WordPress Hack Recovery

Has your WordPress website been hacked? I have fixed and cleaned hundreds of WordPress sites

How to tell if your WordPress Website has been hacked:

I have compiled a list of symptoms that you may experience if your WordPress website has been hacked. Don’t worry, all is not lost.

While this is 100% preventable, there are common things that I like to say are WordPress 101. There are things you can do right from the start to mitigate the chances of your WordPress site being hacked.

Some of these things are:

  1. Never use “admin” as your admin username or password
  2. Turn off all commenting.
  3. Do not allow users to register.
  4. Use a strong password (16 characters with numbers and special characters).
  5. Keep your plugins update-to-date at all times.
  6. Keep your themes up-to-date at all times.
  7. Keep free plugin installations to a minimum.
  8. Use only premium (paid) plugins.

 

Your website's homepage has been modified or changed with something other than what is supposed to be there.

This type of hack usually defaces the homepage, or changes the homepage from what it is supposed to be, to something that the hacker or bot wants it to be. I have seen this several times and can usually be fixed rather quickly.  What takes a little longer is diagnosing how the hacker or bot was able to get into the site and make those changes.  I can figure that out. While this is the most obvious of hacks, most hacks purposely want to remain unannounced and unnoticed.

Some hackers do this to let you know and announce that they have hacked your site.  It is kind of like bragging rights, while other hackers will try to extort money from you or the site owner.

Bad links have been added to your WordPress Website (Phishing / scam / spam / spyware).

WordPress Website Hack | Spyware

Some hacks redirect URLS, and you could get Google Search Console error notifications.

The most common sign of a hacked WordPress site is data injection. This is usually done by using a backdoor into your WordPress site.  It is usually done if the WordPress site has not been maintained properly by keeping WordPress Core updated, plugins updated, using strong passwords, or questionable plugins on your site.

 

You are not able to log into the Admin area of the WordPress site

You know your WordPress username and password.  You try to reset your password, but can’t. Maybe even the login page is blank with no way to login. If this is the case, your WordPress website has been hacked.

Once your site has been hacked, it is possible that the hacker has deleted your administrator account!  This, too, is also fixable.

Suspicious admin accounts have been added.

MindChip Industries| WordPress Website Hack | Malware | Spyware

If users have been added your site, but more importantly, admin accounts have been added to your site without your knowledge, your WordPress site has been hacked.

It is normal to have “subscribers” registers to your site, but most WordPress websites should have user registration turned off.  There are instances where one would want visitors to register.

Strange and unknown scripts or files are suddenly found on your server.

Some hacks use a variety of ways to infiltrate your site, and once they are in, they do whatever they want. One way to tell if your site has been hacked is if there are unknown, and odd named files, directories and scripts on your WordPress site.

Your WordPress Website is suddenly unresponsive or slow.

When extra code is injected into your WordPress site, that code can severely slow down your site. It makes sense since there is extra stuff loading in your site that shouldn’t be, and many times, these kinds of hacks are meant to eat up resources of the site, while putting a strain on the server that hosts the site.

Another way that your site can become slow is that your site becomes a victim of a distributed denial-of-service DDoS) attacks. These attacks use hacked computers from all over the world using fake IPs. What happens is there are too many requests for a single website, and that will overload the server that your WordPress Website is on.  Once this happens, (and usually on shared server hosting), the shared server system resources get maxxed out, and your site along with all the others on that server become slow.

I have a solution for this as well, since I recommend WordPress Dedicated Hosting utilizing the Google Cloud.

Your WordPress website fails to send / receive emails.

When some WordPress sites are hacked, the email function is aggressively used to spam out emails from your site. This can cause your host to shut off email functions to your site.

If a server gets hacked, hackers can use the server to send out spam. Most of the time, WordPress website owners usually use their hosting company to send out WordPress emails. Once the hosting company figures this out, they can shut off the email function, or even worse, your email domain gets blacklisted, and email servers will not allow emails to or from your email address.

 

There are suspicious scheduled tasks or scheduled posts.

If you have pages and posts that you have not created, or posts that are scheduled to publish in a future date that you have scheduled yourself, your WordPress Website has been compromised.

Server Logs show unusual activity.

Server logs show an increase in activity for pages you have not created.

When Google searching your company, your website is showing Hijacked search results (usually foreign characters)

WordPress Website Hack | Malware | Spyware

Odd URLs are showing up in searches for your website.

Popup ads or warnings saying your computer is infected

If your browser is trying to tell you something, or the WordPress site itself is triggering the popup where you never had one before, wanting you to “scan” your computer, (unless that is what your business is), your WordPress site has been hacked.

 

An unexplained decrease in website traffic

WordPress Website Hack

Has the traffic to your WordPress website decreased abruptly?

Google has a safe browsing tool that shows warnings to users regarding websites. If your WordPress Website has been hacked, Google may already know about it, and flag your site as unsafe to visit. While this is alarming, it is only temporary, and once the site has been cleaned, there is a way to get Google to re-index your site and re-verify.

Another hack includes redirecting pages of your site to some other site, which would then show up on Google Analytics as a drop in traffic.

Click me for a modal
[gravityform id="1" title="false" description="false"]