How To Tell If You Have Been Hacked Using Scanners, Tools, Website Monitoring, & More

“Your website has been hacked.” Site owners take great pains to avoid having to hear those words, but their efforts don’t always keep them from coming.

Hackers are resourceful. They’re constantly changing the way they try to penetrate secure accounts and WordPress websites — and they’ll keep trying until they’re successful.

Most WordPress users take security seriously, but still don’t have the time to constantly monitor their sites. Not even the most vigilant system admin, for that matter, can stay on top of WordPress security every hour of the day.

It’s difficult to know with certainty the total number of WordPress websites that are hacked, but the work of the security firm Sucuri gives a good indication that many are breached.

In the first three months of 2016, Sucuri investigated 11,485 compromised sites and 78% were powered by WordPress.

Odds are your clients’ WordPress websites will be hit by a hacker. Unfortunately, a successful attack isn’t always obvious. A hacker can infect your clients’ WordPress websites with malware and the site will, in turn, spread that infection to other users and servers. Here are a few ways you can ascertain if your clients’ websites have been hacked and what you can do about it.

Be Wary of Spikes to WordPress Websites

A sure sign their site has been hacked is unusual activity such as a traffic spike. For example, if a four-year-old post for a topic that’s no longer relevant suddenly has a lot of views, hackers might be eyeing your client’s WordPress website.

You can just about confirm that hackers are lurking by looking at the WordPress dashboard statistics and seeing where visitors are. A spike in views from Russia, Turkey, China, and other countries where hackers operate are solid evidence that the site is being targeted — especially if the site offers services or advice that only has a local flavor.

Google Lends a Hand

Google Webmaster Tools helps beginners and advanced users monitor the health of their sites, and it walks them through steps to remedy hacks, including how-to advice or a suggestion to seek a professional’s aid. On a basic level, Google also flags websites that are being targeted by hacker bots and will flash a warning box to you and site visitors that the site has been infected with malware or is being used for phishing attacks. Unfortunately, a warning from Google will scare away visitors and quickly prompt them to avoid your client’s site at all costs. In the long run, though, a decrease in traffic should protect visitors. Once the site is safe and sound you can use email, social media and other means to get the word out that visiting can commence.

Review Site Files

As a developer of your clients’ site, you can be proactive and watch the code of the WordPress website. PHP files in the theme, the .htaccess file, and extra files in the WordPress home directory are all places you can find hacked code. You’re essentially looking for “hidden” code in PHP files, meaning anything you don’t recognize is probably the work of a hacker. Also search for redirect rules to unfamiliar domains in .htaccess file, and manually eyeball extra files in the home directory.

Use a Source Code Scanner

If you’re not proficient with code or can’t take the time to review all of your clients’ files, use a source code malware scanner such as Wordfence to learn if the site is hacked. A scanner will systematically inspect all of the PHP and other source code for malware patterns and signatures, and will send alerts if the site has been compromised. Wordfence also looks for malware patterns by comparing the WordPress core, theme, and plugin source code against a known, uncorrupted version of the same files.

Professional Monitoring

A monitoring service will, as the name implies, monitor your clients’ WordPress websites. Services such as Sucuri, WP VIP Services, and WordPress Monitoring look for changes to pages, measuring by a scale of percentage points. The service will alert the administrator to any conceivable change. A hosting service (we humbly recommend our WordPress Managed Hosting) goes a step further and safeguards the site by keeping on top of the latest tricks of a hacker’s trade and learning more about the global hacks affecting many of its customers.

If You’re Hacked, Go to a Professional

The first step is discovering the site has been hacked – and the above tips provide you with the knowledge to do that, but the second step is figuring out how to fix it. Unless you’re super proficient in not just code but also SSH/shell administrator access, database access, SQL knowledge, and all other technical matters – it’s best to leave heavy hacking cleanup duties to a professional. Every hacking situation is unique and complex. We recommend you rely on a professional to quickly get you out of the woods.

Want WordPress without the hassle? Check out WordPress Without Limits, a managed WordPress solution, with one-click staging, one-click backup restoration, automatic updates, automatic backups, and free SSL.