how to tell if my wordpress website is hacked

How To Know If My WordPress Website has been Hacked

Last Updated on May 14, 2022 by WP Knowledge Hub

In this day and age, hacking is a major problem, and cyber-security is on of the biggest concerns for WordPress users.

If you believe your WordPress website has been hacked, you should look for these signs:

Signs That Your WordPress Website Has Been Hacked

Unrecognized Users Added to WordPress

The first thing to check is if your WordPress registration is open to everyone. Unless you have a very specific reason for allowing users to register on your site, it’s best to deactivate this.

Go to the WordPress Dashboard > Users > and check if you have suspicious user accounts. If you see any users you don’t recognize, and you know for a fact that they didn’t register themselves through open registration, and you’re positive no one else on your team has added them manually, you’ve been hacked.

Adult or Junk Links on Your Website

If you don’t have a firewall, it’s possible for hackers to use data-injection to create something called a backdoor to give them access to your files and database.

Usually this will manifest itself as links tricking your users into visiting malicious sites, or having unwanted ads (like the classic penis enlargement pill ads) or other unwanted pop-ups.

This is one of the most obvious ways to tell you’ve been hacked.

Someone Manually Ruined Your Website’s Content

Computer virus infection skull of death flat illustration for websites

This is probably THE most obvious way of knowing you’ve been hacked. Let’s not forget that hacking is not always super sophisticated, and it just also mean a person you know, stealing or figuring out your password.

If someone was targeting you for a specific reason (political activism, bullying, etc.), they might try to make you look like a bad person by changing your website content and images that paint you as an unfavourable person! Luckily, if this is the case, you can always just restore a backup!

Some hackers might ruin your website just to show off their skills, but usually replace your content with their own to try to scam you.

Hijacked Google Search Results

Sometimes, the Google search results from your website might show the wrong titles or meta descriptions.

If you look at the back-end of you page, and you will still see the correct results, but the search engines are picking up something entirely different, that’s a sign that you’ve been hacked.

The hacker has injected code visible only to search engines to ruin your reputation, or steal your traffic.

Drop in Website Traffic

Of course, a big drop in traffic all of a sudden, might also be the result of the above reason (hijacked search results). If you see your traffic has significantly dropped for no reason (know to you), that best thing to do is run a Malware Scan on your website with Sucuri Site Check, check your Google results to make sure they are showing correctly, and make sure you are able to log in to WordPress.

You Cannot Login into WordPress

By itself, this is not a sign that you’ve been hacked by itself, but rather, combined with all the other hints above, this could be a bad omen. There’s lots of reasons why you could lose access to your WordPress login, but luckily, there are other ways to via cPanel or FTP.

Here, you’ll want to check if you have any junk code in your core files or theme files.

WordPress Theme Files Have Junk Code

If your WordPress files have been changed or modified in any way, then this is an important sign that your WordPress site has been hacked, and you should take immediate action!

Hackers will usually change a core WordPress file and replace it with their own. They will also typically add junk code to the theme files, that will look something like this:

The easiest way to find the files that have been affected is by installing the Wordfence plugin that monitors the health of your WordPress files. You can also run a manual scan every now and then to stay extra safe!

Random Redirects

If your URL is suddenly redirecting users to malicious unknown websites, then your website has most likely been hacked.

This type of hacking is more popular on user’s websites that don’t have a firewall, and is often caused by a backdoor or malware installed on the WordPress website.

Cleaning Your Hacked WordPress Site

Cleaning up a hacked WordPress site is incredibly painful and difficult, but if you want to try to do it yourself, you should read this guide. But it’s definitely recommended that you let experts like sucuri clean up your website.