Ways to know if your WordPress site has been hacked

• Having your site hacked is the worst thing to

happen to any site owner

• Sometimes it takes weeks/ months/ years to

detect a hack

• Easily identified only when front page is defaced

• Can cause extensive damage to your brand and

reputation

Look for the Obvious

● Some hackers like to work stealthily

● Some others like to announce their feats to the

whole world

○ Deface your site’s home page

○ Add unpleasant pop-ups

○ Redirect your site to a different URL

Defaced Home Page

• Most obvious sign that you’ve been hacked

• Change your home page for maximum impact

• Hackers often wipe out everything on your site, leaving just an image on your home page

• Image used can also be distasteful or explicit

Site Crash

• Attackers may be using up all the server resources

• Some important parts of your site may have been deleted

• Such activities often results in a site

crash

• Users see a 404 page not found

error on accessing your site

• Crash may also be an outcome of a

developmental activity

• Analyze your logs thoroughly to

narrow down on the root cause

White Screen of Death

• WSOD is an error in

WordPress manifests as a

blank white page with no

information

• Akin to Windows’ infamous

blue screen

• Stops your website from

working and you cannot

access the WordPress

dashboard

Website Redirection

• Your visitors are taken to a new URL on accessing your

homepage

• Achieved by modifying the htaccess file on your server

• Attackers add a rule to the htaccess file by which all your

visitors will be redirected to a site of their choice

• Some rules only match search engine bots and not your own

requests - go unnoticed for a long time

• The longer they’re active the more potential it has at

affecting your search engine rankings

Weird Pop-Ups

• Frequent, unexpected pop-ups opening on your site

indicates a hack

• Pop ups can also gather data on your browsing pattern,

capture cookies and send it to the attackers

• Clicking these pop up ads may downloaded other malware

Site Blocked

• If your site is suddenly blocked by your hosting, you may

have been hacked

• Repeated brute force attempts or a sudden spike in

bandwidth usage are possible reasons

• Some hosts send you a notification but most providers just

stay mum after blocking you

Scan Frequently

• Scan your site frequently to check for any anomalies

• Many options available - Wordfence Security Plugin, Sucuri

SiteCheck, and WPScan

• Scanners cover all known security issues including malware

infections, spam, and irregular redirects

Monitor File Changes

• When hackers try to inject malware into your site, they

upload malicious scripts

• The TimThumb vulnerability is one such example where the

uploads directory was exploited

• These scripts are then executed remotely to wreak havoc on

your site

• You must constantly monitor your files for any updates

• Plugins like WordPress File Monitor and WP Changes Tracker

help you monitor file activity

Monitor User Activity

• Unusual user activity is another good indicator of a hacked

site

• Hackers usually create admin users using SQL injection or

remote file execution attacks

• You must monitor your site for new admin users

• Attackers can also change existing passwords or assign new

roles to users

• Quite tricky to monitor unless you have tools like WP

Security Audit Log to assist you

Track Your Traffic

• Traffic monitoring gives you detailed information about your

visitors and also about hacks

• If you see a sudden surge of traffic from a country that you

generally don’t cater to, something must be wrong

• If you see a sudden dip in traffic, that can’t be right either.

• Keep a watchful eye on the traffic pattern is a must

Constant vigilance is the key..Stay protected, stay safe!