Signs your WordPress website is hacked
Thousands of websites are getting hacked every day, and new malware spreads rapidly amongst unprotected sites.
That first sentence is not meant to scare you, but to make you pay attention. If you run a WordPress website you need to be aware of how to protect your website. WordPress is not immune to attacks.
If you don’t already check your website regularly, consider checking your website after you finish reading this article.
Table of Contents
Stealthy malware and attacks
WordPress is a very popular platform, powering over a quarter of the top most visited websites and every day thousands of new WordPress based websites are launched.
WordPress targeted attacks come in all shapes and forms these days, and the speed of new bugs and vulnerabilities does not seem to slow down.
The more aggressive attacks give away more or less immediately by showing massive ads and popups, but not all.
Some of the most aggressive attacks simply change the site URL of your website so every visitor is sent to a scam or virus filled website. Until it gets reported of course, or the website owner or administrator notices the change.
This form of attack is quite obvious and easy to detect, but most attacks are more subtle than that so they do not give the game away too quickly.
Note – The most obvious attack redirects everyone, but more stealthy attacks will not do anything if the script detects the visitor is an administrator, and only redirect regular visitors – making it a bit harder to detect an infection.
Not all malware or virus is easy to detect
Some malware will install malicious javascript code to mine bitcoin in your site or try to infect visitors or other websites – spreading their code. Other malicious code might act as a flexible tool, able to execute many different kinds of actions, even attacks on other websites.
Other kinds of malware are created with different goals in mind. Let’s take a look at some of the types of malware you can encounter.
We build and sell the plugin here, so we might be a little biased – but we think it is a great solution for protecting your website 🙂
But why me? You might wonder why your website was targeted by a hacker. It wasn’t. Or rather, your website was not targeted specifically by a hacker, it was targeted due to a script made by a hacker.
These hackers will not try to attack websites one by one, that is way too time-consuming. Being specifically targeted is usually only something you should worry about in a huge company or if you sell something that makes you a target for extremists.
However, once your website is online, there are automated systems that take your new website and put it on a list – waiting for it to be scanned for vulnerabilities.
This is where your website will start getting a lot of probing requests, the automated scripts are testing for specific errors or plugins that the script knows allows for a way into your website.
Let’s take a look at some of the reasons a hacker wants your website.
Common kinds of malware attacks
- Redirects to spammy sites – that contains different types of viruses or trojans to attack your computer.
- Backdoor attacks – trying to get into your website, to gain control for later.
- Drive-by downloads – that will install software on your visitor’s computer, spreading even further.
- “Pharma hacks” – Adds links to vendors of illegal drugs online, trying to boost their ranking quickly.
Someone who is familiar with a hosting environment can manually clean his website from malware. Here is a WordPress malware removal guide that will help go through this process.
Links injection for SEO
Did you find an infection on your website pointing to some very questionable websites? Some successful hacks will inject HTML code in your page, including links to pharmaceutical sites. These links are helpful to promote any malicious website.
There is little or no long-term value in these links, but that does not matter to the people promoting whatever product on the malicious website, they have thousands of other sites that link to them, it is a matter of volume and getting a lot of sales before Google or anyone else notices something is wrong.
Since your website is now linking to spammy or dangerous websites, your website will be penalized or completely blocked by Google. This will force your SEO rankings to plummet and eventually disappear.
Google is not interested in sending their users to your website if it contains bad links or malicious code. Many online stores depend entirely or predominantly from organic SEO traffic, so keeping your website secure is of extreme importance.
This is in itself a problem, but the business cost increases if you rely a lot on organic search engine traffic – SEO.
Cleaning up a hacked WordPress website
A website I was hired to disinfect years ago and the infestation was fortunately benign as such. This hack was only inserting links to spam websites, selling a couple of different pharmaceutical products.
This infection was pretty sneaky however and used obfuscated code that detected the Google bot crawler and only showed the links to Google, and hid them from anyone else, logged in or not.
This not only puts you in a bad position SEO wise because you are linking to some bad websites. Your hacked website is also doing what is called cloaking, by showing different content to different visitors.
Cloaking is something that is considered a violation of Googles Webmaster Guidelines, but fortunately, Google is aware it is a common tactic for hackers.
It is not uncommon for a hacker to use cloaking technology to make the website hack harder to detect
Read more here: Cloaking – Google Search Console Help.
You would only detect these links if you crawl your own site with a crawler emulating the Google bot, or you have set up an external monitoring service to monitor server and website changes.
Malware attacks hurt your SEO work
All major search engines have tools that identify websites that are hacked or intentionally try to do harm and block you from visiting these sites.
The Chrome browser by Google Here is Google’s support page about the feature – Manage warnings about unsafe sites
Google actually warns hacked website owners
If you are signed up with Google Search Console and have verified your site, you will get an automated notification email from Google if they detect you have been hacked or have malicious scripts running on your website.
In case you are not, Google will still try emailing various usual domain administrator emails, such as contact@, info@ or admin@ and so on.
This is a great tool to fix bugs and you can use the tips from Google themselves to improve your website.
Google also provides great advice on how to find and clean your website after a malware attack, and also how to request a malware review by Google. This is the fastest way to get back your search engine traffic.
You should not rely only on Google though, check out this article for telltale signs your website has been hacked.
Malware hurts website owners
This will have a significant impact on your SEO efforts, as Google naturally does not want to send their users to malware- or otherwise infected website.
It is not impossible to regain your SEO positions again, but it will take time and require technical skill. If you are not used to working with SEO, there is a lot of things to learn, and it will take time to gain any position back in Google for your most valuable keywords.
The alternative is to hire an SEO expert to help you but anyone experienced enough to deal with a WordPress website hack will not be cheap. You could try it yourself, but as anyone just starting with SEO will tell you, it can become quite complicated very quickly.
You will lose a lot of customer trust as well if your website has been hacked and it can take a long time to get back.
You will lose customers
Attacks are happening more and more often, so it is no longer a huge deal for customers when a website is hacked. That being said, some customers will want to look for an alternative company and some new customers might refrain from buying from a website that has been hacked.
Fortunately, or rather, unfortunately – these days getting hacked is not that uncommon, so this has much less impact on your business than it would have 10 years ago.
Website monitoring services can help
Companies who care a lot about their website have monitoring systems in place or outsource maintaining their website.
If you do not have someone or something monitoring your website, you might not notice the website directing visitors to a different website for some hours, even a day or two.
Prevent WordPress website hacks
Prevent being attacked, to begin with, is always the best approach.
We build and recommend the Security Ninja plugin, it protects you from hackers and automated scripts, it also comes with tools to detect infections and tools to remove malicious scripts.
Use strong passwords
Take a look 10 Password Management Tips to Help Safeguard Your Website as a good place to start for making sure it is not your weak password that was the reason for getting your website hacked.
Make sure your web host is secure and proactive
Not every web host is the same, some simply do not have the support staff to keep their servers secure and focus their you might be tempted to go for a cheaper solution but if you want to ensure your website is properly protected check out some of our tips for choosing a secure WordPress host.
We recommend our own WordPress security plugin, Security Ninja Pro. With this plugin, you get a lot of protection and tools to disinfect your website should the worst happen.
Check out our FREE Security Ninja WordPress plugin for a full WordPress security check – test for 50+ security issues in less than a minute.
