29 Signs to Check If Your Site Is Hacked
by
7-layers of Security for Your WordPress Site
Your website needs the most comprehensive security to protect it from the constant attacks it faces everyday.

Is your website misbehaving or has it been hacked? It can be difficult to determine the difference between the two. Malware infections are designed to remain hidden for as long as possible, leaving website owners confused about the state of their site.
Scan your site for malware and get an answer in 60 seconds.
The good news is that you are not alone in this situation. Many website owners have been in your shoes and have successfully dealt with malware attacks. As security experts, we have put together a list of symptoms that could answer the question: โWhat are the signs that a website is hacked?โ
TL;DR: If you suspect your site may be hacked, the best way to know for sure is to scan your site. MalCare is a comprehensive, deep site scanner and cleaner that will not only find every last vestige of malware on your site, but get rid of it in minutes as well. Donโt let doubt linger any longer: take action to protect your website today.
What are the signs that a website has been hacked?
Malware infections often go unnoticed as they aim to stay undetected for as long as possible. Malware can even be designed to only appear to users coming in from Google while hiding from admin and logged-in users.
This can create confusion as to whether a WordPress site is hacked or simply malfunctioning.
Although the signs mentioned below may indicate malware, none of them are confirmation on their own, and itโs possible to see many signs or none at all. The only way to be certain is to scan your website.
1. Visitors get redirected from your website
One of the most frustrating symptoms of a hacked website is when visitors get redirected from your website and get stuck in an endless refresh loop. This means that when someone attempts to visit your website, they are automatically redirected to another website or page.

A variant of this malware is to continuously refresh. Once visitors arrive on the site, the website will continuously refresh, preventing the visitor from leaving or interacting with the page in any meaningful way. This type of malware is commonly referred to as a redirect hack.

2. Google Safe Browsing warnings
Google Safe Browsing is a feature that helps protect users from WordPress phishing attacks and malware attacks by identifying websites that are potentially unsafe to visit. When Google detects that a website has been hacked or contains malicious content, it may display a warning message to users attempting to access the website.

If your website has been hacked, it may contain malicious content, such as phishing pages or malware, which can trigger Google Safe Browsing warnings. When this happens, users attempting to access your website may see big red interstitial pages with warning messages, such as โDeceptive site aheadโ or โThis site may harm your computer.โ
๐จ At this point, your site is losing visitors fast. Scan your site to detect the malware, and take steps to remove it fast.
3. Spam pages
Malware can cause the creation of spam pages on your website that can harm your siteโs reputation and lead to search engine penalties. These are pages that are created without the knowledge or consent of the website owner and are typically used to promote irrelevant or malicious content. Spam pages can take many forms, including pages that advertise pharmaceuticals, counterfeit products, adult content, or even illegal activities.
Spam pages are often created by hackers using automated scripts that exploit vulnerabilities in your websiteโs security. Once the spam pages are created, they can be difficult to detect, as they are often hidden from the websiteโs main navigation and are not linked to from other pages on the site. As a result, visitors to your website may accidentally stumble upon these pages and become exposed to harmful content.
4. Search results in other languages
Hackers inject sites with spam pages in other languages, like Japanese or Chinese. These pages are then indexed by search engines, and show up in search results. All of a sudden you will see a spike in your traffic from specific countries, and a dip in traffic on your legitimate pages.

If you try to visit these pages, they either throw up a 404 error or you are redirected to your homepage. The pages are designed to show up only to those users coming in from Google and who arenโt logged into the site at all.
๐จ These search results are the result of thousands of pages created on your site. Scan your site database to detect all of them, and remove them quickly.
5. Pop-ups, phishing pages, or fake captcha pages
Visitors complaining about seeing malware symptoms such as pop-ups or phishing pages can be a clear sign that your website has been hacked. Hackers can inject malicious code into your websiteโs pages, causing visitors to be redirected to other websites or to see unwanted pop-ups or ads. This can be especially harmful to your websiteโs reputation, as users may avoid visiting your site due to the perceived risk of malware or phishing attacks.
In addition to pop-ups and phishing pages, your website may also display spam ads. These are ads that are not relevant to your websiteโs content and are often used to promote counterfeit products, adult content, or other illegal activities.
6. Site notice: โThis site may be hacked.โ
One of the most obvious symptoms of a hacked website is a site notice that says โThis site may be hacked.โ This notice can appear in search engine results when users search for your website or when they visit your website directly.

