Being the victim of a website hack isn’t always obvious. Here are five ways to tell if your WordPress website has fallen victim to a hacker, and they’re not what you might expect.
The most obvious first way to tell if your WordPress website has been hacked is that it’s not your website, meaning the front page was defaced with a political message or a shout out to the attacker’s peers. Or, bad actors put code in place to inject spammy content into every page on the website, often through the header or footer. This could be pharmacy spam or ads for counterfeit luxury items, or worse, code that drives visitors to malicious websites.
Now, not every issue with a WordPress website is attributable to a hack. Though it could be a symptom. If your website loses functionality when there were no legitimate code changes, or the design is broken in inexplicable ways (see number 1), it could be a sign of malicious activity. Again, a broken website could be an ongoing hack, an attempted hack that broke part of the website, or it could be a completely non-malicious issue.
Many search engines allow a webmaster to register their WordPress website to be explicitly crawled in return for recommendations for better search results. In the process of indexing a website, the search engine may find malicious content and alert the webmaster. Of course, a less than optimal way to find out a search engine flagged your website is to have a visitor or potential customer notify you that your website is blocked because it may be hacked.’
If an unknown admin user shows up in the WordPress dashboard, or you lose access to your admin account, this is a strong indication of a hack. Yes, attackers have ways of adding administrative users without logging into the WordPress admin dashboard.
Probably the worst way to find out your WordPress website was hacked is also probably the newest. Ransomware, like Cryptowall and Cryptolocker, compromises computers, encrypts key data files it finds on the local machine and network drives, and holds the encrypted files hostage for a sizable amount of Bitcoin. A new strain of ransomware targets website and web server files, and finding an unresponsive website and a text file named README_FOR_DECRYPT.txt on the server is an unpleasant way to get the news that your website was hacked.
If you do discover a hack, SiteLock is here to help. We offer an advanced suite of security services including malware scanning, auto-removal, and web application firewalls.