Web is huge, the number of websites is growing everyday. More than 1 website on 4 is running WordPress, this is also growing.
Badly, the number of WordPress hacked website is increasing everyday, even if you’re not using WordPress in fact …
Did you know that every second in the world, a website is hacked?* And even if nobody wants that, keep in mind that any website can become the target of attacks.
You just need a blog, a e-commerce, a showcase, a corporate, you have to check your six to avoid strange behaviors.
10 points to keep an eye on to avoid having a WordPress hacked website
Your homepage has been defaced
Your website can be unrecognizable, a black page, with red or lime messages, with pictures out of usual context.
Or it can still be your website, but with ads where you didn’t want to, with unexpected popups or even bad links in your footer.
You got a traffic spike, sometimes on unknown pages
Once a WordPress is hacked, the attacker will use it to spread his contents. It can be viruses hosted on your website or phishing pages.
This contents will be sent by spam all over the world, and each person that will click on it will trigger an unexpected visit.
Your website is redirecting visitors on other ones
Sometimes it only happens from search engines, or from a mobile, or when you click on a link. This is not a normal behavior for your website.
This means that scripts had took your website in their hands to steal your traffic on their owns.
Your search engine results are showing strange contents
After that attackers succeed to insert their contents, in the front-end, your WordPress is hacked, it’s a fact. Search engines will index those new contents in place of your real ones.
Now you should find different results like modified titles, contents and links totally off topic.
You cannot sent or receive emails
One of the services the most used by attackers when a WordPress is hacked is the mailing one. Indeed, they will use all the available resources to spam from your server.
These resources will drop, or your hosting will put your website offline to protect themself.
Your website contains new files and folders
Attackers can sometimes add folders containing mini website in your site. This allows them to create phishing pages.
A WordPress hacked website become the source of phishings, sent by spams.
These files and folders are visible from a FTP software for example.
Your website has new members
If you receive an email telling your that a new user has been added, but you’re the only one capable of that, be sure that you got a WordPress hacked website.
If some other people can add users, check with them to be sure, and if your website is open to free registration, check the role of this new user to avoid new administrators.
Your browser is showing a red page when you visit your own site
This clearly means that your own a WordPress hacked website from some time because it’s already blacklisted. The procedure to remove it is long and hard.
If a client or a visitor is telling you that something is wrong on your pages, check as soon as possible, the more you wait, the worst.
Your malware scanner is alerting you
If you’re using the SecuPress malware scanner, when a file contains malicious code, it will be detected and you will be alerted by email, SMS or notification about this virus.
You can now react fast before your WordPress is hacked and blacklisted.
Your file monitor is alerting you
Same, if you’re using the file monitor module from SecuPress, you will be alerted when a file or folder is added to your website.
The goal of these alerts is to gain time to react fast.
How to monitor your website
If one of those points already happened to you, I think there is a lack of vigilance. Here’s how to monitor before your WordPress is hacked.
Visit your own site often
Check yourself that your website is working well and the contents are good.
Do a search about your website
Use your favorite search engine to check if it’s still there, with correct title and contents.
Keep an eye on traffic
Use a statistics tool to check that the requested pages are yours, known from you, and the number is expected.
We can’t always be on alert to check the previous points, this is why it could be awesome to count on a solution that will do that for you.
SecuPress contains a malware scanner and a file monitor tool. Moreover, with the alerts module, you will stay advised quickly from any modification.
You can also schedule all the tasks and continue to sleep well.