7. Browser warnings in the URL bar
When a website is hacked, it can cause browsers to display warnings in the URL bar. These warnings are meant to alert users that the website may be unsafe or compromised.
Browser warnings can vary depending on the browser being used. For example, Google Chrome may display a โNot Secureโ warning in the URL bar, while Firefox may display a โWarning: Potential Security Risk Aheadโ message.

8. Security issues in Google Search Console
Google Search Console is a tool that helps website owners monitor their websiteโs performance in Google search results. It provides information about how Google crawls and indexes your website, and it sends alerts if there are any security issues or other problems with your website.

If your website has been hacked, Google Search Console may detect suspicious activity on your website, such as the presence of malware or phishing pages. When this happens, Google will display security warnings in the Search Console dashboard, alerting you to the issue. These warnings can help you identify the type of malware infecting your site and take steps to remove it.

9. Thousands of additional indexed pages
The sudden appearance of thousands of additional indexed pages on your website is a sure sign of malware. Malicious code creates new pages or content on your site without your knowledge.

When these additional pages are indexed by search engines like Google, they can negatively impact your websiteโs search engine rankings and traffic. This is because search engines prioritize relevant and high-quality content, and seeing an influx of low-quality or spammy content can signal to search engines that your website is not trustworthy.
10. Traffic patterns are haywire in Google Analytics
Sudden spikes or drops in traffic could be a sign of malware on your website. Malware can redirect traffic to other sites or create fake traffic to make it appear as though your site is receiving more traffic than it actually is. Look for telltale signs like sudden spikes in traffic from a single location or a significant increase in bounce rates.

11. Spike in server usage leading to warnings or increased bills
Unexplained spikes in server usage could mean trouble. Malware can cause your site to send out spam emails, run background processes, or perform other tasks that require more server resources. Hackers often use infected sites to perform malicious activities like sending spam emails or running cryptocurrency mining scripts. These activities can cause a sudden spike in server usage, which can trigger warnings from your web host or lead to increased bills for exceeding your server resources.
12. Web host sends you a warning or takes your site offline
Your web host may detect malware on your site during routine security scans or due to complaints from other users. They may send you a warning or take your site offline to prevent further damage to their network and other users.

Some web hosts, like Bluehost, have strict policies when it comes to malware-infected sites. If they detect malware on your site, they may immediately take your site offline or even delete it without warning.

