It may be that you have had your WordPress hacked and you don't even notice it or that it takes a long time to notice it and that is completely normal. If you have any suspicions that your WordPress has been hacked, review the following signs to be sure:
1 - You can't log in
This is the most obvious sign that your WordPress has been hacked. If you try to log in to your WordPress and you can't, you have two options: either you were hacked or someone who shares their password with you changed your password and didn't tell you. You can be hacked for any number of reasons, but it usually happens when your username is one of these:
- admin
- admin
- administrator
- test
- root
That is, if your username is any of these you are an extremely easy target for hackers. So, change it right away.
2 – There was a sudden drop in traffic
Usually, when you have WordPress Hacked, there can happen to be an unexpected drop in your traffic. This happens because hackers create a backdoor into your WordPress file system, replacing the code with their own scripts and files, so they can redirect your website traffic to other places (like spam) and steal visitor information.
Another reason is that when Google discovers that your site is behaving strangely, your site goes to a kind of “blacklist”, so it doesn't receive any more visits until it is fixed.
3 – Your homepage has undergone changes (which you did not)
Many hackers act in secrecy, but there are some who like to show the world when they invade a website. If there have been changes (mainly vandalism) to your homepage or any other sign that you've had your WordPress hacked, take action right away. Hackers who do this usually want to hold your page hostage in exchange for something.
4 – There are pop-ups and other ads that you have not placed
Your site is slow and, in addition, it has pop-ups and ads that you did not place, it is a certainty that you had your WordPress hacked, but, very possibly, it was not by a hacker. This type of attack is usually automated and enters your system if your theme is weakly protected or your plugin is insecure.
This becomes dangerous because ads are not shown to users who are signed in or have direct access to the site. Often, they are only shown to visitors who access the site via search engines. So it takes you a while to realize that your WordPress has been hacked and your visitors end up on spam sites because of the ads, which hurts your traffic and your reputation.
5 – You notice unusual activity logs in the server log
To find out if your WordPress has been hacked, look in the server logs. It's very simple: look in cPanel, logging into your hosting account. There, you will find:
- Access logs: which show who accessed WordPress and from which IP;
- Error logs: which show what errors happened while modifying your WordPress system files.
Information recorded in the server logs can clearly show you if you have had your WordPress hacked as these logs record all the IP addresses used to access your site. Also, it is possible that you block unknown IPs.
I'm sure I've had my WordPress hacked, now what?
If you are sure that your WordPress has been hacked, rest assured that there are ways to recover your site.
Hackers have a habit of hiding scripts in different locations on your site or machine so that they have the opportunity to hack you again. If you don't take care of “cleaning everything”, there is a risk of having WordPress hacked all over again. While here in this article you'll learn how to remove all scripts, you might feel more comfortable knowing that your site was properly cleaned by an expert.
1 – Back up the website
If you're sure you've had your WordPress hacked, look for backups of your site. If the backup was stored on the same server as your website, there is a high possibility that it has been corrupted or no longer exists. Therefore, never store the backup in the same location as the website.
The most likely places where you can have a backup of your website are:
- Within your WordPress backup plugins service. If you have a WordPress backup plugin, chances are your website backup is stored there (either on your website or in the cloud) or on a cloud service (like Dropbox or Google Drive).
- On your cloud storage account. Check your Dropbox or Google Drive if you manually backed up the site and put it there.
- With your hosting provider. If you don't have a WordPress backup plugin or you haven't done a manual backup, the last chance is to have your hosting provider make regular backups of your site and have some saved.
If you can find the backup in any of these places, do so soon. So you can restore the site manually or use one of the plugins you created the backup in or ask your hosting provider to do it.
A good tip is to make a backup, and test to see if you can restore. Do not leave it to know if the restoration of your Backup works only when there is a problem, this increases the risk of losing everything.
2 – Remove all unused or outdated themes and plugins
You already know that themes and plugins are the most common ways you can get your WordPress hacked. So take care of them to reduce your website vulnerability. Once you've restored the backup, do the following:
- Browse the list of plugins and themes and delete the ones you haven't used in a long time, especially the deactivated ones.
- Look for plugins and themes that haven't been updated in a while because the longer a theme or plugin goes without updates, the more vulnerable your WordPress security is.
- Check your site's theme. If it's free, consider upgrading to a paid version or theme. That way, your website can be more secure.
3 – Update your username and password
Finally, to recover your hacked WordPress for good, update your username and password to keep your site safe from future attacks. To fortify your login information, please do the following:
- Make weekly changes to your WordPress password for some time;
- Do not use a default username (such as “admin” or “administrator”). Make a unique name for yourself;
- Create a strong password with a service like LastPass.
These tips are valid both for your WordPress login and for updating your hosting account or FTP account password. You can also avoid having your WordPress hacked by hiding the “wp-admin” directory and limiting login attempts to get into your WordPress.