Something’s going wrong with your website, but is your WordPress hacked or is there another reason why things aren’t working as they should?
To help you determine the answer to that question, we’ve outlined ten common signs that a WordPress site has been compromised and what you can do to banish bad actors and restore your site to its full working glory.
In this guide, you’ll also find the common causes of WordPress hacking so that you can take preemptive measures to minimize the risk of being hacked in the first place.
Is Your WordPress Hacked? The Signs, Causes, and Solutions
1. Can’t log in to WordPress
Although being locked out of your WordPress dashboard could simply be due to incorrectly typing in your credentials, another common cause is that hackers have deleted your account or changed your password to stop you accessing your site and thwarting their malicious activities.
If you receive an error message telling you that your username doesn’t exist, that’s a strong sign that this is the case.
First, double-check that you’ve entered your credentials correctly and try resetting your password.
If that doesn’t work, you can use PHPMyAdmin to set your password by following these steps:
- Log into your hosting account
- Access PHPMyAdmin
- Open wp_users.
- Select Edit
- Enter a new password
- Save your changes
For more detailed instructions, see How to Reset Your WordPress Password.
2. Lost Administrator Permissions
You can tell if hackers have removed your administrator privileges by going to Users – All Users.
Article Continues Below
If you’ve been changed from an admin to a different user role like a subscriber, that’s a good sign that cyber attackers have been up to no good.
You can use PHPMyAdmin to create a new admin account like so:
- Navigate to wp_users
- Click Insert
- Create a new admin account and save it
- Find wp_usermeta and click Insert.
5. Fill in the fields as follows:
- unmeta_ID: This will be automatically generated, don’t add anything here.
- user_ID: The user ID you created for your new account
- Meta_key: wp_capabilities
- Meta_value: a:1:s:13:”administrator”;b:1;.
6. Add a second user_meta record. Keep the same user ID, but use the following details:
- meta_key: wp_user_level
- meta_value: 10.
This will set up a new admin account that you can log in to your site with.
3. Site Has New Content That You Didn’t Add
One of the most glaringly obvious signs that your WordPress site has been hacked is that it looks different.
It may be that the theme has changed, or your prime landing pages have been replaced with harmful content.
It could be that your menus have been flooded with spammy links or that pop-ups you didn’t create are now appearing on your site.
- Use a WordPress maintenance mode plugin to put your site in maintenance mode. This prevents visitors seeing the harmful content and keeps them informed of what’s going on.
- Use a reputable WordPress security plugin to search for and remove any malware and identify any other security problems with your site.
- Restore your content using a backup from the last time your site was known to be working correctly.
4. Site Redirects to Another Site
If entering your URLs redirects you to another site, one likely cause is that hackers have deployed a script on your hosting server.
1. Use a security scanner tool like Sucuri to review your themes, plugins, and core files for unfamiliar or suspicious code
2. Ensure all plugins and themes are up to date. Remove any that are out-of-date or no longer being used.
3. Restore your site from a backup
4. Change all passwords and remove unknown users from your WordPress users database.
5. Visitors Receive a Security Warning
Security warnings such as “Your Connection is Not Private” can be a result of an incorrectly configured SSL.
However, if you’re suddenly getting these messages despite everything previously working fine, a cyber attack is the most likely cause.
There are several different security warnings you might receive if your site has been compromised.
The best solution is to follow the instructions and guidance accompanying the specific error message you’re receiving.
6. Site Performs Slower Than Usual
As with most common WordPress problems, a slow-loading website could have many probable causes such as poor quality hosting, bloated themes and plugins, or hosting large media files.
Of course, it could also be that attackers have installed malware or other harmful files on your server.
- Use our guide to WordPress speed optimization to ensure there’s no other problems affecting your site performance
- Review your posts, pages, media files, and other content types for anything you don’t recognize that could be slowing you down.
- Log into your file manager or access your site via FTP to review your server folders for suspicious files
- Run a security scan and restore a backup.
7. Unknown Users Have Admin Rights to Your Site
Your site may still have been compromised even if there’s no immediate signs of malicious activity.
One way to tell if this is the case is to go to Users. Look for admin accounts that you don’t recognize, especially (but not exclusively) for those with suspicious looking email addresses.
- Delete any dubious-looking accounts right away
- Review PHPMyAdmin to ensure accounts have been fully deleted from your database
- Review all remaining user access to make sure that users have the minimal amount of permissions needed to perform their role.
8. Users Complain of Spam Emails
Hackers who gain access to your email list or customer database can use it to flood your users’ inboxes with spam.
When your customers alert you that this is happening, you need to take action immediately.
1. Check that the spam is coming from your email system and isn’t resulting from a different problem, such as email spoofing.
2. Communicate with your audience – Apologize, explain the situation, and outline what you’re doing to fix it
3. Remove unauthorized users from your WordPress site and any third-party platforms that you store customer contact details on
4. Change your password and implement two-factor security on all affected platforms.
9. Organic Traffic Has Plummeted
If your web traffic suddenly falls off a cliff over night, it may be because Google has penalized or de-indexed your site due to malicious activity.
- Open Google Search Console and navigate to Security & Manual Actions – Manual actions
- If you see anything other than the message “no issues detected,” that means Google has effectively punished your site for activity that hackers may have caused
- Follow the recommendations provided by Search Console to fix the issue and resubmit your site for indexing.
10. Security Plugin Sends a Notification
Finally, we come to the best possible argument for enabling email alerts on your WordPress security plugin.
When you do, you’ll be instantly notified of any possible threats or damage to your site.
- Monitor your site’s administrator email account regularly for security alerts
- Follow the advice of your security plugin to solve the problem.
What Caused My Website to be Hacked?
You now know how to identify signs that your website’s been hacked and regain control of your site.
However, if you know the common causes of hacked WordPress sites in the first place, you can take proactive steps to keep would-be attackers at bay.
1. Weak Passwords
Hackers don’t always use sophisticated methods to break into your site. If you have a weak password that’s easy to guess, that may be just what they do.
To prevent this, use unique passwords for your WordPress admin and associated accounts and learn how to enable two-factor authentication to stop attackers getting into your site even if they get your password right.
2. Outdated Themes, Plugins, and Core Files
Another common way to gain access to your site is by exploiting vulnerabilities in outdated versions of WordPress itself, or individual plugins and themes.
Enable auto-updates wherever possible and ensure that you’re always using the most up-to-date versions of anything installed on your site.
If your theme or plugin is no longer being updated by its developers, it’s time to switch to a new one.
3. Poor Quality Code
Your themes and plugins may be bang up-to-date, but if they’re poorly coded, hackers can still use them to gain backdoor access to your site.
It’s for this reason that you should only get your WordPress essentials from the official WordPress directories or reputable third-party sites like ThemeForest.
Is Your WordPress Site Hacked? Key Takeaways
By now, you should have a good idea if your WordPress site has been hacked and what to do to get back on track.
To sum up, you’ve now learned:
- Why your website was hacked – The most common reasons being weak passwords, outdated software, and poor quality website hosting.
- How to tell if you’ve been hacked – Some signs, such as redirects or replaced content are fairly obvious whereas others may be more subtle.
- How to get your site back in good working order – Most security attacks can be remedied by:
- Running your security plugin to identify and eliminate malicious files and code
- Restoring your site from a backup
- Changing your password
- Ensuring themes, plugins, and core files are all up-to-date.
See our top 20 security tips for more advice on how to protect your site from cyber attacks.