How to know if your WordPress website is hacked? Get the inside story

1
How to know if Your WordPress Website is Hacked?
Get the Inside Story
www.cgcolors.com
2
WordPress provides a simple way to create and
launch a website/ blog. It is an open source
content management system and powers over 43 of
the websites all over the Internet. Hackers
attack websites to retrieve valuable and
sensitive information, spread malware, spread
activism, etc.

Many websites lack basic security features like

• Multi-factor Authentication
• Absence of activity logs
• Strong password
• Updated plugins, firewalls, and software.
• Closed Backdoors
• Brute force login attempts
• Cross-site scripting

www.cgcolors.com
3
How to know if a WordPress Website is hacked?
As all hack jobs are different, some can be
easily identified while others make such subtle
changes that identification happens after it is
too late. So dont worry you can hire a wordpress
expert at different packages. Following tips and
symptoms can help to identify if the website has
been compromised
1- Warning is given by the browser
It is also known as the Red screen of Death and
can contain warnings depicting that the site may
be compromised. Sometimes, it could be due to
some source code alteration in the theme or
plugin. Other than this, this can be a
configuration issue with domain and SSL.
www.cgcolors.com
4
The instructions given with the warning can help
in diagnosing the problem and can recommend
possible solutions.
Some of these warnings are

• The site ahead contains malware
• Deceptive site ahead
• Phishing site ahead
• Dangerous tag in the URL bar
• This site has been reported as unsafe

• Website wont load and shows the following

• HTTP 500 Internal Server Error, 502 Bad Gateway
  Error, or 503 Service Unavailable

In some cases, the request to the server cannot
be fulfilled due to the installation of insecure
plugins, themes, or corrupted access files which
results in the
www.cgcolors.com
5
reception of 5XX errors. However, these errors
can also occur if the source code is modified

• 401 Unauthorized, 403 Forbidden, and Connection
  Refused by Host

These errors can arrive when the authentication
system has been compromised and the server denies
the request. These can be viewed in the HTML
preview section or the browser.

• Credentials compromised and login denied on
  WordPress dashboard

Users are not able to login into the dashboard
with the present credentials and the security
questions may be changed. This may result in
disabling the website from the hosting server.
www.cgcolors.com
6

• Malware Warning Message

Warning message prompts while searching for the
site on Google or attempting to load the
site. Google Safe Browsing Add-on will identify
the potential threats and inform the user to take
corrective actions to help with the Engineering
attacks.

• Weird changes appearing on the site

• Website Defaced/Vandalized

Some hackers try to deface the website by
concealing it with another web page to make users
see that the website has been hacked. This can
simply reduce the population on the website.
www.cgcolors.com
7

• New Content Added

Unauthorized new content or misleading
information found on the website.

• Contact and Information Updated

Some hackers change important information like
payment details, contact information, etc. to
redirect money and important information to their
accounts.

• Spam Popups Ads and compromised links

Links on the site are directing users to
suspicious websites and attempting malware.
Hackers use websites to embed malicious ads or
bad links that may cause the installation of
malware into the client systems. This malware is
not easy to detect but their action may redirect
the client to suspicious websites or links.
www.cgcolors.com
8

• Unusual activity on website source code

• Unknown scripts and Plugins added to the site

Recently added source code or unusual plugins
installed may compromise the integrity and
security of the website. These changes can easily
be reflected in the control panel of WordPress.

• Suspicious scheduled tasks

Web servers allow users to set up cron jobs that
help to schedule jobs. WordPress itself uses cron
jobs to set up scheduled tasks like publishing
posts, deleting archive data from trash, and so
on. A hacker can use this feature and exploit
cron jobs to run unwanted scheduled tasks on the
server.
www.cgcolors.com
9

• Unexpected File Changes

Hackers may also change or modify core WordPress
files and can create files with names similar to
WordPress core files. WordPress security plugin
enables monitoring the health of WP core file

• Customers contacting about unauthorized charges
  or fraud

If users complain about fraud while visiting the
website and if the number of complaints is
unusual then chances are that the website has
been hacked and compromised to exploit finances.
www.cgcolors.com
10

• New, unfamiliar user accounts or FTP/SFTP
  credentials

• Unable to Login into WordPress

Locked out of the WordPress user account as the
username and password have been hacked and the
recovery details have been changed

• Suspicious User/Email Accounts

New user accounts are added in the control panel
with some access that may have the authority to
make changes to the site.

• Red Flags shared by a security plugin

If a good and reliable security plugin is
installed inside the WordPress panel, it will
send some red flags that may show an alert for a
website being hacked
www.cgcolors.com
11

• Sudden drop/spike in website traffic

Receiving notifications for sudden drops in the
web traffic despite other websites working
properly. The latest traffic can be reflected in
the analytical report. It may indicate the site
has been compromised.

• Downtime Monitoring

A sudden drop in performance on the site it
loads very slowly or reports timeout errors.
How to prevent a WordPress site from getting
hacked
1- Upgrade to the latest version 2- Security
Plugins
www.cgcolors.com
12
3- Create a regular backup 4- Protected access to
WordPress admin 5- Using strong passwords 6-
Secure hosting 7- Assigning file
permissions Originally Published at
https//www.cgcolors.com
www.cgcolors.com
13
www.cgcolors.com