There are some clues that may help you figure out if your WordPress site is hacked. In this article I will share 10 some clue or common signs that your WordPress site is hacked.
10 Common Signs That Your WordPress Site is Hacked
1. Drop in Website Traffic
You can see your Google Analytics reports if sudden drop in your traffic it means that your WordPress site is hacked. There lots of malware and Trojans that hijack your website traffic and redirect it to spammy websites.
Second reason in sudden drop in traffic is Google’s safe browsing tool, which might be show warning in user browser regarding your website.
Check your website using the Google’s safe browsing tool to see your safety report.
2. Bad Links
Most common clue among hacked WordPress site is data injection such as SQL Injection etc. Using this method hackers create a backdoor on your WordPress site which provide them access to modify your WordPress files and database. You can block these type of attack using my previous article:
3. Spoiled Your Website Homepage
Attacker can spoiled your website home page. Some attacker usually replaced your website homepage with their own message such as your site has been hacked.
4. You are not able to Login to your WordPress admin panel
If you are not able to login to your WordPress admin panel, then there is a change that hackers may have deleted your admin account from WordPress.
5. Unknown User Account In WordPress
If you have enable open user registration and you are not using any spam registration protection then spam user accounts are just common spam that you can simply delete.
6. Unknown Files and Script on Your Server
Unknown files and script could be on your server. If you are using a site scanner plugin such as Sucuri. then it will will warn you when finds an unknown file or script on your server.
To fix this issue just connect to your WordPress site using FTP client and search unknown file and script in /wp content/ folder and delete it.
7. Website is Slow and Unresponsive
Your website may be under DDos Attack. These type of attack use several hacked computer and servers from all over the world using fake IP address. Mostly they send too many request to your server. Due to too many request your website become unresponsive.
You can check your logs to see which ips are making too many request and block them. If you are using Apache as web server you can see my previous article to prevent your server from DDos Attack.
8. Unable to Send and Receive WordPress Emails
Mostly WordPress hosting companies offer free email account with your hosting plan. Many WordPress site owners use their host’s mail server to send WordPress emails.
If you are not able to send and receive WordPress emails means this may be that your mail server is hacked.
9. Pop ups Under Ads on Your Website
This type of attack try to make money by hijacking your website’s traffic and hackers shows their own spam ads for illegal website. These type of pop ups does not appear for logged in user or visitors accessing a website directly.
These type of pop ups only appears to the users visiting from search engines.
10. Hijacked Search Result
If you are getting incorrect title or meta description in search result for your website then this means your website is hacked.