What's WP
Find Everything Related to WordPress - Best Tutoriasl on WordPress!
Key Signs That Your WordPress Site Has Been Hacked

Key Signs That Your WordPress Site Has Been Hacked

WordPress is one of the most widely used content management systems in the market. So there is no surprise that attackers take WordPress sites as an aggressive target. Across the globe, more than 130,000 WordPress sites are being attacked per minute. In this article, we will show you the key signs that your WordPress site has been hacked.

It is unwise to take for granted that your WordPress site has nothing to do with malicious attacks. The truth is, your WordPress site is likely to be attacked due to hosting breaches, insecure plugins, weak passwords, and more. No matter how secure your WordPress site seems to be, hackers can find a way to attack your website.

In the event that a malicious attack happens to your WordPress site, you have the need to identify your situation and find a solution in a shortest time. Therefore, we make a list of the key signs for your convenience to identify the situation.

1. Sudden Drop in Website Traffic

Google Analytics is a useful tool to check your traffic stats. When taking a close look at the reports, you may notice a sudden drop in traffic. In this case, an attention should be paid to your WordPress security.

Hacked WordPress - Sudden Traffic Drop

Malware and trojans prefer hijacking website traffic and redirecting it to spammy websites. However, there are some instances where logged in users won’t be redirected, which takes you a longer time to notice the malicious deeds.

Also, Google’s safe browsing tool can be the reason for the sudden drop in traffic. Users might be warned not to visit your website with a lack of security. It is recorded that almost 20,000 new websites are on the Google blacklists per week.

2. Inability to Login

The inability to log into dashboard is one of the key signs among hacked websites. This may be because you don’t know the changed passwords. Sometimes, hackers should be the sinners for the changed passwords.

Hacked WordPress - Inability to Login

Another reason may lie in the admin account which has been deleted from WordPress. Thus from the login page is no way to reset your password due to the non-existence account. In fact, adding an admin account can be possible with the use of phpMyAdmin or FTP client. However, you should also have a clear idea how your website has been hacked to avoid the reoccurrence of this situation.

3. Unwarranted Content

With the creation of a backdoor on your WordPress site, hackers will have access to your files and database. Then they have the ability to add following things to your WordPress site: such as, numerous invisible codes which can be detected by Google, bad links in the footer file or anywhere, and new bad content. But unwarranted content would be invisible so that you might know nothing about this for a while.

To solve the data infection, there is the need to find and fix the backdoor. After all, deleting the unwarranted content cannot protect your website from the repeated situation.

4. Defaced Homepage

Some intruders try to keep secret the fact that your WordPress site has been attacked. However, others love to announce that your website experienced an attack. Even, they will extort money from you to restore the normal function. One of the most obvious ways, hackers often think, is to deface your WordPress homepage.

Hacked WordPress - Defaced Homepage

5. Suspicious User Accounts

Hackers attacked your website are likely to create spam user accounts. With the support of user registration and without the use of any spam registration protection, you can easily delete suspicious user accounts like common spams. However, suspicious user accounts can be the signs to identify hacked WordPress sites if you don’t allow user registration.

During the process to fix this, you will have trouble deleting suspicious user accounts with the administrator user role.

6. Email Issues

Once attacked, your mail server will probably be the source of spam emails. Free email accounts are often a common feature with a WordPress web host. Therefore, most of you send WordPress emails via the mail server.

Hacked WordPress - Email Issues

When encountering the failure to send or receive WordPress emails, you can doubt whether your mail server has been attacked.

7. Incorrect Meta in Search Results

From your WordPress dashboard, everything seems to work as usual. Through the manual search to your website content, however, strange title and incorrect meta description will show on the search results. This could be because hackers have invited themselves into your website and injected malicious code into the backend. But the damage is only visible to search engines.

8. Slow and Unresponsive WordPress Site

On the internet, each website can be a victim of service attacks. With the use of fake ips, attackers either send too many requests or try to break into your WordPress site.

These activities will slow down your WordPress site and even make it unresponsive. Your server logs should be checked to find the suspicious ips and block them. Ips sending too many requests should draw your special attention.

Hacked WordPress - Slow Speed

There is also a great possibility that your WordPress site is just slow without being hacked. If so, you are advised to read our guidance on how to reduce server response time.

Wrap Up

Restoring a hacked website can be quite troublesome. With the goal to clean up your database, many detailed methods and tips are available from our guide on how to fix a hacked WordPress site.


Zoe is a freelance writer who has a deep knowledge about WordPress. She loves everything related to website building and loves to share her experience with people all over all the world. In the daily life, Zoe loves detective novels as it can train her logical thinking and creativity.