Getting hacked is the kind of thing that you might think only happens to other people. However, that heart-dropping moment when you realize you’ve been hacked changes everything.

The signals that you’ve been hacked aren’t always overt. For example, what happens if you enter your password incorrectly on the first few tries? You might not notice right away that your admin account is no longer available to you. It’s important to learn the signs that your site has been hacked now, to avoid presenting malicious content to your visitors without even realizing it.

In this article, we’ll explain what hacking is and why people do it. Then, we’ll introduce you to a few ways to tell whether your WordPress site has been hacked. Finally, we’ll provide some advice for what to do after the hack is discovered. Let’s get started!

What It Means For Someone to Hack Your Website

‘Hacking’ technically means when someone has gained unauthorized access to your website server. However, people often use the word to mean any situation where your website has been inappropriately interfered with.

There are two main types of hackers. ‘White hat’ hackers help improve security on the internet. Rather than breaking into your site and wreaking havoc, they notify you about any insecurities they find. Companies often hire white hat hackers intentionally. ‘Black hat’ hackers, on the other hand, aim to steal information or cause some other kind of trouble.

There are many common forms of hacking that put your site and its users at risk. Here are a few examples:

  • Someone may inject a script on your page for specific users, often over a shared public WiFi connection. This is called a man-in-the-middle (MITM) attack.
  • A denial of service (DOS) attack is when many requests are sent to your site at once, which overloads the server and crashes it.
  • Random data queries can be injected into your site, adding, removing, or stealing content.
  • In some cases, a hacker can gain complete admin access to your site and its data, and lock you out.

Security is vital, particularly if you store any user information or sensitive data on your website. Most hacking attempts are moments of opportunity, automated, and impersonal. 51% of WordPress websites are hacked because of a theme or plugin, and 8% due to a weak password. The rest are often due to poor hosting security. You can prevent your average attack by avoiding default credentials, enabling two-factor authentication, using Secure Socket Layers (SSL), and opting for a secure hosting server.

Now that you understand what types of hackers are out there, it’s time to find out what it looks like when someone attacks your site.

How to Tell if Your WordPress Site Has Been Hacked (6 Key Signs)

Each day, hackers experiment with new ways to gain illegitimate access to websites. So it’s impossible to predict all the signs that your website has been hacked. However, there are some subtle but common signals that will clue you into the most common hacks out there.

1. Unexpected Users Are Registering on Your Site

If you have registrations turned off and someone is still adding users, that means someone else has administrative powers. WordPress may send you new user registration emails, which can let you know this is happening, or you might find the accounts under the Users menu in your dashboard.

Suspicious users on WordPress site

In one case, a hacker was able to add their own PHP script to the server to bypass WordPress’ normal security measures. There are also many reports on the forums of similar automated users being injected through plugin security holes.

Exploits like this often stem from an outdated plugin or security issues with your host’s FTP. If all your plugins are updated, ask your hosting company’s technical support for help securing your FTP account.

2. You Are Unable to Access Your Admin Account

Your admin account should only be accessible to you, via your unique credentials. If someone changes your password or deletes your account, you’ll lose access. Alternatively, you might still be able to login, but find that your administrative controls are missing. In this case, the hacker left your account open but removed your ability to control WordPress.

If you’re trying to log in unsuccessfully, first check that you’ve entered your password correctly. Services like 1Password or LastPass help you always enter it right on the first try.

Incorrect admin password screen on WordPress

If that doesn’t work, the most likely culprit is a weak password. Prior to 2015, WordPress didn’t pre-fill a strong password during the user registration process. If you haven’t updated your password since then, we recommend doing so right away. As usual, outdated WordPress core, plugins, and themes can also leave vulnerable points on your website for hackers to exploit and are worth a look if this problem occurs.

3. Sudden Drops or Spikes in Traffic Appear in Analytics

If your site receives a stable amount of traffic, unusual drops or spikes is another troubling sign. This happens when hackers redirect existing traffic away from your website, causing a dip in traffic, or if they send new traffic to the domain after uploading their own malicious content.

