WordPress is popular not only for its ease of use but also for its tight security. This means that WordPress sites are least likely to get hacked theoretically. At the same time, reports suggest that as many as 136,640 attacks on WordPress sites take place every minute. So, the truth is that even though we may think WordPress websites to be highly secure, there are vulnerabilities which make them prone to cyber attacks. Here are some signs which can tell you when the site has been hacked. If you know how to identify these, you can detect attacks faster and get them resolved in time.
- One of the first signs which can tell you that the site is in danger of being attacked is when you notice a sudden fall in traffic to the website. Most malware will hijack site traffic and then direct these to other spam sites.
- When you notice that you are not being able to log in to the site, it is an indication that something is amiss. So, if you cannot get into the dashboard, it suggests a problem with the admin account. At times the hackers will delete the account to get control over your website. In such a situation, you cannot log in or rest the password as your account has already been deleted by the hacker. So, you need to readjust your site login on FTP clients like Filezilla by first deleting it and then re-installing a new version with a new WP install.
- If you find that the site appearance looks visually different it is an indication that an intruder has attacked the site. Hackers do this quite often and they place malicious codes which are not visible onto the site. When the bad code makes an entry into the website, it becomes visible only to the web crawlers. The codes will make the site slow and unresponsive and Google can track this. So, your search engine ranks automatically get affected. There are unwelcome links making an entry into the footer sections and the kind of content visible there attracts the wrong attention. Unwarranted content becomes visible to the visitors.
- Some hackers will try to misuse a website by sending spam emails; they penetrate the site and use the email servers to do this job. After the hacker breaks into the site to install scripts for sending out the emails from your IP, others will start receiving the spam emails. These recipients then start marking such emails as spam and your website automatically gets blacklisted and added to block list. So, if you notice trouble in sending or getting emails you should suspect that the mail server may have just been hacked. This may lead to your site getting blacklisted on Google as well. This is an issue which needs urgent attention to reduce long-term damage.
- When you run manual search results on the site and realize that meta descriptions have been changed or are not visible where they should be, it is a sign that there has been an unauthorized intrusion. The problem with detecting this attack is that everything looks absolutely normal from the dashboard. What happens is that the hacker puts malicious code in the site backend; so, the data changes in a way which is only visible to search engines.
- When sites allow new users to register, there are bound to be spam accounts. You will have to get rid of these. But, if you disallow registrations on the site, and yet you find new user accounts getting created, you should take this as a sign of intrusion and hacking.
- The best way to be informed of suspicious activities on the website is to use site scanners like Wordfence security plugin or Sucuri Security. One such common notification or alert is with regard to unknown files and scripts. Hackers often infect the site files and scripts with corrupt add-ons and they can then redirect the visitors to sites of their choice. The easiest way to do away with these unknown scripts and files is to access your site only through an FTP client. You can thereafter erase the malicious code and re-upload fresh versions of what you had deleted (which had been infected previously) but which are necessary for your files.
These are some of the easy-to-spot signs which can tell you when your site has been hacked. There are also some precautions which you may take to prevent the hacks from happening in the first place.
- You must monitor the site traffic using tools like Google Analytics. This will let you take prompt action whenever you notice anything unusual like sudden peaks and falls in traffic or spammy links or design changes etc.
- You must remember to use the updated version of the WordPress website and its themes and plugins. This means using plugins and themes specifically from reputed providers. This will ensure that there are no malicious codes or vulnerabilities in them.