Hacking: The term itself is enough to give website owners nightmares. Let’s say you have a website with thousands of posts along with hundreds of followers. Now imagine a situation where you wake up one day and login to your site only to find that it’s gone.

All your posts, images, your web pages all gone. Your years of hard work, your visitors all wiped away. And all that you can see is some random page on your site with the text “You Have Been Hacked”. This heart-dropping moment when you realize you’ve been hacked changes everything.

WPEngine Promo Discount Code Exclusive WPEngine Coupon Code for AlienWP Visitors!
Get 5 Months Free & 30% Off All Plans.
Click the coupon code to copy and open the link »

Click Here for Deal

While WordPress continues to dominate the world of blogging, it is not safe from the attention of the hackers. Through one way or another, hackers find a way to bypass the security of a site and wreak havoc on it. If you have a website, there is always a possibility of getting hacked. There are various attacks that can completely or partially paralyze your web site. Some of such attacks are:

  • Denial of Service
  • Local File Inclusion
  • Remote File Inclusion
  • Phishing
  • Cross Site Scripting(XSS)
  • Defacement
  • Shell Upload

Along with the ones mentioned above, there are new threats and attacks being developed almost daily. So if you want to protect your site against hacking attacks, you need to make sure that the security of your site is always up to date.

Signs That Indicate Your WordPress Site Is Hacked

Sometimes it is a bit difficult to determine whether your site is hacked or not. Hackers try their very best to hide all the traces of their hacking activities and to remain anonymous. A hacker may silently install some malware on your web server and you might not be even aware of it. So it is always advised to keep a suspicious eye on anything unusual that occurs on your site.

In this article, we will take a look at the 12 signs that indicate that your website has been hacked.

If you are worried about hacking on your WordPress website, make sure to read our WordPress security guide and take regular backups.

WordPress Security Guide

Your Website is Slow or Unresponsive

This is one of the primary symptoms that you should look out for. If your site takes more than usual time to load or it becomes unresponsive, possibilities are its hacked. This may be caused by a special type of an attack known as Denial of Service. Every website has a good chance of becoming the target of such an attack. This attack involves multiple servers and infected bots, which sends millions of requests to the server, using fake IP addresses. And when the server gets more requests than it can respond, it overloads. Due to this, the server fails to respond to the huge traffic and ultimately crashes.

Another reason could be that the hacker has added some code to your site that it has slowed down, this could be a script which subjects your visitors to malware with the intention of infecting their computer, rogue advertising, nefarious links to the hackers websites and so on.

Defaced HomePage or Change in the layout or design

A sudden change in the layout or design of your site out of nowhere is an indication that your site is hacked. Such changes may be a minor one or a major one.

A minor change such as the disappearance of one or two images may not indicate a hacked site, as some misplaced code or technical error may also be the reason behind it. However, if there are tons of images suddenly disappearing, or if you see weird images on your site then you could have been hacked.

Defaced Homepage

Another thing that indicates a hacked site is a defaced homepage. If your homepage is replaced by some other random page, posted by the hacker then it is a sure-fire indication that your site is hacked.

Unable to access the Admin page

If you are unable to access the admin page of your site, then there is a chance that hackers have found a way to your admin page and changed your login credentials. Once this happens, immediately analyze the situation and start taking security measures. Contact your hosting company to regain control of your site to prevent further damage.

Incorrect Login

Hackers often change the admin id and password once they are able to get access, locking the admin out of its own account. To make matters worse, they may even delete the entire user account. This poses a greater threat as now there is no way recover the account from its deleted.

Hackers use brute force attacks to guess passwords. And if you have a weak password set for your admin account, it will be easily hacked.

Unknown Files or Scripts on the Server

The presence of unwanted or suspicious looking JavaScript or other scripting files may indicate the presence of some malware on your site. You may be familiar with the various directories inside your web server. However, it may be a bit difficult to look around each and every file to find that malicious script.

Luckily there are tools that automate the task for you. If a hacker has planted some malicious files in your folder, then using tools such as Wordfence or Sucuri you can inspect all your files and activities. This application will alert you if they find anything suspicious on your server.

Wordfence WordPress Plugin

If you prefer manual searching be sure to look out for malicious files and scripts in the /wp-content/ folder.

Google also gives us a warning message if their crawling bots find something malicious in your code. So the next time, Google raises a warning sign, don’t take it lightly. Your site may be infected by some malware.

Sudden Traffic Drop

If your site is getting unusual dip or spike in its traffic, it may mean that your site is hacked. One reason why this might happen is because some hacker hacked into your site and redirected traffic away from your site, causing a dip in traffic.

