In this day and age, it is no longer surprising when your neighbor’s site is hacked. This is partly because of the popularity of WordPress and the large attack surface it provides.
A common saying in security is that there are two kinds of people, those who have been hacked and they know it and those who have been hacked and they just don’t know it yet.
In this article, we try to find out whether you’re the former or the latter.
Contents
Obvious indicators that your WordPress site has been hacked
Funny messages on your site
This has to be the commonest way people find out their site has been hacked. Hackers of all kinds usually leave something behind to assert that they’ve conquered you. This can be cartoons, videos, images, text, a call to action, or demands.
Once you see something of the sort after visiting your site’s URL, you’ve definitely been hacked.
Unable to access your site
Different attackers have different reasons/motivations for wanting to hack a site. These could include but are not limited to financial gain, social cause, for fun, e.t.c. Depending on why they wanted to hack your site, they may choose to shut your site down so that it can’t be accessed by anyone.
It’s important to note that your site being down or inaccessible over its URL does not necessarily mean that you’ve been hacked but it can be an indicator of a hack.
Locked out of your site back-office
Once you visit your WordPress admin login page i.e wp-admin/login and are unable to login with your correct credentials, chances are they have been changed by someone who gained access to your site.
However, endeavor to try out all your possible password combinations first before concluding that your site has been hacked.
Ransom requests
A ransom request is as good an indicator of being hacked as any. If someone has reached out to you for any kind of ransom be it money, favors, blackmail, e.t.c with proof of control of your site, you’ve been hacked. It’s time to take the next steps to recover or pay the ransom.
It’s advisable to first try all other possible means to regain access to your site before paying the ransom because it is not guaranteed that control of your site will be returned after paying the ransom.
Less obvious indicators that your WordPress site has been hacked.
Leaked user data
It is a misconception that every attacker gets into a system for gain. Some hackers can get into your site just for their ego, for fun, or prove a point to their circles; and when this is the motivation, they might just exfiltrate the data and dump it on the web.
As a site owner or administrator, it is important to look out for online data and account credentials dumps. If some or all of your user’s credentials are there, you were hacked.
Unusually large log file
Log files are known to be lengthy because of the many logged alerts and messages, however, if your site’s log file is way larger than expected, it could be because of alerts from brute-force attacks, Denial of Service attacks, among others. This, although not by itself, could be an indicator that an attack is ongoing or that you’ve been hacked.
To confirm an attack using your log file;
- Download your access.log file from your site’s logs
- Check for failed logins
Many failed logins usually indicate a brute-force attack so you’ve probably been hacked.
Used up resources
Your WordPress site uses resources like RAM, disk space, etc on your hosting server. When an attack has happened, an attacker could use up these resources intentionally or unintentionally when performing their attack.
Therefore, resource usage on your hosting server could be a major indicator that your WordPress site has been hacked.
Conclusion
Apart from a few indicators e.g funny messages when visiting your site’s URL, most of the above indicators will not be conclusive alone. Therefore you’d have to check out for a number of them to confirm that you’ve indeed been hacked. For example, your site being down and being unable to login into your site’s admin could conclusively mean that you’ve been hacked.