog, you can deal with the hack yourself, just follow the below steps.
4. Restore Backup
If you are one of those people who regularly backup your website, you got no problem. Restore your previous backup as it will remove any changes that happened after. Restoring to old version still makes you vulnerable to hacks so make sure you take serious security measures after restoring the previous backup. But there is a downside to this, content that you added after the last backup will be lost too. If you cannot lose your content or if you never had a backup you will have to manually clean your site.
5. Secure users account
Check for users permission for all users account. Only you and your team should have access to admin account. If there are some unfamiliar WordPress accounts, you can remove them so the hacker loses his access. You should have only one admin and set other users to least privileges needed.
6. Change Password
Change all password and security keys that you use to access your WordPress account. Make sure to change all the passwords that include WP dashboard, Cpanel, FTP etc. Generate a strong and unique password. Use combinations of letters and numbers and special characters. Change the security key and salts of your WordPress site. Once you change password and security key all other users will auto-logged out of your WordPress.
7. Close hidden backdoors
Most hackers leave a backdoor in files named similar to core files but are located in wrong directories. If you don’t regularly update plugins and themes they can also provide a backdoor to hackers. Many plugins updates are specifically available because the old version had security issues. Go through your plugins and themes and delete the ones that are not being used and update the rest. To better understand from where exactly hackers entered your site use a security plugin. It is very important to close all backdoors to clean WordPress hack otherwise your site will reinfect.
Time To Increase Security Of Your Site
Now that you have seen getting your site hacked can have serious consequence and get rid of the hack is also not an easy task. Losing website content can destroy your business, reputation and online presence. Next time take a little extra care about your WordPress security. These are a few things you can keep a look about
- Use Strong Password
- Use SSL
- Go for Managed WordPress Hosting
- Use WordPress Security Plugins
- Prevent Search Engine to Index Admin Section
- Keep Everything Updated
- Change Database Table Prefix
1. Use strong password
This one is pretty obvious but I will still say it. Always use a secure password to protect yourself from the hacker. Use different passwords for different accounts. Use combination of numbers, upper and lower case letters and even special character. Make sure you are not writing down your password on anything even your phone.
2. Use SSL
SSL certificates protect the data by encrypting it. This makes sure that the data shared by user and server remains between them. HTTPS makes it harder for any third party to intercept and decode your password and username. Even Google has started to favor those site that uses HTTPS. Google often shows a nonsecure sign to site that don’t use SSL certificates. To know more about how to change HTTP to HTTPS click here.
3. Go for managed WordPress hosting
If you are someone who finds managing your business and taking care of your site a burden sometimes. You can always outsource some work. Even though a lot of people go for shared hosting as it is more affordable, it is very risky. Shared hosting uses a single server to manage different websites. That means that even if the hacker gets access to one site on the server all the others are automatically at risk. You should go for managed WordPress hosting as it provides proper management and dedicated staff for your site. Here at the breeze, we go an extra mile to keep your website secure.
4. Use WordPress security plugins
WordPress security plugins offer a wide range of features to make your site secure from threats. These plugins regularly scan your WordPress files, plugins and themes. It will notify you in cases there is an infection. Some of the most popular security plugins are WordFence, BulletProof Security, Sucuri Security. They come in both free and paid version. If you are running a small blog free version will be able to completely secure you. These plugins also scan posts and comments for any malicious code.
5. Prevent search engine to index admin section
Search engine crawlers index everything unless told otherwise. If search engine index your admin section it can be a security threat. You can stop this by creating a robot.txt file in root directory and place a code DISALLOW: /WP_*
6. Keep everything updated
Longer a version exists, higher the chances are that hackers have found a way to hack it. WordPress team works to fix such loopholes in security to benefit you. Keeping your WordPress up to date will make it harder for hackers to get in. Also, updating plugins and themes are as important as updating WordPress regularly. Plugins and themes act as a backdoor into your sites. Unless properly secured they can provide an easy access to hackers. Always delete the plugins that you don’t use anymore.
7. Change database table prefix
Your database contains every post, comment, and link you have on your website. If a hacker gets access to your Database there is a chance you will lose all the content on your site. To make the database more secure change your database table prefix. The default prefix is wp_ and you should change it to something more complicated like 7tg56h_
Backups are not only useful when your site gets hacked. Sometimes when you install a faulty theme or plugin, your site can crash. Every once in a while backup your site so even if your WordPress site is compromised, you will be able to restore it. You can try plugins like BackUpBuddy and All In One WP Migration for an automatic scheduled backup of your site.
Taking constant care of your WordPress security and cleaning up a hacked WordPress site is painful and time-consuming. If things go wrong, you may probably lose thousands of dollars.
This is why we recommend you to let experts do the job. Get a FREE health checkup for your WordPress website now.