Get All Access for $5/mo

6 Signs Your WordPress Site Is Compromised Sluggish loading times? Redirects to other sites? These red flags need your attention now to protect your company's information and reputation in the weeks ahead.

By Tobi Abdulgafar Edited by Dan Bova

Opinions expressed by Entrepreneur contributors are their own.

kupicoo | Getty Images

WordPress powers roughly 15 million websites worldwide -- and that's a conservative estimate. The platform is the most dominant content-management system (CMS) at work today, with 60 percent of the global CMS market. If you own a website, it likely runs on WordPress.

Here's the bad news: WordPress sites top hackers' popularity list, too. Web-security firm Sucuri revealed that 78 percent of the 11,485 compromised websites it investigated during the first three months of 2016 were powered by WordPress.

Related: The Worst Reported Hacks of 2017 -- So Far

Cyber criminals don't care if your company returns a merely decent annual profit or runs a small site with only a few monthly visitors. Your size doesn't magically insulate you from hacks. If you're online, you can be hacked. These six red flags could help you discover if your WordPress site is compromised and take decisive steps to kick hackers out of your web space.

1. You can't log in.

Your first clue? WordPress doesn't recognize your email address/username or password. This is the rare occasion you hope for a typo. Try again, making sure you've spelled everything correctly and you haven't engaged the caps lock. (It's the equivalent of making sure the printer is plugged in, but it does happen.)

If you're new to WordPress, you might wonder how a user can get locked out of his or her own account. Hackers are an enterprising bunch, however. If one is bent on accessing your database, she or he will go to extreme lengths to take control of your site.

Hackers usually steal login details by brute force. They use automated programs that run thousands of possible username/password combinations in a trial-and-error process. Then, once they're in, they change your administrator privileges so you can't make changes to correct the situation. Or they might delete your account outright.

Related: Password Statistics: The Bad, the Worse and the Ugly

2. Your site is unusually slow or unresponsive.

If your site is uncharacteristically slow, the lag could be caused by hackers trying to brute-force their way into your site or injecting malicious code. Another possibility: Your site is on the receiving end of a random denial-of-service attack. This tactic employs several hacked computers and servers with fake IPs to overwhelm your server with more requests than it can handle.

Any one of these activities has the potential to make your website slow, unresponsive or even unavailable. If you're managing several sites, consider using pingdom to measure the speed of each. This free, online tool allows you to test your website's speed from different locations. Review your server logs periodically to learn whether a few IPs are sending far too many requests. Then, block them.

If you're confident your site isn't hacked, check for poorly coded plugins and external scripts or an improperly configured web-hosting server.

Related: Your Startup Should Think About Security From the Beginning

3. You can't send or receive WordPress emails.

Hackers love to turn your websites against you. If they're using one or more of your sites to send large volumes of spam, your WordPress email account will register significant delays. In addition to slugging up your site's performance or rendering it unresponsive, this action will prevent you from sending or receiving WordPress emails.

4. Your page displays another website's content.

Imagine you're attending a marketing event or conference, and you hit it off with a potential client. You decide to impress him or her further by showing off your stellar website. The site temporarily loads -- and then redirects to an entirely different site. As you frantically contemplate the most logical way to recover, you should know one thing: Your site has been hacked. This scenario typically means someone has gained unauthorized access to your server and inserted improper code in your site's root directory.

5. Google flags your site as insecure.

Google warns visitors against accessing sites it perceives as infected. This means clients and potential customers will be turned away from your pages and discouraged from transacting business with your company. Users will be cautioned that interacting with your website could infect their systems with malicious software that steals information or otherwise harms their computers and networks.

Related: 12 Tips to Protect Your Company Website From Hackers

6. Your web host takes your site offline.

Most web hosts will notify you immediately via email when your site is removed from service. Assuming you haven't let your subscription expire, this is a protective action. If left online, a hacked website can spread malware to other servers and continue the chain reaction.

Tobi Abdulgafar

Founder of YourContentMart.

Tobi Abdulgafar is a writer, entrepreneur and founder of Your Content Mart, a content marketing company.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Business News

These Companies Offer the Best Work-Life Balance, According to Employees

The ranking is based on Glassdoor ratings and reviews.

Leadership

Why Your AI Strategy Will Fail Without the Right Talent in Place

Using fractional AI experts through specialized platforms allows companies to access top talent cost-effectively, drive innovation and scale agile strategies for growth.

Business News

Here's What the CPI Report Means for Your Wallet, According to JPMorgan and EY Experts

Most experts agree that there will be another rate cut next week.

Science & Technology

Use This Framework to Successfully Integrate AI Into Your Business Operations

Here's how to ensure both innovation and compliance when using AI in your organization.