How to know when your WordPress Website has been hacked

Here at the Code Den we like WordPress … A lot! An increasingly useful content management system with every day that passes by, it’s developers try to ensure that it is always updated in terms of features, plugins, compatibility and most importantly security. We recently posted a blog about WordPress’ developers patching the latest wide-open security flaw, if you’d like to read that you can view it here. However, today we’re discussing the five biggest warning signs that could signify a potential compromise of your WordPress site, don’t be immediately alarmed if just one of these things happens, there are many things that can cause these things to happen and the answer isn’t “I’ve been hacked” every single time. However, you should bare them in mind, so you can investigate yourself. So, without further-a-do let’s get to bringing your WordPress security knowledge up to scratch, with our five signs you should watch out for, that could signify a compromised WordPress site.

Your site is slower or more unresponsive than usual…

Of course, poor hosting will also mean that you have a slow or unresponsive website, but let’s say that one day you get into work, log on to your PC and load up your website in your browser of choice (hopefully not edge!) And you click a button on your navigation bar to view your most recent blog… but then you end up waiting for a little while longer than usual, or your navigation button isn’t working full-stop, then you should raise your concern over the issue, as it is a sign of malicious slow acting code or a program that has been executed to slow down or remove the function of the navigation options all-together. Of course, there’s also brute force attacks (a program that randomly tries infinite passwords one after another) that cause a lag or slow-down in connectivity to your site. Either way, better get your digital guys onto that… or yourself if you are that guy!

Another sites content is placed into YOUR website

Imagine going to show your family/ friends/ colleagues your brand new stellar website that you have made with WordPress and as you load up the page you notice something isn’t quite right… Your navigation buttons may have changed from “About Us” to “Buy Foreign Currency” and your main blurb of text from the home page resembles something that a toddler had drawn, you may be suspicious…. And worst of all your colleagues are watching so it makes you look as bad, which we know isn’t true, but they’ve just been shown otherwise… This is a definite sign of a compromise of your site as this is just a method that hackers use to optimise their own content through somebody who is more optimised, as it makes them money through clicks and advertising. You should report this if you see this!

Logging in just became IMPOSSIBLE!

You’ve gone onto your computer, opened your browser, typed your websites URL in with /wp-admin as the suffix and you type in your incredibly safe log in details, then there’s a bit of a break of awkward silence before you get the all too lovely “You’ve entered an incorrect password or username” prompt. So, you go back and check your password another 2 or 3 times but NOPE it doesn’t want to do it still… It may be that your site has been hacked into and the hacker has inserted lines of malicious code or a program that will execute to change your login information. This is to stop you logging in, so you can’t really be the administrator, which leaves that option open for the hacker. Of course, it could be that you just mistyped the information concerning your password and username, which is why it’s important to make sure before reporting it as lost or hacked.

Your site is removed by the host

Web hosting is where your site is stored on a server, the better the server, the better the service in terms of speed and security. Most hosts will notify the website administrator via e-mail or error messages if a site goes down, or is removed from service. Usually this is a protective action by the server to stop the spreading of malware from an online infected website to other sites and pages on the server, almost like a chain reaction. It is an absolute definite that your site is affected if you receive these notifications, however it is up to you and your service provider to get the site back online with less vulnerability than before, but it is a definite sign!

Site is flagged by Google

So, you play by the rules, you don’t duplicate your content, you don’t just fill blank pages with dodgy external links, you don’t put malicious code or misbehaving JavaScript into your website and you create some dynamic and interesting content… That makes you, sir, a good person in the eyes of Google… but just as you access your website you get a red screen and a message that reads “The site ahead contains harmful programs”. What? Excuse me? … don’t freak out you’re not an unintentional cyber-criminal… It would just appear that your site has been infected with some sort of SQL injection or successful brute force attack and the hacker or program has caused changes in the information within the website, to a point where Google’s auditing system has detected that most of the click areas on the page are malicious, therefore Google (in the interest of protecting web surfers to protect their own image) will prompt you with an option to leave the site. You should report this because it is a definite sign that someone, who you haven’t given permission to, has corrupted a lot of data within your sites database layer.

So, there we have it… five things to look out for, that may suggest an attacked WordPress website… We hope you found this article informative and most importantly we hope this type of thing should never happen to those who play by the rules. However, if you find yourself in a bit of a pickle with WordPress and/ or are having any of the above issues, you can contact the Code Den here and you can count on us for some help!