WordPress is the foundation of a large chunk of the web, which makes it an obvious target for criminals and hackers. If attackers find a vulnerability in WordPress, they have a key that opens millions of websites.
Each WordPress site represents processing power, bandwidth, and a potential audience, all of which are useful to criminals.
And because WordPress tends to be used by less technically able users who may not
appreciate the importance of choosing a good password or regularly updating their content
management system, it’s a good bet that a significant proportion of WordPress sites are easy pickings.
All of this means that WordPress site owners need to be aware of what a hacked WordPress
site looks like. Hackers use bots to scour the web for vulnerable sites, and, over its lifetime, the average WordPress site will be targeted dozens of times.
If you’re unlucky or careless about security, your site may well be hacked at some point. You’re unlikely to know about it until it’s too late — hackers are sneaky and they go to great lengths to ensure that no-one, and especially not the site’s administrators, discovers that the site has been compromised.
Nevertheless, there are numerous tell-tale signs that all is not well.
Google Tells Your Users The Site Is Hacked
It’s unfortunately often the case that owners of compromised sites discover there’s a problem because their users are informed by Google Chrome or another web browser.
Google carries out frequent malware scans of the sites in its index, and if it finds that a site has been compromised and is serving malware, it will display a prominent warning to visitors.
From your perspective, the site may look perfectly fine, but Googlebot and ordinary users
probably see something different to what you — as a logged-in administrator — can see.
Increased Resource Use Hackers target websites for various purposes: sending spam email, distributing malware, carrying out DDoS attacks, and so on. All require bandwidth and processing power.
If your site’s resource use suddenly skyrockets without an obvious reason, there’s a good
chance it’s being used by a malicious third-party.
Odd Search Engine Results
Black hat search engine optimizers use hacked sites for backlinks and to spam search engine results. A hacker may add lots of keyword-stuffed pages to your site in the hope of attracting traffic and sending it to their domain. The pages won’t be visible to logged-in users, but they may be visible to everyone else.
Unusual Redirects
If your site has a decent-sized audience, the attackers may redirect visitors to sites they control, often spam advertising sites or sites loaded with malware.
If your users report anomalous redirects to other sites, it’s a strong indicator that your
WordPress site has been compromised.
Altered Files
If hackers are to do anything useful with a compromised site, they have to make some
alterations to its files, usually by adding PHP or JavaScript files that make the site do what they want.
WordPress Security Plugins
As you can see, there are lots of ways you could find out that your site has been compromised, but the signs are obscure and, in all likelihood, you won’t notice anything at all until it’s too late.
WordPress plugins like Sucuri Security and Wordfence are designed to make it easier for you to find and fight attacks. Both include Web Application Firewalls, malware scanners, and file integrity monitoring tools that actively analyze a site for signs of attack and compromise.
WordPress is a fantastic content management system, and with a little care, it’s as secure as could be hoped for. But in the hostile environment of the web, you need to be on your guard.
About the Author
Graeme Caldwell — Graeme works as an inbound marketer for Nexcess, a leading provider of Magento and WordPress hosting. Follow Nexcess on Twitter at @nexcess, Like them on Facebook and check out their tech/hosting blog, http://blog.nexcess.net/.
