Is My Site Hacked? How to Check If Your Website Has Been Hacked
We wish we could tell you there’s nothing to worry about, but the truth is it’s likely your website is hacked.
Moreover, it’s possible that your website has been infected long enough for browsers like Google and hosting providers to notice.
When your site is under attack, hackers can cause considerable damage. They install malware like favicon.ico virus and run malicious activities like displaying spam ads and redirecting your visitors to unknown sites. This slows down your website, and worse, it gets you suspended by your host and blacklisted by Google.
But don’t worry. You can fix your site. The first thing to do is to calm down if you are panicking. In this article, we’ll first show you the most effective ways of identifying if your website is hacked. We’ll also guide you through cleaning up the hack and restoring your site back to normal.
TL;DR: Weird stuff on your website is never a good sign. Scan your website for free with MalCare to figure out if you have been hacked.
How To Check If My Site Is Hacked?
We can safely assume that if you’re reading this, you’ve probably already noticed something wrong with your website.
You may be seeing some classic signs of a hacked site:
- Popups on websites that weren’t created by you or your team.
- Your website redirects to an unknown site.
- Spam links or Spam ads on your website displaying adult content, drugs, gambling, or any illegal activities.
- Your site is ranking for spam keywords like Japanese characters in google search results.
- Your visitors are being blocked by a Google warnings such as ‘Site ahead contains malware, deceptive site ahead, this site may be hacked .
- You’ve received an email from your web host that your site has malware present on it.
These signs are indicative of a hack, but there is a tiny possibility of a false alarm. The best thing to do is confirm an infection, and then deal with it.
The easiest and most efficient method to do this is to use a malware scanner.
A good scanner will pick up malicious activities automatically.
The most difficult and risky way of checking if your site is hacked is to run a manual check. It’s risky because you’ll be fiddling with your website files and folders. And it’s difficult because malicious actors like hackers are adept at hiding code in ingenious ways. They are experts at this, so you are pitting yourself against the wits of experienced and highly motivated developers.
Besides these two, there are a few more methods which we’ll cover in detail to answer your question.
In the next section, we’ll show you 5 ways in which you can check if your site is hacked –
1. Scan Your Website With a Malware Scanner
One of the easiest ways to find out if your site is hacked is to scan it.
While there are different WP scanners to choose from, not every scanner can find a hack.
MalCare is the most effective malware scanner out there. Here’s why –
- MalCare finds new types of malware by going beyond signature matching and analyzing the behavior of codes.
- It finds hidden malware by checking every nook and corner of your website.
- Unlike other scanners, MalCare does not slow down your website while performing a scan. This is really important to note, because other scanners impact your key performance metrics and further damage your ranking.
- As we mentioned earlier, MalCare checks the behavior of code instead of just relying on signature and pattern matching to figure out if a code is malicious or not. This ensures that it’s not blindly concluding that the code is malicious and helps reduce false alarms.
To scan a website with MalCare, you need to take the following steps –
1. Install the MalCare security plugin on your website.
2. Next, from your website dashboard, select MalCare.
3. On the MalCare page, enter your email ID and run a malware scan for free.
If it finds that your site is hacked, you will be notified about it along with the number of infected files found.
IMPORTANT: If your site is indeed hacked, you need to clean it immediately. To learn how to clean your site, jump straight to How to Fix A Hacked Website.
Besides using a plugin, there are a few more ways in which you can find out if your site is hacked or not.
2. Check Your Google Search Console For “Security Issues”
Google’s Search Console helps you monitor your website’s traffic and performance. It also alerts you if it finds any security issue on your website. This means if your website has malware, it’s quite possible that the Search Console has detected it.
- Login into your Google Search Console account.
- On the left-hand side menu, select Security Issues.
- If your site is hacked, you should see an alert saying unwanted software detected on the site.
NOTE: You need to set up your Google Search Console to enable it to detect security issues. If your Search Console is not set up then, you can rely on the other methods to detect if your website is hacked. Nonetheless, we strongly suggest that you set up a Search Console right away if you haven’t already.
After having implemented the methods listed above, if you find that your website is really hacked, then you have to clean it immediately. In the next section, we’ll show you how to clean and fix your hacked website.
3. Check Your Site With Google’s Safe Browsing Tool
Insert your website in Google’s Safe Browsing tool and it’ll show you issues that your website is facing.
The tools are reliable because it comes from the house of Google. It’ll check your website for malware and upon finding it, it’ll inform you about it so that you can proceed to clean your site.
4. Check for warnings from Hosting Providers, Search Engines and Browsers
When your website is hacked, it’s likely that you’ll receive warning emails or notifications from your hosting provider.
