Has My WordPress Site Been Hacked? A Guide To Read The Signs

Published 30 June 2021
Updated 12 July 2023
Darius Sveikauskas
Bounty & Data Overlord
Table of Contents

This guide will help you give answers to the question - has my WordPress site been hacked?

WordPress sites get hacked all the time, so you need to make sure that you can recognise the signs of a hack as soon as possible.

To try and aid with this, we’re looking at some of the top signs that your site has been victim to a hacking.

Your browser shows a warning when visiting the site

If you get this message when you try and visit your site, then you have most likely been hacked.

Nearly all browsers have a safe browsing mode. This prevents dodgy sites from being accessed.

google blacklist

If a warning comes up on your site, then it’s been flagged by your browser and is possibly malicious.

Read more about what to do when your website is flagged for malware here.

You get a message from Google

If you’ve linked your website to the Google Search Console, then you’re liable to get an email from them which notifies you when the website has been potentially hacked.

They also might send you a message, but in either instance, it’s a sign that they’ve detected malicious code on your site, and you should take it offline to check for hacks.

Read about Google blacklist and how to get out of it here.

The hosting company has disabled the website

Sometimes, you’ll find that WordPress has actually taken matters into their own hands, and shut down your website.

hacked website

This is because they’ve detected malicious code within the site and are trying to contain it. This is a pretty good indicator you’ve been hacked, but contact the customer service and confirm it.

Read about dangers of shared hosting here.

Customer complaints over hacked credit cards

It’s not uncommon for people to not know about getting hacked while their credentials are being stolen. Credit card companies also monitor for fraud and contact the card holders when they find something suspicious.

If this is the case, it can be because of them using their credit card on your hacked site.

You send out spam emails

A big sign that your site has been hacked is when you find that all of your emails have been trapped by spam filters.

WordPress site been hacked
Picture from: https://zapier.com/blog/how-to-stop-spam-emails/

This is because hackers use your address to send millions of virus-ridden emails to people, and the email address has been blacklisted by the major email providers.

Strange looking JavaScript in your website code

If your website code contains any new script that you didn’t put in, treat it as a potential hack. If it looks strange, cryptic or otherwise confusing, it doesn’t belong on your site.

This can hopefully be spotted early, just by making sure that you check the site at routine intervals.

Slow website and error messages

Another problem which you may encounter is that your site slows right down and stops working.

This is sometimes a symptom of poor performance, but it’s usually indicative of a hack.

connection timed out

If your site used to run really well, and now it’s crashed, then you most likely have a hack in your system.

Unexplainable error messages in error logs

We all make mistakes. But if you know that there’s only a handful of error messages in your system one day and the next there’s pages worth, you’ve possibly been hacked.

It’s a sign that hackers are infiltrating your system and making a lot of mess while doing it.

Your files have been modified

Another sign that you are the victim of a hack is when the files in your WordPress site are altered without your knowledge.

If something has been changed, and you didn’t do it, treat it as a hack. Check your site regularly, to make sure that the files are all safe.

Ads and popups open when you enter the site

This is a pretty big giveaway that you’ve been hacked. Did you put the adverts and pop-ups on your site that lead to dodgy casinos or insurance sales?

If you didn’t, you’ve been hacked. Customers will click on them, thinking they’re safe, and get hacked themselves. If you’ve got them, you’re in trouble.

Your website is being redirected to other hacked sites

One way in which you know you’re hacked is when you find redirects to sites with viruses without your consent.

This means customers will be sent to places on the internet that will bombard them with half a dozen viruses at once.

Read more how to deal with redirects here.

Traffic spikes, sometimes on pages that aren’t real

A surge of web traffic is good, but it’s also potentially sinister. If you’re getting a sudden flood of traffic on your site, on a page that doesn’t exist, there’s a very high chance you’ve been hacked, and that the hacker is using you to trap more people.

Has my WordPress site been hacked?

Overall, these are just a few of the signs that your WordPress site been hacked. The bad news is that it’s pretty easy to hack a website these days, and a determined hacker will eventually get through.

However, the good news is that there’s a lot of signs you’ve been hacked. It’s often pretty easy to tell when something has gone wrong; an alteration to the code, complaining customers, or just other things which don’t fit with the way your site has behaved before.

The aim of this article is to help you to find the signs as quickly as possible and shut down or clean the site promptly.

You want to contain your site, and stop the malware from spreading to other places. These hacks are big problems and they’re a major pain to deal with.

If you know what you’re looking for, you can find the symptoms of an attack and stop it before it spreads. If you stay alert, you’ll be able to stop or threats quickly or even prevent hacks from happening in general.

What could be the cause of your hacked WordPress site?

One of the reasons your site may be hacked is when you have used nulled themes or plugins.

Other reason can be because you have vulnerable plugins or themes on your site.

It's important to always keep your plugins and themes updated, if you need help with that check how to auto-update vulnerable themes and plugins here.

You can keep an eye on plugin vulnerabilities and your overall WordPress site security by using Patchstack. You can learn more from here.

The latest in Security Advice

Looks like your browser is blocking our support chat widget. Turn off adblockers and reload the page.