While the only real way to know if your WordPress site has been hacked is to examine the files on the server, I often hear common themes when people contact me to figure out what is going on with their site. I’ve compiled this list so that you can know what the warning signs are, as getting help early can lessen the damage to your site and business.
So here they are, in no specific order — the top signs to know if your site has been hacked:
- You see a sudden increase in spam.
Whether it’s e-mail spam, comment form spam, or contact form spam — if you suddenly seem to be getting a lot more of it, it may be time to check into the healthy and security of your site. Some clients have also reported an increase in junk mailing list signups, or receiving spam messages that have bounced back to their e-mail address. - Your site suddenly crawls to a halt, loads slow, or times out.
Your site may go slower if you have a post that went viral or you’ve recently installed a resource-heavy plugin… but if you haven’t done anything lately and your site is considerably slower, you may have something else going on there. - You receive complaints about resource usage or invoices from increased usage from your host.
If your site is suddenly using more RAM than usual, taking up way more drive space, or using a lot more bandwidth, you may have been hacked. - Your site starts acting funny.
If strange code, ads, or other weird behaviors start showing up on your site, it’s time to get checked out! - Your traffic changes dramatically.
If your traffic reports (such as those you see in Google Analytics) have suddenly surged or dropped, you may have a problem with your site. Getting hacked can cause Google to drop your search listings, thereby decreasing your traffic. A surge of traffic is seen when someone sets up malicious code and then sends a bunch of traffic your way. Again, you’ll want to take this in context — if you were posting a lot before and now are not, you’ll see a drop. If you have a post go viral or if you get a link to your site from another high-traffic site, you’ll see a surge. - Your site goes down or displays error codes when you try to visit it.
Scripts that are injected into your server can conflict with your existing code, thereby breaking your site. If you haven’t changed anything and your site is down, look into what is going on with your backend. - You receive suspensions and/or notifications from your host.
Sometimes people have no idea there is a problem until their host sends them a long list of problems. To make matters worse, these e-mails are often confusing and don’t have real solutions for fixing the problem! - Another site of yours has been hacked.
If you know that a site in your hosting account has been hacked, there is a good chance that the infection has spread to other sites in the same hosting account. - Your site has users that you don’t recognize.
If you suddenly start getting a bunch of guest registrations — or, worse yet, admin-level accounts have been added — you’ll need to address the situation quickly. - Your site redirects your traffic.
One of the worst viruses that I am seeing now will redirect all mobile traffic or all traffic from a certain geographic location to a site other than yours. I’ve seen the traffic redirected to shopping site, phishing sites, and even porn sites. If you try to visit your site from a phone and get redirected, or any of your customers report getting redirected when they click on your link, you should take this very seriously and get it cleaned up right away.
Worried you’re in danger of a security breach? Grab a WordPress Security Audit to secure your site and protect your businss!