Has my WordPress site – website been really hacked ?

If your WordPress website has been hacked, here is the how to know or have I been hacked checklist. Though there are many ways you can get to know it. Yet the prominent one is when the website is defaced. When you casually open your website, you would be shocked to see a different content rather than your actual website’s content. The hacker would have also left his signature saying “Hacked by xyz”. Worse, it could redirect to morally disagreeable websites. It is obvious that you’ve been hacked.

However, hackers are smart enough to keep you unaware about the hack and use your site as long as possible for their own purpose. Many a times they would cover up their tracks.

A quick checklist to know ‘have i been hacked’ that is if a website is hacked

• Defacing of a website. (as mentioned earlier)
• Redirection from your website to other random sites like pharmaceutical sites.
• Notification from search engines that the site has been hacked. For example, Google notifies with messages like “This site may harm your computer” in search list.
• Indication from the web browsers that your site has malware content.For example, when you check in Firefox or Chrome the browser may display “The site ahead contains malware in browser” or “Warning:Something’s not right here again” when a URL is opened.
• Unexplained big traffic, especially from other countries.

Few more tips and tricks to dig deeper to know ‘have i been hacked’

• Check if there is spam in your website’s header or footer which contains advertisements for pornography or other illegal aspects. Most of the times they will be injected into webpages as content with lesser visibility, so it might appear as a dark text on a dark background. (Search engines recognize them.)
• Search in Google as site:example.com (example.com can be replaced with your website address).You may see pages or contents that can be recognized as different from that of your site’s and would look malicious.
• You may receive reports from other users of your site, that they are being redirected to a malicious or a spam website.Pay keen attention to these because many hackers will detect that you are the site’s administrator. Therefore, the spam content is invisible to you but visible only to the website’s visitors or to the search engine crawlers.
• Keep track of your hosting company’s notifications. They will send notices about malicious or infected files.
• You can use Google’s safe browsing site status to check for vulnerabilities

But, how was my website hacked?

Some common loose ends hackers capitalize on to attack a website:
• Using weak passwords help them to guess it.
• Malware on the desktop or laptop we use, helps them to capture login credentials.
• Using outdated software helps them to find the security vulnerability. (especially outdated software).
• Using cheap hosting providers, as they won’t always have the right security practices and our website will often have risky and contagious neighbors on the same server.

You have been hacked – Taking a back up is the first aid. Know why?

Take a back up of your website immediately once you know it is hacked, for two reasons.

• The hacker may continue corrupting more files, so have a copy of your site at the earliest. Obviously, recovering files with minimal damage would be easier.
• In some cases the hosting provider may delete your files on knowing it is hacked, to avoid further access to their server by hackers. But this doesn’t apply true with most of the hosting companies. Instead they inform that certain files have been quarantined.

Use FTP, your hosting provider’s backup system or a backup plugin to download a copy of your entire website. Make sure you also back up your website’s database. Ensuring this priority task is done,you can be with a peace of mind that at least you have a copy of your hacked site and your loss will not keep increasing. As you have ensured that you have been hacked yet your data is safe, you can safely move on to recover and fix your WordPress site which is hacked.