6 Signs Your WordPress Site Is Compromised
WordPress powers roughly 15 million websites worldwide -- and that's a conservative estimate. The platform is the most dominant content-management system (CMS) at work today, with 60 percent of the global CMS market. If you own a website, it likely runs on WordPress.
Here's the bad news: WordPress sites top hackers' popularity list, too. Web-security firm Sucuri revealed that 78 percent of the 11,485 compromised websites it investigated during the first three months of 2016 were powered by WordPress.
Cyber criminals don't care if your company returns a merely decent annual profit or runs a small site with only a few monthly visitors. Your size doesn't magically insulate you from hacks. If you're online, you can be hacked. These six red flags could help you discover if your WordPress site is compromised and take decisive steps to kick hackers out of your web space.
1. You can't log in.
Your first clue? WordPress doesn't recognize your email address/username or password. This is the rare occasion you hope for a typo. Try again, making sure you've spelled everything correctly and you haven't engaged the caps lock. (It's the equivalent of making sure the printer is plugged in, but it does happen.)
If you're new to WordPress, you might wonder how a user can get locked out of his or her own account. Hackers are an enterprising bunch, however. If one is bent on accessing your database, she or he will go to extreme lengths to take control of your site.
Hackers usually steal login details by brute force. They use automated programs that run thousands of possible username/password combinations in a trial-and-error process. Then, once they're in, they change your administrator privileges so you can't make changes to correct the situation. Or they might delete your account outright.
2. Your site is unusually slow or unresponsive.
If your site is uncharacteristically slow, the lag could be caused by hackers trying to brute-force their way into your site or injecting malicious code. Another possibility: Your site is on the receiving end of a random denial-of-service attack. This tactic employs several hacked computers and servers with fake IPs to overwhelm your server with more requests than it can handle.
Any one of these activities has the potential to make your website slow, unresponsive or even unavailable. If you’re managing several sites, consider using pingdom to measure the speed of each. This free, online tool allows you to test your website’s speed from different locations. Review your server logs periodically to learn whether a few IPs are sending far too many requests. Then, block them.
If you’re confident your site isn’t hacked, check for poorly coded plugins and external scripts or an improperly configured web-hosting server.
3. You can't send or receive WordPress emails.
Hackers love to turn your websites against you. If they're using one or more of your sites to send large volumes of spam, your WordPress email account will register significant delays. In addition to slugging up your site's performance or rendering it unresponsive, this action will prevent you from sending or receiving WordPress emails.
4. Your page displays another website's content.
Imagine you're attending a marketing event or conference, and you hit it off with a potential client. You decide to impress him or her further by showing off your stellar website. The site temporarily loads -- and then redirects to an entirely different site. As you frantically contemplate the most logical way to recover, you should know one thing: Your site has been hacked. This scenario typically means someone has gained unauthorized access to your server and inserted improper code in your site's root directory.
5. Google flags your site as insecure.
Google warns visitors against accessing sites it perceives as infected. This means clients and potential customers will be turned away from your pages and discouraged from transacting business with your company. Users will be cautioned that interacting with your website could infect their systems with malicious software that steals information or otherwise harms their computers and networks.
6. Your web host takes your site offline.
Most web hosts will notify you immediately via email when your site is removed from service. Assuming you haven't let your subscription expire, this is a protective action. If left online, a hacked website can spread malware to other servers and continue the chain reaction.