Depending on who hacked your WordPress website, you’ll either see the annoying results quickly or be clueless while they do covert damage gradually. The latter one is more dangerous since you have no idea and everything seems to be operating normally. That’s why it’s rather important to find out how or if your WordPress website got hacked.
This way, you can rightly deal with the damage and the fallout of the hacking. It’s not always apparent, of course. These signs and indications that your website got hacked will be harder to detect the more skilled the hacker is. There are also times where you might be new to WordPress or being a site owner and you tend to ignore what appear to be glitches or bugs.
There are also other times where “ransom hackers” can threaten or extort you by telling you they hacked your website. Knowing how to check can save you the anxiety and trouble. Worry not because we’re here to list out some telltale indications that your website got hacked. Follow these signs and watch for them thoroughly to check if your blog is really safe.
Unwarranted redirections and popups
This one is a little bit obvious. Lots of users or site visitors can easily complain to you about this, meaning you’ll be notified quite quickly. However, it’s still damaging enough that your site is getting hijacked by another shadier site or operation. This can happen on your homepage or URL or even in some of your advertisements, some of which you probably don’t recognize or remember setting up.
Your site is more likely to be a target of this activity if its traffic is significant enough. You can also often see this happening in many insecure websites where clicking on an empty space leads to another site or produces tons of popups that lead to pornsites or other questionable domains.
Dramatic site slowdown
Site slowdowns can happen for a lot of reasons so a bit of misdiagnosis can happen. Still, if you do suspect that your website might have been hacked, this symptom can reinforce any findings you conclude. What you need to look for is a pattern, whenever your website slows down dramatically for no apparent reason, you might want to do some server-side tests or contact your web hosting service.
They can confirm whether it’s their servers or your hacked website that’s causing the slowdown. More often than not, hacked websites with lots of redirections and popups can put a lot of strain on the servers especially if the redirections lead offshore. As for checking your website speed, it shouldn’t be too hard to notice the big difference in performance from the usual optimal state.
Google/Antivirus warns users against visiting your site
One of the first things you can also do if you suspect that your website got hacked is to check Google. Google has a blacklist of hacked or insecure sites where users are warned upon entering the domain. An alternative to this would be having an antivirus extension installed on your browser; this also detects malicious or hacked websites. Most antiviruses on the PC already do this automatically.
Any website that has been hacked or has any malicious software or viruses clinging on to it will get a big red alarming warning sign which serves as an apprehensive welcome mat for the visitors. Now, if your website doesn’t get blacklisted even though it got hacked which can be improbable with how strict Google is, you can always try out the rest of the methods.
Your site is sending out spam
Regular emails to your subscribers or whoever’s on your email list is something you might also need to check. That’s because hacked websites tend to send out malicious spam emails. They can either do this everyone in your email list or maybe even to random users. Your visitors or loyal subscribers can inform you of this.
However, some of the more hapless ones can simply unsubscribe to your emails and thus damage your email list and SEO. These spam messages can be anything the hacker wants it to be. Sometimes they can even bundle up some malicious code or software in the spam emails; this can cause mass infections or worse, phishing attempts. It does help to have your own email subscribed to your website so you can check what it’s sending out.
Mysterious plugins and themes you didn’t install
You’ve likely heard of this before but it pays to always check your plugins and themes list. Updating them yourself also helps a lot to familiarize yourself with which ones are necessary or are outdated with no support anymore. Doing so can also help you check if you have actually installed some of them or not.
That’s because outdated plugins or those without support can open up a bunch of vulnerabilities and exploitable bugs for your website. Hackers can easily do this or they could also install some harmful software masquerading as a plugin or theme.
Your site comes up in an unrelated search result
We’re here assuming that your website is a legitimate domain or business. If you have nothing shady or illegal going on your website, there’s really no reason why it should pop up when someone searches for any form of contraband goods, right? Turns out that can also be an indication that someone infiltrated your website.
If you find out that your domain suddenly starts getting recommended from weird and unrelated search results, then you might want to check your security or if Google has blacklisted it.
Admin or user accounts you did not create
Last but not least, we have the most apparent display of hacking: admin accounts you did not create. Hackers or cybercriminals do this all the time to get unlimited access to your website’s backend. Sometimes they might even disable or change the password for the Admin.
Additionally, any user account or account of a lower WordPress function you did not create should be suspect. This could be hackers trying to test out the waters or doing things discreetly first. As you all know, prevention is always better than cure; so make sure that your blog security is solid.