At first glance, you may not be able to tell that your WordPress site has been hacked, especially if you are able to access it or if there are no obvious changes to its appearance. Today’s hackers are becoming more adept at infiltrating websites by secretly hiding malicious code into your website files. This can happen if you do not update your software, plugins or theme files regularly or if you download plug-ins or themes from unreliable sources. Once your website has been hacked, the hacker can gain access to your or your customers’ sensitive information continuously until you fix your website.
With identity theft on the rise, it is in your best interest to learn on how to determine if your WordPress site has been hacked so that the problem can be addressed quickly before further damage is done. If you find that your WordPress site has been hacked, you need to act quickly. You will want to shut it down before your hosting provider shuts you down. This means you will want to ensure you have a wordpress backup program or service in place before something like this happens.
There are a few ways that you may be able to determine if your WordPress site has been hacked by focusing on the following:
Suspicious Files on Your Webserver
Unless you know what you are doing, trying to figure out which files are suspicious and which ones belong to your website can be very difficult. If you delete the wrong ones, you may end up breaking your website. It is essential to maintain backups of your files so that you can quickly restore your WordPress site in the event critical files are deleted, compromised or destroyed while recovering your site or during a hacking episode.
If you are fortunate enough to spot the hack at a very early stage, one quick way to see if there are unusual files on your server is to see the date the files were added or modified. If certain files were uploaded with a day or so of the hack, they could be the problem. This assumes of course that you have not uploaded any files yourself during that time frame. Don't be fooled though if you delete these files that your website is safe again. These same files, or different versions of these files, could be residing in other folders on your website.
Unusual Access Log Entries
The access log to your website can provide you with insight as to when and from where you hacker was able to break into your website. It can be difficult to determine between good traffic to your site and the malicious visitors who are attempting to hack it. This information is best left for the experts who know what to look for and will take care to preserve the information in the event it is needed for legal proceedings.
By Taking a Good Look at Your Site
Your WordPress site may look perfect to you as the day you first put it up. However, take a closer look. You could have spam showing up in your site header or footer that could be advertising undesirable products or information, including drugs, pornography or illegal activities. The problem is that you may not be able to see this easily because hackers can be very good at hiding this advertising. For example, they could use white text on a white area of your page or dark text on a dark area so that you will never see it, but search engines will.
Run a site:yoursite.com search on Google and see what comes up on the pages of your website.
Reports from Users and Your Hosting Provider
Pay attention to reports from your users that they are receiving spam emails or are being redirected to other websites from your WordPress site. You may not be seeing the same things they are able to see being the hacker may have blocked you from seeing what is really going on with your site. If your website is sending out spam, you can expect to hear from your hosting provider that there is a problem. You will need to take quick action before your host shuts you down or before you end up on Google’s Blacklist.
Not everyone has the time to monitor their WordPress site on a daily basis, keep up with the frequent updates or the knowhow that will help protect your site from hackers. This is why hiring a service staffed with WordPress experts can save you time, money and most importantly, your reputation by making sure your website is kept safe and up-to-date for you and its visitors.
Bill is the CEO and Founder of InTouch Marketing. Bill drives the vision and direction of InTouch except when England's playing in a soccer tournament, because everything stops!