How to know and what to do if my WordPress website gets hacked?

Table of contents

    At CyberOptik, we take a lot of extra steps to beef up the security of websites we host and manage. Sometimes, issues still pop up, and so it’s good to know how to tell if your site (or a site you’re visiting) has been hacked.

    IMPORTANT NOTE: you should always reach directly out to our helpdesk if you think you’ve been hacked and we’ll quickly review and fix any issues.

    10 Tell-Tale Signs A Website Has Been Hacked

    1. Your website has been defaced. This could be some sort of message on your website saying that is has been hacked.
    2. Your traffic numbers are down. It’s possible for a hacked website to begin forwarding your traffic elsewhere, even if you can view your website fine. Often, what we’ve seen, is that a hacked website may only forward traffic that finds you through a Google search.
    3. Google is warning visitors. If you search for your website in Google and it shows a warning next to your website address, this is absolutely a sign that either you’ve been hacked, or at least something funky is going on with your website.
    4. Spammy/foreign text in search results. If you Google your website and the title or description that shows is in a different language or is showing something unrelated to your company, there’s a good chance the site has been hacked.
    5. You can’t login to your admin account. If you cannot log into WordPress using your admin account, it’s possible that a hacker has changed your password somehow to attempt to lock you.
    6. Your website is super slow. While not one of the common things we’ve seen, if your site loads super slow, and other websites you visit are quick, it’s a potential sign.
    7. Random links on your website. Often what a hacker will do is attempt to add links to their own websites/content, to help drive traffic to them or help their SEO. If you see links in your header, footer, or even within the content of your pages/posts, and you didn’t add them, it could be a hack. Often these will be related to pharma, adult content, but could really be any type of link that you didn’t specifically add yourself.
    8. Unknown plugins or files. If someone can gain access to your site, they may attempt to upload files or install plugins to help further their goals. Touch base with your web designer before you attempt to remove/clean anything yourself.
    9. User accounts that you didn’t create. If you see a bunch of users on your website that you didn’t create, this is certainly something to take a closer look at, especially if those users are administrators.
    10. Random ads. If you’re getting ads when viewing your website, and you haven’t added them, it’s possible that they’ve been added through a hack. It’s also very possible that your computer is the issue (if your computer has malware/adware), so make sure that it happens from a different device as well.

    What Isn’t (Necessarily) A Sign Your Site Has Been Hacked

    1. Getting spammy/foreign language form submissions. This is often automated bot spam and isn’t an indication that your site has been hacked, but simply that they’re filling your website form out.
    2. Emails sent directly to you. If you get a suspicious email sent to you and it didn’t come from your website, chances are it’s not related to a hack (or at least not a hack of your website).

    What To Do If You’ve Been Hacked

    Don’t try to fix it yourself. While you may partially fix the issue or clean up what has been done, you want a professional to make sure any security hole has been removed, so the website cannot be reinfected and make sure everything has indeed been cleaned.

    What To Do After Your Website Has Been Cleaned

    If CyberOptik has cleaned up the hacked website for you, we’ll do as much of this as we can on your behalf.

    1. Make sure all plugins/software are up to date. Update all plugins, update WordPress itself, update your themes.
    2. Change your passwords. Change the password you use to access WordPress. Also, change the passwords of any other users on the website (at least all admins).
    3. Run a virus scan. After your website is clean, take the extra step and scan your computer itself to make sure you weren’t the source, and that nothing made its way to your computer. Anyone that works on your website should do the same.