It's sometimes hard to tell the difference between a malfunction and a hack. But there are signs that your site may have been hacked. Today, let's take a look at the 8 most common signs to spot a hack on your WordPress site.
❌ Warning: if in doubt, it's best not to connect to the site administration. Indeed, if your site is hacked, this may allow the hacker to recover your password. What's more, the hacker may trigger certain actions automatically when you act on the hacked site, which would make the situation worse.
✅ If you think your site has been hacked, you need to suspend your hosting until your site's files and database have been dealt with directly.
Repairing a WordPress site requires respecting a scrupulous protocol like the one I offer in my repairing and securing hacked WordPress sites. If you have any doubts, contact me and we'll be happy to advise you. free assessment and immediate safety measures.
1. Unauthorized advertising and redirections
Unwanted ads or redirects to third-party sites appear on your site.
Cause and explanation
The hacker was able to penetrate the site's files and/or database to insert these ads and redirects. His aim is to steal your traffic to generate revenue.
2. Unable to log in as administrator
Your administrator password no longer works or seems to change unexpectedly after each reset.
Cause and explanation
The hacker has introduced a backdoor (code hidden in your site) enabling him to change all your passwords at will.
3. You receive notifications of rejected e-mails
You receive notifications of bounced e-mails (also known as "mailer-daemons") that you have not sent yourself.
Cause and explanation
The hacker is using your site to send emails, or may have compromised your email password. In some cases, they are simply using a poorly configured and insecure contact form as a platform to send emails to the recipients of their choice, which also needs to be addressed to avoid your blacklisting.
4. Google Safe Browsing or antivirus security alert
When you visit your site, your browser displays a "Dangerous or malicious site" alert, either via Google Safe Browsing or via your antivirus software. The blocked URL displayed belongs to your site or to a third-party site.
Cause and explanation
Your site contains URLs from phishingmalware, or redirects to malicious sites. Google maintains a database of these malicious sites, which all web browsers use to protect visitors.
5. Unwanted content and foreign languages
You see additional or modified articles or pages on your site. Often in a foreign language. And often with suspicious links to other sites.
Cause and explanation
The hacker controls your site. Either by adding an administrator account, or by using a backdoor to inject code into the database. This allows him to insert any content he wishes.
Not to be confused with "spam" comments. This concern needs to be addressed, but does not necessarily indicate that your site has been compromised.
6. Unknown users
You see one or more unknown administrator users in your WordPress user list. Sometimes you notice that your existing admin account details have changed.
NB: As you don't want to log in to the site administration, you can also see this in the database table wp_users (via phpMyAdmin for example).
Cause and explanation
The hacker controls your site. Either via an administrator account added or compromised, or (and this is the most common case) via a backdoor enabling him to inject code into the database. In particular, this enables him to control the site's users.
This is not to be confused with unwanted users registering on your site. This concern must be addressed, but does not necessarily mean that your site has been compromised.
7. Phishing pages
You may notice that some URLs or files (often .html) resemble pages from well-known sites, either through a statistics tool or when exploring your site's files.
Cause and explanation
This is called phishing. The hacker has taken control of your site and can write files of his choice into it, or write to the database. Phishing allows the hacker to lure visitors to your site whom he has previously sent bogus e-mails, in order to use it as a gateway to his victims' personal information.
8. Intruder files
To do this, you need to browse your site files via FTP or your hosting panel. Do you notice even one intruder file or folder in your WordPress files? Sometimes these are ".zip" files, and sometimes they're in the underlying folders. If in doubt, compare with the archive on wordpress.org.
Cause and explanation
The hacker has been able to send unwanted files to your site and now has complete control. He can read existing files and add new ones. He will usually have taken care to hide "backdoor" files throughout the files in an attempt to retain access to the site even if you clean up the content.
Further information
Ideally, you should host your site on a secure server, as I propose in my hosting and webmastering packages. In this way, hackers are automatically blocked, drastically reducing any risk of piracy. Also, malicious files are regularly scanned at server level, which is the most reliable way of proceeding.
If there are no special security measures in place on the server hosting your site, you can start by using the WordFence which, while cumbersome and slowing down your site, will at least scan your site for malware and protect you from some basic attacks.
If you spot any of these signs of piracy, don't hesitate to contact me. contact us for immediate assistance.
Constant vigilance is essential to keep your WordPress site secure. I offer this through my webmastering services.
In the next few articles, we'll be covering other topics related to the security of your WordPress site. Stay tuned.
Leave a Reply