How to check hacked wordpress website

WordPress Site is Hacked? Learn How to Protect the Website

Madiha Yaqoob 6

WordPress Site is Hacked or Compromised? Learn How to Check and Analyze it!

The “WordPress Security Guide Step by Step” series has three parts. In this series of WordPress Security, we’ll look at how to check, audit, and analyze a WordPress site for possible vulnerabilities or compromises. In the initial segment, we will dig into WordPress weaknesses, testing, and directing reviews utilizing on the web malware scanners. You will have the knowledge to secure your WordPress website by the end of this series. So if your WordPress site is hacked, you can learn how to safeguard it from this article. Let’s get started!

Part 1: Identifying the Signs of a Hacked WordPress Website

It is essential to ensure the security of your WordPress website to determine whether it has been compromised. The following are some typical signs to look out for:

  1. Site that loads slowly or can’t be reached: It could be a sign of a hack if your website takes a long time to load or goes completely offline.
  2. Unusual Server Resource Usage: Excessive usage of server resources, such as CPU and memory, without any apparent reason could indicate a compromise.
  3. Reports from Visitors or Users: If visitors, customers, or fans report issues while accessing your site, it’s essential to investigate further.
  4. Notifications from Hosting Team: Your hosting provider might notify you of a potential malware attack on your site.
  5. Alerts from WordPress: WordPress itself can send alerts or notifications regarding security concerns or detected hacks.
  6. Search Engine Warnings: Search engines like Google may warn you about security issues related to your site.

What to Do When Your WordPress Site Is hacked?

If you think your WordPress site has been hacked, the following steps should be taken:

  1. Direct an Exhaustive Sweep: Scan your website for potential threats and vulnerabilities with security plugins or reputable online malware scanners.
  2. Google Your Website: Perform a search for your website and analyze the search results. Google may display warnings like “this site may be hacked” or “site ahead contains malware.”
  3. Respond to Google Flags or Blacklisting: If Google has flagged or blacklisted your site, it’s crucial to take immediate action to address the issue.
  4. Understand the Motives of Hackers: Hackers have various reasons for compromising websites, such as earning money through affiliate links, redirection, or cloaking content.
  5. Identify Malicious Activities: Be vigilant for signs of unauthorized popups, rogue mouse behavior, phishing attempts, or the presence of spam pages and posts.
  6. Monitor Analytics Data: Check for sudden spikes in traffic, increased bounce rates, or reduced conversions, which might indicate a hack. Pay special attention to pharma hack attempts.

Useful Online Malware Scanners and Tools

To assist you in the process of auditing and analyzing your WordPress site’s security, here are some helpful online malware scanners plugins and tools:

  1. isithacked.com
  2. sitecheck.sucuri.net
  3. Google Safe Browsing Transparency Report
  4. getastra.com/seo-spam-scanner
  5. Google Search Central Docs (For Webmasters and Developers)
  6. Use the command “site:yourwebsite.com” on search engines to check indexed pages.
  7. hackertarget.com/wordpress-security-scan (Also provides Security Audit Reports)
  8. urlscan.io

Common Errors Indicative of Hacks or Server Misconfigurations

Here are a few errors you might encounter, which can indicate a hack or server-related issues:

  1. HTTP 500 Internal Server Error: This error message, such as “Error Establishing a Database Connection,” “Internal Server Error,” or “Connection Timed Out,” could be a result of hacking or server misconfigurations.
  2. HTTP 502 Bad Gateway Error or 503 Service Unavailable Error: These errors point to server-side problems, potentially caused by a sudden spike in traffic or excessive HTTP requests.


In the first section of our “WordPress Security Guide Step by Step,” we looked at the signs of a hacked WordPress website, what to do if your site is having problems, and common errors that show compromises. Keep an eye out for the subsequent installments of this series, which will provide a more in-depth look at WordPress security measures and best practices. You will have a comprehensive understanding of how to safeguard your WordPress website by the end of this series.