Has your WordPress site been hacked? (and what to do about it)

Back

April 19, 2022 3 mins

Richard Jaggs

MD Resolution Design

WordPress is the most popular CMS in the world, with almost 40% of all websites running on the platform. That’s roughly 455 million websites, a staggering number.

No surprise then that WordPress sites are a magnet for hackers, who generally target smaller businesses, that do not have regular support in place and are likely to have vulnerabilities they can expose. On average 30,000 new websites are hacked every day and the most common way websites get hacked is by an automated tool.

How do you know if your site has been hacked?

The most common signs that your site has been hacked are:

  • Your website is blacklisted by Google, Bing, etc.
  • Your hosting company has disabled your website
  • Your website has been flagged for distributing malware
  • Users are complaining that their desktop anti-virus programmes are flagging your site
  • You’ve been contacted to say that your website is being used to attack other sites
  • You notice behaviour that was not authorised (i.e., creation of new users, etc…)
  • You can visibly see that your site has been hacked when you open it in the browser

But there are a large variety of different types of hacks, so a thorough investigation needs to occur to identify the issues and eliminate the vulnerabilities.

Why has your site been hacked?

Provided that you are keeping your site up to date with the most current version of WordPress it is very unlikely that the vulnerability is WordPress itself (however only an estimated 35% of WordPress sites are running on the most current version).

It’s estimated that 98% of all vulnerabilities are in third-party plugins and themes. It’s critical that you keep all third party software up to date and only use well-reviewed regularly maintained third party software.

Weak passwords are also a big problem, it’s critical that you use secure passwords and ensure that you have good housekeeping on your user accounts and permissions.

What should you do if your site has been hacked?

If you have a good working knowledge of WordPress and are technically minded you may want to check out the advice on what to do suggested by WordPress.

If you’d like to get some help from our team of experts then get in touch, we will assess your site and give you an estimate. We can then find and remove the vulnerability, get your site back up and running and give recommendations on how to avoid future hacks.