“How do I know if my WordPress website has been hacked?”

This is one common question many website owners ask, as many are not aware of how to check if their site has been hacked.

WordPress sites are among the favorite sites of hackers, and they never miss an opportunity to exploit vulnerabilities in these websites. There are quite a few telltale signs of a hacked website. Such signs will help you know whether your site has been hacked.

This article includes a list of signs that your WordPress website is hacked and ways to fix it.

Signs Your WordPress Website Has Been Hacked

1. Drop in Website Traffic

A sudden drop in traffic is the most common sign website owners experience when their sites get hacked. You will notice that your site’s traffic has significantly dropped when you go through your Google Analytics report. If you see a sudden drop, then it could most likely be a sign that hackers have got their hands on your website.

A sudden drop in traffic could be because of the malware present on your website, which redirects new visitors to your website to fraudulent websites run by cybercriminals.

Moreover, search engines like Google display warnings on websites that are unsafe. If your site has been hacked, Google’s safe browsing tool might have displayed warnings that your website is unsafe, as a result of which you might be losing new visitors to your site.

Several websites are being blacklisted by Google for phishing and malware on a regular basis. To make sure your site is not blacklisted by Google, it is important to make sure your website is secure and focus more on WordPress security.

2. Malicious Links Added to Your Website

Data injection is another common sign of a hacked WordPress website. Cybercriminals will add links to fraudulent websites on your website, especially on the footer, by creating a backdoor on your site and modifying your WordPress database and files. Though most spammy links are found in the footer, they can be found anywhere on the site. You can delete such links as and when you find them, but you might keep finding new links, and deleting links does not mean they will not come back. You have to find the way through which hackers entered your website and fix the issue. 

3. Defaced Home Page

When you see that the home page or the layout of your website has been defaced, you must understand that your website has been hacked. This is one of the clearest and most visible signs of a hacked website. In most cases, hackers do not deface websites so that they can carry out their hacking attempts hideously. They deface websites only when they want to let the website owners know that they have hacked the site. In most cases, they will display their message on your homepage. They do so to extort money or to ruin the reputation of your business.

4. Unable to Login to Your WordPress Site

When a hacker gets his/her hands on your website, they could lock you out of your website and make it impossible for you to log in to your WordPress site. If you are unable to log in to your admin account, you have to understand that cybercriminals have hacked your website. They might have either changed your login credentials or deleted your entire admin account. If your account has been deleted, you may not be able to reset your admin password. You can add an admin account via FTP or phpMyAdmin, but you must take the required security measures to safeguard your website immediately. You can get in touch with your hosting provider to gain control of your website and secure it.

To prevent hackers from guessing your password and usernames, it is wise to use strong passwords, as sites with weak passwords are easily attacked by hackers.

5. Slow and Unresponsive Website

If you notice that your website is slower than usual or if it is unresponsive, it could be a symptom of a hacked website. Attackers carry out DDoS attacks on almost all websites on the internet. They use fake IP addresses from different locations to carry out DDoS attacks. This attack could result in hackers sending too many requests to your server, which will result in slowing down your website or making it unresponsive. They could also use DDoS attacks to gain access to your website.

If you believe that your site has become a victim of DDoS attacks, you can check server logs to block IP addresses that are sending too many requests to your server.

6. Suspicious User Accounts in WordPress

If you allow user registration, you will definitely see a log of spammy accounts. You can easily delete all those accounts using your admin privileges. But if you have blocked user registration and still if you see several spammy user accounts, it could be because your site has been hacked.

In most cases, such spammy accounts will have admin privileges, and you may not be able to delete such accounts from your site.

7. Unusual Activity in Server Logs

Server logs will keep a log of all the errors that occur on your servers and will also keep a record of your internet traffic. You can find your website’s server logs in the admin dashboard under Statistics. If your website has been hacked, you will see unusual activity on the server logs, which will help you understand what is happening to your website when it is under attack.

Server logs will include server errors that could result in making your website unresponsive.  If you see fake IP addresses used to access your WordPress site on the server logs, you can block them.

8. Unable to Send or Receive WordPress Emails

The inability to send and receive emails from your WordPress website indicates that your site’s mail servers have been hacked. This will happen when hackers gain access to your website and install malicious code, which results in sending out spammy emails from your website. This will, in turn, result in many people reporting your website as fraudulent website. This could be the reason why you are unable to send or receive emails from your site.

9. Irrelevant Pop-ups or Ads on Your Website

Spammy ads and unwanted pop-ups on your website indicate that your site has been hacked. Hackers could place irrelevant ads and redirect users to their spammy sites to make money. Such ads might be visible to new website visitors and not to logged-in users. When a new visitor visits your website from a search engine, spammy pop-up ads could open in a new window. This way, hackers redirect users from your site to another fraudulent site they created. Hackers use backdoors they installed on your server to carry out such attacks. At times, your browser might display a warning that your site has been hacked. In such cases, you will need to act immediately and fix the issue. You can then submit a re-inclusion request, requesting Google to review your site again.

10. Modified Core WordPress Files

When hackers get their hands on your site, they could most likely change or modify core WordPress files. If you happen to notice that your core WordPress files have been modified, it could be a sign that your site has been hacked. Hackers could either replace your code with their own code or create new files similar to what you have created.

WordPress security plugins like Sucuri Security will help you identify such files and keep track of the overall health of your core WordPress files. Likewise, you can also manually check your files for any changes and for suspicious files from time to time.

Fixing a Hacked WordPress Website

It may not be an easy task to manually fix a hacked website. It is recommended to raise a ticket and let your hosting provider know that your site has been hacked. If you are using a good hosting provider, it will help you clean up your website. You can also go for WordPress security plugins like Sucuri to secure your website. Such tools will continuously monitor your website and block attacks. If your site gets hacked, this tool will clean up your WordPress site.

To make sure your site does not get hacked, make sure you keep it updated. Likewise, remove unused plugins and themes and update themes and plugins whenever there is an update available. Make sure your site’s SSL certificate is active. Using strong admin passwords and unique usernames are other ways to make sure third parties do not get their hands on your user name and passwords, through which they gain access to your site. Give access to important files only to a few users who really need access to them. Likewise, visit your website often to see if there are any changes to the home pages or the layout.


Hackers target almost all websites on the internet, and WordPress sites are among their favorites. To prevent cybercriminals from hacking your website and stealing important information, you need to focus on strengthening the security of your website. In most cases, WordPress sites that have older versions of plugins and themes and the ones that have not been updated are easily hacked. Having strong passwords and keeping your site updated are a few ways to keep your site secure. We hope this article helped you understand how to detect hacking attempts. Even if your site has not been hacked, take the required measures to keep it secure.


Welcome to Savvy Security, a blog focused on providing practical cybersecurity advice for website owners and small businesses. Our team brings you the latest news, best practices and tips you can use to protect your business...without a multi-million dollar budget or 24/7 security teams.