๐จ Setting up a daily malware scan on your site helps prevent issues like this going from bad to worse.
13. Site becomes super slow
A website that becomes suddenly slow and unresponsive can be a symptom of malware. Malicious code into your websiteโs files can cause your website to slow down or crash. In some cases, malware can cause your website to consume excessive server resources, leading to slow load times and poor performance.
This can be especially frustrating for visitors who expect a fast and responsive website. Visitors may assume that your website is poorly maintained or outdated.
14. 404 warnings
Malware can change your siteโs code, leading to broken links and 404 errors. This can make it difficult for visitors to access your content. A 404 error occurs when a visitor tries to access a page on your website that no longer exists or has been removed. However, hackers can create fake 404 pages that are designed to trick visitors into clicking on malicious links or downloading malware.
15. Site is inaccessible to visitors
When a website is hacked, hackers can modify the websiteโs files or install malware that can cause the website to crash or become unresponsive. This can cause visitors to be unable to access your website, leaving them with a blank screen or error message.
If your website is inaccessible to visitors, itโs important to investigate the cause of the issue. This can involve checking your websiteโs server logs to identify any errors or issues. In some cases, the website may need to be restored from a backup or the hosting provider may need to be contacted to resolve the issue.
16. Your emails go to spam
If your emails are consistently being sent to the spam folder, it could be a sign that your site has been compromised by malware. Malware can cause your site to send out spam emails, which can negatively impact your sender reputation and decrease the chances of your legitimate emails being delivered to the inbox.
These emails often contain links to phishing pages or other malicious content, causing email providers to flag them as spam. The emails will have fake or suspicious sender addresses, and generic and irrelevant subject lines that do not match the content of the email.
17. Your subscribers receive emails from your site you didnโt send
If your customers or subscribers are receiving emails from your site that you didnโt send, itโs likely that your site has been hacked. Malware can cause your site to send out phishing emails, which can trick your customers into divulging sensitive information or clicking on malicious links.
18. Your email service provider blocks or blacklists you
When your email service provider detects suspicious activity from your account or server, they may take action to prevent further damage. This can include blocking your email address or blacklisting your domain name, which means that your emails will be automatically sent to the recipientโs spam folder or rejected altogether.
This can happen if your websiteโs email server has been compromised by hackers, and they have gained access to your email account or used it to send out spam emails.
19. Broken design
Malware can cause issues with the design of your website, such as distorted images, missing content, or broken links. A hacked website may also display unfamiliar or suspicious content, such as pop-ups, banners, or ads that are not in line with the websiteโs normal content or branding.
A broken design can be caused by a variety of malware, including viruses, trojans, and other malicious software. These infections can alter the websiteโs code, causing it to display incorrectly or redirect visitors to other websites.
Tip: Read about the differences between malware and viruses to better understand how each type can impact your website.
20. Unexplained code in headers and footers
Headers and footers are an essential part of a websiteโs design and are used to display important information such as logos, menus, and copyright notices. When hackers gain access to your website, they can inject malicious code into these areas, often without your knowledge.

The malicious code can take many forms, including scripts that redirect visitors to other websites, inject pop-up ads, or even steal sensitive information such as user credentials or credit card information. The code can be difficult to detect, as it may be hidden within the HTML or JavaScript of the header or footer.
Alternatively, you may see some code on your site which looks unfamiliar.
21. White screen of death
The White Screen of Death (WSOD) is a common symptom of a hacked website. This occurs when the websiteโs pages display a blank white screen instead of the expected content. The WSOD can be caused by a variety of reasons, including server issues, plugin conflicts, and malware infections. However, if you have ruled out other potential causes, itโs likely that your website has been hacked.
22. Login issues
Login issues can be another telltale sign that your website has been hacked. If you are having trouble logging into your websiteโs admin panel, it may be because a hacker has gained unauthorized access to your account. They can do this by stealing your login credentials or by exploiting vulnerabilities in your websiteโs security.
23. New users or signups with strange names and email addresses
Hackers can create fake user accounts on your website, giving themselves access to your siteโs content and functionality. They can then use these accounts to install malware, create spam pages, or steal sensitive information.
If you notice new user accounts with strange names and email addresses, itโs important to take action immediately. Review your websiteโs user database and delete any suspicious accounts that you did not create. You should also change your websiteโs login credentials and implement stronger security measures to prevent future attacks.
24. File changes that you didnโt make
Excluding updates, installations, or removals of plugins, themes, or WordPress, if you notice file changes on your website that you didnโt make, it is usually a sign of malware. Hackers can modify your websiteโs files, such as the .htaccess file or the index.php file, to redirect visitors to other websites, to display unwanted content, execute malicious scripts or to create backdoors that allow them to access your website. These changes can be difficult to detect, as they may be hidden within the code.
25. Fake plugins with unusual names
Fake plugins with unusual names in the plugins folder are a clear indication that your website has been hacked. Hackers can create fake plugins that appear to be legitimate, but actually contain malware that can compromise your websiteโs security. These fake plugins can be difficult to detect, as they may have names that are similar to legitimate plugins, but with a slight variation in spelling or wording.
Alternatively, they could be plugins with nonsensical names like zzz or abc. The plugin folders typically have very few files in them, and do not appear in the plugins dashboard on wp-admin.

