![Page 1: Ways to know if your WordPress site has been hacked](https://reader038.vdocuments.us/reader038/viewer/2022100603/559403f81a28ab9f458b4799/html5/thumbnails/1.jpg)
Ways to know if your WordPress site has been hacked
![Page 2: Ways to know if your WordPress site has been hacked](https://reader038.vdocuments.us/reader038/viewer/2022100603/559403f81a28ab9f458b4799/html5/thumbnails/2.jpg)
• Having your site hacked is the worst thing to
happen to any site owner
• Sometimes it takes weeks/ months/ years to
detect a hack
• Easily identified only when front page is defaced
• Can cause extensive damage to your brand and
reputation
![Page 3: Ways to know if your WordPress site has been hacked](https://reader038.vdocuments.us/reader038/viewer/2022100603/559403f81a28ab9f458b4799/html5/thumbnails/3.jpg)
Look for the Obvious
● Some hackers like to work stealthily
● Some others like to announce their feats to the
whole world
○ Deface your site’s home page
○ Add unpleasant pop-ups
○ Redirect your site to a different URL
![Page 4: Ways to know if your WordPress site has been hacked](https://reader038.vdocuments.us/reader038/viewer/2022100603/559403f81a28ab9f458b4799/html5/thumbnails/4.jpg)
Defaced Home Page
• Most obvious sign that you’ve been hacked
• Change your home page for maximum impact
• Hackers often wipe out everything on your site, leaving just an image on your home page
• Image used can also be distasteful or explicit
![Page 5: Ways to know if your WordPress site has been hacked](https://reader038.vdocuments.us/reader038/viewer/2022100603/559403f81a28ab9f458b4799/html5/thumbnails/5.jpg)
Site Crash
• Attackers may be using up all the server resources
• Some important parts of your site may have been deleted
• Such activities often results in a site
crash
• Users see a 404 page not found
error on accessing your site
• Crash may also be an outcome of a
developmental activity
• Analyze your logs thoroughly to
narrow down on the root cause
![Page 6: Ways to know if your WordPress site has been hacked](https://reader038.vdocuments.us/reader038/viewer/2022100603/559403f81a28ab9f458b4799/html5/thumbnails/6.jpg)
White Screen of Death
• WSOD is an error in
WordPress manifests as a
blank white page with no
information
• Akin to Windows’ infamous
blue screen
• Stops your website from
working and you cannot
access the WordPress
dashboard
![Page 7: Ways to know if your WordPress site has been hacked](https://reader038.vdocuments.us/reader038/viewer/2022100603/559403f81a28ab9f458b4799/html5/thumbnails/7.jpg)
Website Redirection
• Your visitors are taken to a new URL on accessing your
homepage
• Achieved by modifying the htaccess file on your server
• Attackers add a rule to the htaccess file by which all your
visitors will be redirected to a site of their choice
• Some rules only match search engine bots and not your own
requests - go unnoticed for a long time
• The longer they’re active the more potential it has at
affecting your search engine rankings
![Page 8: Ways to know if your WordPress site has been hacked](https://reader038.vdocuments.us/reader038/viewer/2022100603/559403f81a28ab9f458b4799/html5/thumbnails/8.jpg)
Weird Pop-Ups
• Frequent, unexpected pop-ups opening on your site
indicates a hack
• Pop ups can also gather data on your browsing pattern,
capture cookies and send it to the attackers
• Clicking these pop up ads may downloaded other malware
![Page 9: Ways to know if your WordPress site has been hacked](https://reader038.vdocuments.us/reader038/viewer/2022100603/559403f81a28ab9f458b4799/html5/thumbnails/9.jpg)
Site Blocked
• If your site is suddenly blocked by your hosting, you may
have been hacked
• Repeated brute force attempts or a sudden spike in
bandwidth usage are possible reasons
• Some hosts send you a notification but most providers just
stay mum after blocking you
![Page 10: Ways to know if your WordPress site has been hacked](https://reader038.vdocuments.us/reader038/viewer/2022100603/559403f81a28ab9f458b4799/html5/thumbnails/10.jpg)
Scan Frequently
• Scan your site frequently to check for any anomalies
• Many options available - Wordfence Security Plugin, Sucuri
SiteCheck, and WPScan
• Scanners cover all known security issues including malware
infections, spam, and irregular redirects
![Page 11: Ways to know if your WordPress site has been hacked](https://reader038.vdocuments.us/reader038/viewer/2022100603/559403f81a28ab9f458b4799/html5/thumbnails/11.jpg)
Monitor File Changes
• When hackers try to inject malware into your site, they
upload malicious scripts
• The TimThumb vulnerability is one such example where the
uploads directory was exploited
• These scripts are then executed remotely to wreak havoc on
your site
• You must constantly monitor your files for any updates
• Plugins like WordPress File Monitor and WP Changes Tracker
help you monitor file activity
![Page 12: Ways to know if your WordPress site has been hacked](https://reader038.vdocuments.us/reader038/viewer/2022100603/559403f81a28ab9f458b4799/html5/thumbnails/12.jpg)
Monitor User Activity
• Unusual user activity is another good indicator of a hacked
site
• Hackers usually create admin users using SQL injection or
remote file execution attacks
• You must monitor your site for new admin users
• Attackers can also change existing passwords or assign new
roles to users
• Quite tricky to monitor unless you have tools like WP
Security Audit Log to assist you
![Page 13: Ways to know if your WordPress site has been hacked](https://reader038.vdocuments.us/reader038/viewer/2022100603/559403f81a28ab9f458b4799/html5/thumbnails/13.jpg)
Track Your Traffic
• Traffic monitoring gives you detailed information about your
visitors and also about hacks
• If you see a sudden surge of traffic from a country that you
generally don’t cater to, something must be wrong
• If you see a sudden dip in traffic, that can’t be right either.
• Keep a watchful eye on the traffic pattern is a must
![Page 14: Ways to know if your WordPress site has been hacked](https://reader038.vdocuments.us/reader038/viewer/2022100603/559403f81a28ab9f458b4799/html5/thumbnails/14.jpg)
Constant vigilance is the key..Stay protected, stay safe!