Search engines and internet browsers like Google, Yahoo, and Bing will also display warning messages on your site and in search results to alert visitors that your site is hacked.
i. Hosting provider
Web hosting providers cater to thousands of websites.
To ensure the security of their platform, they scan all the websites they host regularly looking for possible malicious activities. A single hacked website could negatively impact their business in very serious ways, and thus they are extra vigilant.
So when they detect a hacked website on their platform, they suspend the hosting account immediately and issue a notification to the site owner to fix the website. To know if your hosting provider has detected a hack, check your email or check the notifications on the dashboard of your hosting account.
ii. Search Engines
Similar to web hosts, search engines also scan websites regularly to check for malware on sites. When they detect a hacked site, they blacklist it and prevent their users from accessing the site.
They do this because hacked websites put their users at risk. Hackers are known to trick or even force users into downloading malicious software or sharing their financial information.
When your website is blacklisted, Google users who are trying to access your website will see the following message and they’ll be prevented from accessing your site –
To find out if your site is blacklisted, you need to take the following steps –
> Open your browser in incognito mode and open https://www.google.com/.
> Then place the following sentence on Google search and hit enter –
(Please remember to replace the text with the actual URL of your website.)
> The links that appear on the Google search, click on any of them to access your website.
(Please ensure that you are logged out of your website when you are doing this.)
If your site is blacklisted, Google will prevent you from accessing your website. It’ll show you one of the following messages and urge you to go back to safety –
- The site ahead contains malware
- Phishing attacks ahead
- Deceptive site ahead, etc
A blacklisted website is a sure-shot sign of a hacked site.
iii. Internet browsers
Just like web hosts and search engines, internet browsers are also interested in protecting their users.
If they detect a hacked website, they try to prevent users from visiting the site. They do this by displaying warnings in search results.
For example, in Google Chrome, you will see warnings such as ‘This site may be hacked.’
Or ‘This site may harm your computer.’
To find out if your site has been a targeted by browser vigilantes, do a site search like this –
> Open Google Chrome
> Put this in the search bar – site:https://yourwebsiteurl.com (Remember to replace the site name)
If you see a warning under your website’s URL, you can be sure your website is hacked.
5. Manually Investigate Critical Files (Not Reliable)
When hackers invade your website, they start making changes on your site. For the most, they try to do it in a way that they are not caught so that they can keep using your site’s resources for a long time.
They hide malware in places where you are unlikely to look, places like critical WordPress files which normally people don’t want to fiddle with.
If your site is hacked, there is a good chance that a hacker has hidden malware in such files. Investigating them will lead you to find out if your site is really hacked.
But please tread with CAUTION. Handling critical WordPress files is a risky business. A single mistake can break your website. We strongly suggest you skip this method if you are not a developer. We strongly suggest you skip this method if you aren’t savvy with the inner workings of WordPress. However, if you insist to proceed with the manual method, then look into the following files:
> Plugins & Themes Folder
> .htaccess file
> wp-config file
> And other PHP files on your website
Open these files and look for keywords like ‘eval’ or ‘base64_decode’ as they are known to be part of malware.
IMPORTANT: There are critical DRAWBACKS for a manual search. The keywords that we mentioned above can sometimes be part of legitimate code. Moreover, hackers are constantly finding ways to hide the code which makes it hard to find them. If you don’t find malicious codes in those files, it does not necessarily mean that your website is clean.
How to Fix A Hacked Website
Now that you’ve detected that your site is hacked, you need to clean it immediately. The longer your site stays hacked, the greater the damage it’ll experience.
There are different ways to clean your site, however, we’ve covered only the most efficient way – using a security plugin.
This will ensure that your website is thoroughly clean and secure something no other method can guarantee.
i. Clean Your Hacked Website
There are plenty of plugins that offer malware removal services but most of them have a long turnaround time.
The process of malware removal with most plugins goes like this – You need to sign up, then raise a ticket with them and wait for a reply. Then security personnel will reach out to you and you’ll need to give him or her access to your website to investigate the hack. After that, they’ll proceed to clean your site which can end up taking somewhere between a few hours to a few days.
When your website is malware-infected, time is of the essence. It won’t take long for things to snowball into bigger issues. Hence, waiting for security personnel may not be the best way to clean your website.
We recommend using MalCare’s Instant Malware Removal. It’ll clean your website under 5 mins.
Here’s how you can clean your website with MalCare –
1. If you have scanned your website with MalCare (as we recommended at the beginning of the article) then the plugin will alert you if it finds malware on your site.
Note: In case you haven’t scanned your site with MalCare, when you install the plugin to clean your site, it will automatically run a scan first to detect the hacked files.
2. To clean malware, click on the Auto-Clean button.
Note: Malware Removal is a complex process and is a premium feature with all security plugins. If this is your first time using MalCare, you will need to upgrade to access malware removal services.
