Something just isn’t right with your WordPress site. Maybe you’re seeing weird links in your blog posts, or perhaps your site has suddenly stopped functioning the way it should. If you’re lucky, you’ll get a notification from your host that you’ve got infected files so you can take action. But what if you don’t? How can you find out if your site has been hacked?
Ideally all bloggers would take steps to protect their sites from hackers, such as installing a great security plugin, but unfortunately even the best preventive measures sometimes fail. If you suspect that your blog or website has been compromised, there are a number of steps you can take to check your WordPress site for malware or evidence of being hacked.
Step One: Make sure all plugins and themes are up to date. Plugin and theme developers release updates for two main reasons – to improve functionality and to patch security flaws. You should always keep your themes and plugins up to date.
Even if a plugin or theme is deactivated, its files could still allow someone to gain access to your site. Get rid of anything you don’t actually use, or keep it up to date at the very least. Be sure to take the appropriate steps to upgrade your theme safely so you don’t lose your customizations.
Step Two: Strengthen your WordPress install. There are several thing you should do every time you install WordPress, like getting rid of the “admin” user and choosing a good password. If you haven’t done those things, do them now to prevent problems in the future.
Step Three: Identify the problem. If you know something is still “off” but you aren’t sure what it is, now is the time for some basic troubleshooting. What do you see that causes you to think your site has been hacked? When did you notice it? Does the problem go away if you deactivate all your plugins? (If so, it’s probably a plugin issue.) Does the problem go away if you change to the Twenty Eleven or Twenty Twelve theme? (If so, your theme may be infected.) The more information you have, the better equipped you’ll be to take care of it.
Step Three: Scan your site. There are several methods you can use to scan your WordPress site for malware, all of which may provide different results. I recommend going through each of these just to be safe:
- Visit Is It Hacked? to run a free scan. You can also set up free monitoring to warn you if your site displays signs of infection. I love this site because they aren’t trying to sell you any kind of cleanup service (so you can trust the scan results).
- Go to the Sucuri website and run a free scan. I don’t always trust the results of Sucuri scans because they try to rope you into paying them for malware removal, but this is a good way to see if your site is on any blacklists.
- Install Wordfence Security (it’s free) and run a scan. Wordfence will identify any files that have been changed, need to be updated, or may contain malicious code, as well as providing you with the information you need to fix them.
- Install Anti-Malware (also free) and run a full scan of your site. You need to register first to make sure you have the latest definitions file, but it only takes a second. This plugin will clean up all kinds of infected files and put protective measures in place to prevent them from being infected again.
- Finally, ask your host to scan your site for additional infected files. Many hosts will provide a list of files, though very few of them give you much direction on addressing the problem.
Step Four: Consider bringing in reinforcements. We do a lot of malware removal here at Nuts and Bolts Media as part of our site management and consulting services. There’s nothing worse than realizing your site has been hacked and feeling unsure about how to handle it. A number of other companies provide malware removal as well. If you aren’t comfortable going through these steps yourself, don’t ignore the problem – get some help!
The Bottom Line
If your readers are reporting issues you can’t explain or your WordPress site randomly starts misbehaving, don’t stick your head in the sand. Anything on the internet can be hacked or compromised no matter what type of security you have in place, and it happens more often than you think.
Even if nothing is wrong with your site, take 20 minutes each month and go through these steps to ensure that your site is safe and free of threats.
Do you have any other tips for finding out whether your site has been hacked? Have you ever experienced malware on your own site? Let us know what you think in the comments!