Signs Your WordPress Site Has Been Hacked


Signs Your WordPress Site Has Been Hacked

It really sucks when your website gets hacked. It might be hard to detect any anomalies when the hacker knows the in and out of hacking. Nonetheless, make it a habit to check your site regularly for any firewall breaches.

Therefore, how do you know you are a victim of hacking?

An abrupt decrease in traffic

Google Analytics report will have all trends for any website including visitors to the site. There are some viruses which hijack and redirect traffic to spam websites and can hinder detection of logged users.

One reason that might explain a decrease in traffic is Google’s safe browsing equipment which will warn users against accessing the site due to compromised security.

Bad links added to your website

Another sign of hacking on WordPress sites is unexplained data injection. This method by hackers creates a backdoor that gives them access to modify or alter the database for your WordPress site.

Some created links may connect to spam websites in one way or the other. Sometimes these links are strategically placed on footer sections but there isn’t a sure way of ascertaining this, and deleting them might be unwieldy.

The following happens in case of bad code:

  • Affects your search engine result ranking by slowing the site down and making it more traceable to crawlers.
  • Unwanted attention will be created by footer notes which cause inappropriate links.
  • Unsolicited content, other than the intended one, may be shown to any visitor to the site.

All backdoors should be traced and eliminated to evade data injection.

Inability to access your site

If you have trouble accessing your website, there could be some mishap within your administrator account. If the administrator account is deleted, hackers can access the site unrestricted and you cannot regain any control to rectify the situation.

However, you should regain control by using the website’s wp-login.php via an FTP client to delete and install a new version with a better WordPress install. Afterwards, revamp the code and start afresh.

Incorrect Meta in search results

This is detected if you notice the Meta descriptions are not the usual or have changed. Even to the expert coders, all will seem normal just the way it should be. This is caused by a harmful code incorporated into the backend of the site creating changes that are noticeable to search engines only.

Suspicious User accounts in WordPress

If you have an account that permits user registration and have no protection against spam accounts, this is something you would see often.

Nevertheless, if you restrict user registration and still notice new accounts, your website might be compromised. Occasionally, the accounts have an administrator role and deleting them is not easy.

Slow or unresponsive website

Many websites have been victims of service attacks at one time. Normally, these are organized by users of several computers using a fake IP to breach your firewall or send uncountable requests to your server. To get rid of the accompanying lag, all suspicious IP addresses should be blocked.

However, the website could just be slow and not hacked.

Unusual activity in server logs

Server logs have a record of all errors on your servers and web traffic. If used correctly, they can identify whether the site is hacked or not.

Additionally, they have IP addresses which access your site and will help to block suspicious ones.


Always be on guard against any malicious attempts against your WordPress site. The warnings are clear and immediate action can patch up the problem before it takes a huge toll on traffic.