The recent spike in WordPress website hacks and insidious malware probably has you wondering: Has my website been hacked? Here's how to tell.
You’re probably here because you’ve noticed something wrong with your website, or maybe you’ve heard of all the recent WordPress website hacks and want to know if your site has been compromised.
Either way, it’s good that you’re here to find out if your website has been hacked so you can clean it up and keep it secure.
A secure site is important not just because the costs of a hacked website are high for you, but also because we have an obligation as website owners to protect our web community from the risk of attack. Leaving our websites vulnerable puts everyone at risk as malware sometimes uses your site to attack others.
Before we onboard new clients to our WordPress Support Plan, we perform a health check on their website to diagnose and remove any malware. We’ve seen a lot of messy environments and are here to help you answer the question: Has my website been hacked?
To do that, we asked WhatArmy Service Director Chad Lord for the signs of a hacked website, how you can check your site for malware and more.
Q&A with WhatArmy Service Director Chad Lord
What are the most common signs that your website has been hacked?
Chad: You often won’t know it until it is too late because files will be planted and not actually used for a long time. It completely depends on what your site is being used for. Sometimes people just want to be able to use your site if they need to.
Unfortunately, the most common sign that your website has been hacked is when it shows up on a blacklist, you’re having email problems, or your email is being filtered.
What are some other signs of a website hack?
Chad: Slowness, minor broken items on the site and non-delivery notifications in your email are other common signs of a hacked website.
How can you check your site to make sure it hasn’t been hacked?
Chad: Use a security scanner like Sucuri. But, as with most things, prevention is the best policy.
What about WP Engine or managed hosting providers? Do they protect your website from being hacked?
Chad: WP Engine will make sure that your hosting environment and WordPress are up to date. They also will force removal of plugins that have known security flaws. Plugins are where most issues begin, and hosting providers like WP Engine do not update plugins.
Determining If Your Website’s Been Hacked
Use a security scanner to determine if your website’s been hacked; however, even Sucuri warns that “Although we do our best to provide the best results, 100% accuracy is not realistic, and not guaranteed.” Feel free to contact us for a more thorough evaluation of your site.
If your website has been hacked, you can try cleaning it up yourself or contact us for help – usually about 4 to 6 hours of work.
Once your website is clean and secure, put a plan in place to keep it that way. Your website support plan should include:
- Obtaining secure hosting
- Regularly backing up your site and database
- Regularly updating WordPress and your plugins
- Regular security scanning
- Monitoring website functionality daily
- Website performance testing
As Chad pointed out earlier, prevention is the best policy.
Download our Website Management Checklist for more help setting up your own website support plan, or contact WhatArmy to learn more about our WordPress Support Plan.