There are many Trojans and other malware out there, which can hijack your traffic and redirect it to some malicious, spammy site. So when some user visits your site, they are taken away to some other spammy site, thus causing a dip in the traffic. This could also lead to potential loss of valuable visitors and customers on your site.

Another reason for getting fewer visitors is because Google blacklisted your site. In this case, Google displays a warning message to anyone trying to visit your site, stating that your site is infected with some kind of malware. Now of course, who would visit a site that is infected with a virus?

Bouncing of Emails

One of the worst indications of getting hacked is when your email starts bouncing or users are unable to send or receive emails from your site. This happens when a hacker breaks into your site and installs some malicious scripts that in-turn sends out thousands of spams emails from your site. As a result, people report your site as a spammy site with their email provider and soon you will find your site in the list of spam sites.

So the next time, you are unable to send or receive WordPress emails, there is a chance that your mail server is hacked and is used for sending spam emails.

Unwanted Pop-Up or Ads on your site

If you are seeing unwanted pop-ups on your site, that redirects to some other site being clicked, your site is hacked. These type of attacks are used to divert your traffic to some other illegal or spammy website by showing them attractive pop-ups. This is possible when some hacker has a backdoor installed on your server.

You might even receive a warning in your browser that the site has been hacked, in that case you will need to solve the problem and submit a re-inclusion request with Google.

Hacked Popup

Suspicious User Accounts

If your site has open registration and along with it if you don’t have any spam protection mechanism installed on your site, then having tons of spam accounts is not something to dread of. This is not a sign of getting hacked and you can simply delete those accounts from your site.

However, if you don’t have open registration yet you find multiple spam or suspicious accounts on your site then it is an indication that your site is hacked.

Take a deeper look at such accounts and try to find its allowed privileges. If such spam accounts have administrative privileges than you can confirm that your site is hacked. To make things even worse, sometimes such accounts are also very difficult to remove as they have got administrative privileges.

High BandWidth Usage

The amount of bandwidth used is determined by the traffic in your site and the number of emails being sent or received, among others. This does not cause a huge spike in your bandwidth. But if you find noticeable changes in your bandwidth, possibilities are that you have been hacked. The main reasons behind such bandwidth spike can be

  • Large files added to your site, which increases the amount of data downloaded every time you have a visitor.
  • The inclusion of malicious scripts on your server that sends out thousands of spam emails, adding up to your bandwidth usage.
  • Also if your site has been added to some network, it can lead to huge spikes in bandwidth.

This can happen very quickly and can even go unnoticed if you don’t keep an eye open for it.

Unusual Activity in your server logs

Server logs are mainly simple text files that keep the log of the various activities that are taking place on your web server. These files keep a record of all the errors that occur in your web server as well as all your internet traffic. These logs are available in your WordPress admin dashboard under Statistics.

If you find some unusual activity on your logs, such as huge traffic from a particular website or your site is making constant connections to some random IP address, it is a sign that your site is hacked or is in the verge of getting hacked.

Suspicious Scheduled Events

In certain cases, a hacker after hacking into your site won’t do any damages instantly. After gaining access to your site, he/she won’t do anything suspicious, rather they will schedule their malicious activities to take place sometime in the future.

In this technique, hackers exploit the CRON to run scheduled tasks on your server. Cron jobs are provided by a web server to allow users to run scheduled tasks like publishing scheduled tasks, deleting old comments from the server and so on.

This is very dangerous from the fact that it will leave an inexperienced web personnel clueless about what happened since the attack was scheduled for the future, long after the hacking took place.


Security is vital, particularly if you store any user information or sensitive data on your website. Most hacking attempts are moments of opportunity, automated, and impersonal. 51% of WordPress websites are hacked because of a theme or plugin, and 8% due to a weak password. The rest are often due to poor hosting security.

You can prevent your average attack by avoiding default credentials, enabling two-factor authentication, using Secure Socket Layers (SSL), and opting for a secure hosting server.

We hope this article was able to provide you with a brief insight on how to detect possible hacking activities. And even if your site is clean, we ask you not to take this for granted. Follow all security protocols to make sure that your site is best protected against any sort of hacking attacks. Remember “Prevention is better than Cure”.

Further Reading:

Author Info

  1. Thank you for listing all the major possibilities. Most users neglect these red flags and ultimately become a victim of cyber crimes.

  2. I was literally worried about hacking of my WordPress website: https://www.techmagnate.com/website-designing-development.html. Thank you for these tips.

  3. Amazing! thank you so much. you make us aware of risks.

Leave Your Thoughts

Your email address will not be published. Required fields are marked *