WordPress hacks always feel personal, especially when you discover your website had been compromised for a while. This is why it’s important to recognize a hack from the first signs.
Cybersecurity is one of the biggest threats to anyone who has an online presence nowadays. This is because hackers keep hacking for a number of reasons have a number of motivations, and to them your website is the means to an end. It almost always feels personal though. At BlogVault, lot of our customers over the years have said they felt slighted by hackers, especially because they invested a lot in the creation of a site. And what adds insult to injury in many cases, is the fact that most victims didn’t even know they’d been hacked for months or even years, even if the hackers performed common attacks on the websites .
The scenario can be compared to having a home with the most secure doors, and many windows. When a thief breaks into your home only to steal a few slices of bread every day, since it’s small enough to not be noticed right away, the theft can go on for a while. In many case, the thief makes sure to not do anything that attracts your attention so you don’t know about the one window that makes the house easy to break into.
Although WordPress core is secure and has been kept safe, WordPress sites have a number of plugins, widgets, and themes, any of which might be vulnerable. So even if you notice something amiss, it can take a while to figure out which ‘window’ needs fixing.
This is why we thought of giving you a few signs of hacks to watch out for. If your answer to any of these questions is ‘yes’, you might need to invest in an intelligent malware scanner and cleaner, to clean out the instances of malware on your site.
Sign #1: Browsers warn visitors about your website with variants of “This site may be compromised”
Browsers like Mozilla Firefox and Chrome are kept up to date with relevant and new malware signatures. So if your website has malicious code and people look for it, they display messages just like the one below:
Sign #2: Subscribers complaining about spam mail from your website?
Here’s something to think about: If you’re not spamming visitors who have signed up to receive mail from your website, who is?
Sign #3: You’ve been hacked before, and noticed the same weird activity on your site
This could be because of a Backdoor that attackers might have installed during the last hack of your site. The main purpose of the Backdoor is to allow them continuous access to your site long after the main hack is cleaned. As a result, backdoors are generally unobtrusive so that they aren’t usually detected with hacked files.
So even if you have updated the vulnerable plugin/theme that the attacker exploited to install the Backdoor, the malicious code remains, and can still be used to grant them access to your site and resources.
Sign #4: Has your site suddenly become slow or unresponsive? Is it showing a 500 server error?
This is definitely one red flag to look out for, especially when you know the number of legitimate visitors to your site hasn’t increased, but your site has been slowing down or displaying the generic 500 error, like this one:
Usually this error results from an increased use of the server. Among a number of possibilities, this could be because the attacker is using your server to perform functions that you didn’t authorize, such as sending spam mail, using your server as a bot that they have total control over.
Sign #5: There are plugins/themes you haven’t installed, or admins you haven’t authorised
If an attacker gets admin access to your site, they obviously can do anything they want. However, if they choose a more devious action such as uploading a malicious file masquerading as a plugin to perform whatever function, they could not only do whatever they wanted, but also use it as a backdoor.
Sign #6:Visitors complaining about their PC Antivirus solutions flagging your site
Believe it or not, this is possible! Antivirus solutions that are generally used on computers are designed to protect the user(s) from malware that could be installed from a website. So if a user (who has this antivirus solution installed on their computer) visits your infected website that could affect the computer, warnings similar to this one might pop up:
Sign #7: Do pharmaceutical company search results show up when you look for your website?
The WordPress Pharma hack is a pretty famous attack. This hack used bad SEO tags such as those about performance-enhancing drugs, antidepressants etc. The thing about this attack is that it isn’t visible to the site’s regular visitors, or even if you check the HTML tags because the hack infects the site’s database and files. However, search engines pick them up, and obviously help the pages with these tags rank higher.
Sign #8: Visitors to your website keep getting redirected to other sites
Another red flag you should look for is if your visitors complain about searches for your website lead them to a blank page, some other domain, or back to the search engine.
Sign #9: Your web host has disabled your site
If you’re on shared hosting, this could happen as a result of your website using up too much of the server’s resources, or because of security issues (such as malware that could take control of the entire server, as in SQL injection attacks).
Sign# 10: Google, Bing, and other search engines blacklist your site
One of the most obvious signs that your site has been hacked includes that of having your site flagged by search engines. Search results for your site display results such as those below:
This is the ultimate sign, and one that brings the most ill reputation. If you’re running a business, having your website blacklisted is bad because Google and other search engines could even stop crawling or listing your site.
If you don’t see a warning among the search results, finding out if your website has been blacklisted is as simple as using sites like StopBadware, which is a subsidiary of Google.
If your site displays any of these signs, you should first make use of an intelligent hack scanner and cleaner, like MalCare, that doesn’t raise false alarms, and works quickly. Time is of the essence in the case of a hack.