9 Signs Your WordPress Website Has Been Hacked

We often receive requests for help with cleaning up hacked websites due to a discovered browser alert, a missing website, or a website that has been replaced with a message from the hackers shouting about their latest victory. This can be devastating and by this point such websites have been hacked long enough to have some real damage done to them. This is when a hosting provider will shut down the website, or search engines will inform it’s users that your website has been hacked.

We recommend keeping an eye open for signs that a WordPress website may be hacked. See the following for 9 common signs to help you cut off the hackers before the situation gets any worse.

1. Your browser notifies you of the hack.

You might receive a popup from your browser revealing that your WordPress website has been hacked. You could receive these warnings immediately upon clicking on your link, or opening your URL. These popups typically display a message explaining that your desired destination has recently been hacked, that there has been suspicious activity, or that your site has been infected with malware.

2. Search engine results display messages indicating your site has been hacked.

Depending on which browser you use, you might search for your website in a search engine to find that under the title, a new message appears and explains that the site has either been hacked, or might harm your computer. This will only happen in some circumstances, and it is possible your WordPress site has been hacked even if you do not see a message like this. In most cases, if you site has been hacked, it will be deleted from search engine results pages.

3. Your emails bounce.

You might begin to notice that people are not receiving or responding to your emails. Bounced emails are emails that do not reach the intended recipient. Email bouncing occurs in some instances when hackers hack into your website, install unwanted scripts, and enable these scripts to automatically send out vast amounts of emails specifically from your IP address. These emails usually get marked as spam, and then certain spam sites either involuntarily or voluntarily block your email address. Then, all additional emails coming from your IP address, even legitimate emails, do not reach the intended recipients.

4. Unwanted content is added to your site.

You notice new things on your website that you, nor anybody in your company, did not personally add. It is likely a hacker hacked into some of your administrative files, and discovered how to integrate unwanted content. In some cases, hackers integrate malicious code onto your website. This content could be invisible to you, as many different types of malicious code are invisible to the human eye. However, you might receive word-of-mouth information that it is present on your site from different crawlers(e.g. popular search engines) who can see it. In other cases, you might notice undesired links, pictures, or header and footer content.

5. Your website disappears from search engine result pages completely.

Perhaps you search for your website through your chosen search engine, yet your site is nowhere to be found. As previously mentioned, some browsers might list messages under your website title on the search page that exclaim the site is unprotected, harmful, or has been hacked. However, this said, in most cases, if your site has been hacked and you go to search for it, it will simply not appear on the search page any longer. Many popular search engines remove websites that have been hacked from their systems in order to protect internet-users from potential computer harm and viruses. So, if you search for your site and notice it no longer appears, it is very likely your WordPress website has been hacked.

6. Your website keeps crashing.

You notice your website will not load, or that it keeps crashing. This has many explanations. Websites can slow down significantly or crash as a result of excessive phishing, which is when a third party poses as the site proprietor and attempts to gather sensitive user information. Sites can also crash when hackers add your site to a redirect network. This network redirects an excessive amount of internet users to your site causing traffic to spike, and thus, crash. Hackers can also add malicious content and code to your site commanding it to crash.

7. You see unusual activity in traffic or bandwidth usage.

You notice a drastic decrease in your traffic. On the other hand, maybe you notice a drastic increase in your traffic. Both of these events are signals that your WordPress website has been hacked. As mentioned above, if your website has been hacked, you might notice the site disappear from online search engines. You might also notice you cannot access your site because it keeps crashing. If either of these are the case, it is likely other internet-users cannot locate your site, or cannot access it as well. This said, it is also possible for hackers to automate redirection from other sites to your site, which would cause a spike in your traffic. This type of high volume might lead your site to crash anyway though, making the high influx of visitors temporary.

You might also notice you have been charged excessively for going over your allotted bandwidth, although to your knowledge, there is no reason you might have accumulated such expenses. Bandwidth is the amount of information your internet connection can manage at a particular time. It is possible, and likely, your WordPress website has been hacked. The previously discussed types of hacking can significantly add to your bandwidth usage. For instance, the installation of unwanted malicious scripts that send enormous amounts of emails increases bandwidth usage dramatically. Also, unwanted content and very large files added to your site by hackers can increase bandwidth usage with every new guest your site receives.

8. You keep receiving strange popups.

You notice frequently-appearing, unwanted popup messages on your website. It is likely your WordPress website has been hacked. Popups of this nature tend to embed either viruses or malware on user devices when clicked on or closed. However, some popups perform more complex tasks. Some hackers enable them to retrieve information on browsing trends, seize sensitive data without user permission, and even send information to other sources on the internet.

9. You receive direct messages from your hacker.

You notice the homepage of your website has been disfigured, and you see messages explaining you have been hacked. In certain cases, some hackers like to brag about the fact they hacked your site. In some circumstances, this sort of hacking is not incredibly harmful, although it can be very annoying to remedy. This is perhaps the most obvious sign your WordPress website has been hacked.


Whilst it’s good to look out for when a WordPress website has been hacked, it’s better to be proactive and think about where security fits within your business, so you can rest easy knowing that your website is protected.

Exclusive 7 Day Course

Defend your site from hackers, improve your website speed, get free uptime monitoring and learn tactics used by WordPress experts

Many thanks for subscribing.

Something's not right.

About Steven Watts

Steven WattsSteven is the founder of Newt Labs. He's a WordPress specialist with an interest in building the most effective websites possible. Since 2010, he's been helping businesses with their online goals.

Exclusive 7 Day Course

Defend your site from hackers, improve your website speed, get free uptime monitoring and learn tactics used by WordPress experts

Many thanks for subscribing.

Something's not right.