There are a few likely exceptions to check for first. For example, Google pushes out regular updates to its search algorithms. If you get a lot of traffic from search engines, new updates can change your position in the rankings for certain search terms.

If your site has been hacked and is showing a dip in traffic, it is likely due to improper file permissions. These enable a hacker to add a custom redirect script to your WordPress site, steering unwitting visitors to a malicious location. To avoid this problem before it happens, you can configure your permissions more strategically.

4. Your WordPress Site Redirects to Another URL

Another huge signal that your website has been hacked is that it redirects to another site. If you Google your brand name, you may see an indicator that your URL has been compromised and is potentially harmful.

This issue often goes hand in hand with the previously discussed dip in traffic. Check your website while logged in and out of your admin account, as some redirects intentionally only impact users who are logged out (to avoid detection by the administrator for as long as possible).

There is one exception it’s worth being aware of, however. If the redirect goes to a location you recognize as appropriate to your business, and you have a dedicated developer, talk to them about the redirect first (as it may have been intentional).

5. Your Homepage Design Is Defaced or Displays Manipulated Content

If you open your website’s homepage and discover that it has been defaced or new content has been added, you have probably been hacked. This isn’t always as obvious as you might imagine; the change can be as subtle as a few new links.

Unfortunately, it’s also possible for a hacker to include hidden links on your site. However, you can spot this by being aware of your site’s intended content and paying attention to when something doesn’t look or feel right.

There are few exceptions in this situation. If your site includes content you (or your other users) didn’t put there, you’ve been hacked. Default credentials, such as using the admin username, are often to blame in this situation, another proof that it’s important to choose yours carefully.

6. Errors Show Up in the Browser

Most browsers warn you about potential security risks when you visit a suspicious site. If a warning appears when you are attempting to access your own website, this is a serious red flag. You can test for this at any time by checking Google’s Transparency Report.

Screenshot of Google security status checker

Typically, this problem occurs because your website has had suspicious code added to it. The warning prevents others from being infected by malicious viruses while visiting your site.

Obviously, if you’ve created a malicious or spammy website yourself, that’s on you! In all seriousness, however, if you run ads on your website or use any third-party widgets, you may want to contact their administrators to ensure that they are safe.

What To Do If Your WordPress Site Has Been Hacked

In the sections above, we’ve provided a few preventative measures to help you secure your site more effectively. In addition, we offered a few ways to track down the source of a hack and address it when it occurs. However, it can be helpful to have a more thorough guide for what to do if the worst happens.

If you encounter any of the signs above, you can run an audit through a tool like Is It Hacked?, by simply submitting your domain name to see whether any suspicious activity is detected. If there does seem to be a problem, you can follow our previous guide on how to regain access to your site and fix the issue as quickly as possible. Once your site is secured again, consider taking some steps to avoid future hacks as well.


Not fixing a hacked website as soon as possible can cause a major disruption for you and your visitors, and can put everyone who visits your site at risk. Knowing the warning signs, however, will help you catch the hack early and fix it as soon as possible.

In this article, we explained the most common types of hacking you might encounter, and presented some signs to watch out for:

  1. Unexpected users are registering on your site.
  2. You are unable to access your admin account.
  3. Sudden drops or spikes in traffic appear in analytics.
  4. Your WordPress site redirects to another URL.
  5. Your WordPress homepage is defaced or shows manipulated content.
  6. Errors or warnings are displayed in the browser.

Do you have questions about whether your WordPress site has been hacked? Let us know in the comments section below!

Image credit: NeONBRAND.

John Hughes

John is a blogging addict, WordPress fanatic, and a staff writer for WordCandy.

The post How to Tell If Your WordPress Site Has Been Hacked (6 Key Signs) appeared first on Torque.

Share This

We are using cookies on our website

Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.