3. After upgrading, MalCare will start cleaning your website immediately.
Cleaning a hacked website has never been easier.
ii. Detect & Remove The Vulnerability That Caused The Hack
Cleaning your website is half the battle. Next, you need to identify and remove the vulnerabilities that enabled hackers to hack your website and infect it.
There are two common types of vulnerabilities that cause a hack. They are – vulnerable plugins and themes and weak credentials. Here’s what you need to do to remove these vulnerabilities –
-> Update or Remove Vulnerable Plugins & Themes
Outdated plugins and themes can be vulnerable and can be exploited to break into your website. Hence we suggest that you update all outdated software which includes not just plugins and themes but also your WordPress core.
If you’re using pirated themes and plugins, we strongly suggest that you deactivate and delete them from your website. Pirated software is usually infected with malware which when installed on a website enables hackers to access your site.
-> Use Strong Username & Password
One of the most common methods hackers use to break into a website is brute force attacks. In this type of attack, they use bots to try to guess the right combination of usernames and passwords to gain access to your site.
Websites with easy-to-guess usernames (like admin, John, user, etc) and passwords (like password123, admin1234, user1234) are easy to compromise.
What you need to do is take a look at all the user credentials of your website. Make sure all your user credentials are strong enough to withstand a brute force attack.
iii. Remove Google Blacklist & Host Suspension (Optional)
If your website is blacklisted then you need to tell Google that you have cleaned your website so that they can proceed to remove the blacklist. You will need to submit your website for review and our guide on how to remove Google blacklist that will help you do just that.
And if your website is suspended, you will need to contact your hosting provider and inform them that you’ve cleaned your site. They will verify that your site is clean and remove the suspension. Here’s a guide that’ll show you the exact steps you need to take – How To Fix A Website Suspended By Hosting Provider?
After you have taken all the above steps to fix your website, there’s just one very important thing left to do. You need to ensure that your website is never hacked again. In the next section, In the next section, we detail the most crucial steps you need to take to secure your website from future hack attempts.
Protect Your Website From Being Hacked
To protect your website from future hack attempts, we strongly recommend that you implement the steps below:
Let’s dig right in.
i. Install a Security Plugin
A security plugin has 3 core tasks to perform: scanning, cleaning, and protecting a website. If you install a security plugin on your website, it’ll scan your website every day, clean it if your website is hacked, and take measures to protect your website from future hack attempts.
You can pick a site security plugin from our list of the best WordPress security plugins.
ii. Update Your Website Regularly
We mentioned earlier in the article that vulnerable plugins and themes can compromise a website.
With time, every theme or plugin develops WordPress vulnerabilities. To fix the vulnerability, developers will quickly release a patch through an update. This is why updating your website is so important.
Delay in updating can prove to be disastrous for your website, therefore, you need to implement updates on a daily basis. But if you are maintaining too many websites, then we suggest updating every week.
iii. Download Themes & Plugins From Only Trusted Marketplaces
It’s tempting to use pirated themes and plugins. You may not have to pay for a pirated plugin or theme but it does come at a cost.
Most pirated plugins or themes contain malware. So when you install and activate pirated software on your website, the malware is also activated.
The malware acts like a backdoor that gives hackers access to your website. Moreover, pirated software doesn’t receive updates from developers. When vulnerabilities develop in the software, without an update there’s no way to patch the software. Pirated software leaves your website vulnerable.
It’s best to avoid using pirated themes and plugins on your website. Use plugins and themes only from the WP repository or trusted marketplaces like ThemeForest, CodeCanyon, Evanto, etc.
iv. Harden Your Website
WordPress recommends taking certain measures to harden the security of your website. To implement these measures you need to have technical knowledge of WordPress.
But luckily, even if you aren’t tech-savvy, there are plugins that’ll help you implement site hardening measures. Learn to harden your site by following this guide on WordPress hardening.
With that, we have come to the end of our article. We are confident that if you take these steps, your website will be secure from hack attempts.
Dealing with a hack is a nightmare. Cleaning and fixing a hacked website is time-consuming, often expensive, and difficult.
It’s important to take preventive website security measures on your site to ensure it’s protected against hack attempts.
One of the best ways to do that is to have a security plugin like MalCare installed on your website. It scans your website on a daily basis and alerts you when it detects suspicious activities on your website. It helps implement website hardening measures and even cleans hacked websites in under 5 mins.
Protect Your WordPress Site With The MalCare Security Plugin!
Sufia is a WordPress enthusiast, and enjoys sharing their experience with fellow enthusiasts. On the MalCare blog, Sufia distils the wisdom gained from building plugins to solve security issues that admins face.