26. Changes made to files will not stick
If you make changes to your websiteโs files, and changes you make to these files do not persist, it may be a sign of malware.
It is often the case when trying to clean malware manually. It is because hackers can use malware to overwrite your changes or to execute code that reverts the changes you made.
However, this symptom could also be because of a plugin. For example, a plugin that relies heavily on the .htaccess file will add a cron job that will make sure the file is optimized for that plugin. The cron jobs will run every 12 hours or so, and you will have the frustrating experience of making the changes over and over again.
๐จ MalCare is the only malware scanner that can detect malware in the cron jobs of your site too.
27. Weird code in your files that looks out of place
Malware can inject weird code into your websiteโs files that can be difficult to spot. If youโre familiar with the code on your website and notice code that looks out of place, it could be a sign of malware.
28. Your server IP gets blacklisted
If your server IP gets blacklisted by spam filters or other security services, it could be a sign that your site is sending out spam emails or engaging in other malicious activities. Malware on your site can cause it to send out spam emails or perform other malicious activities that could get your server IP blacklisted. This could lead to your emails getting blocked or your site being flagged as unsafe by search engines.
29. Abandoned carts on a WooCommerce store
If you run a WooCommerce store and notice a lot of abandoned carts, it could be a sign of malware. Malware can interfere with the checkout process, making it difficult for users to complete their purchases and leading to a higher number of abandoned carts.
As we said before, you could see some of these signs, a combination of them, or none at all. Malware is tricky and designed to confuse and confound.
What to do if you think the site has been hacked?
If you suspect that your website has been hacked, itโs important to take action as soon as possible to prevent any further damage. Malware can compromise your siteโs security, damage your reputation, and harm your users. Here are the steps you should take to clean your site:
- Deep scan your site: Use a reliable malware scanner to scan your site thoroughly. MalCare can detect and remove all types of malware, including hidden malware, backdoors, and phishing pages.
- Remove malware: Once MalCare has identified the malware on your site, itโs time to remove it. MalCare can automatically remove malware in just one click.
- Check with blacklist services: After cleaning your site, check with blacklist services like Google Safe Browsing to ensure that your site is not on a blacklist because of the malware.
- Backup your site: Finally, take a backup of your site. This is a safeguard in the event of any failures with your site. You should always have offline and secure backups of your full site. Better to have them and never need them, rather than not have them when you need them.
How did your site get hacked and how to prevent it from happening again
Ensuring the security of your website is essential to protect it from hacking attempts and potential breaches of sensitive data.
Security misconceptions
There is a lot of advice out there on how to deal with hacked sites, and more so on how to harden your WordPress site to prevent infections. As these tips do not come from security researchers, they are built on flawed premises. The only real way to protect your site from malware is to install a security plugin which has a scanner, cleaner and a firewall. Nothing else will cut it.
Final thoughts
Website security is not something to take lightly. By implementing some simple security best practices like keeping plugins and themes updated, installing a security plugin, and scanning for malware daily, you can greatly reduce the risk of a hack. To make this even easier, we recommend installing MalCare, a comprehensive security plugin that offers automatic daily scanning and malware removal. Donโt wait until itโs too late: install MalCare today and enjoy peace of mind knowing your site is secure!
FAQs
What are signs that a website has been hacked?
There are several signs that your website might have been hacked, including changes to your siteโs appearance or content, unusual spikes in traffic or server usage, warnings from your web host, and suspicious activity in your siteโs logs or analytics.
What happens when a website is hacked?
When a website is hacked, it can lead to a variety of negative consequences, such as loss of data or revenue, damage to your siteโs reputation, and potential legal liability. Hackers may steal sensitive information, install malware, deface your site, or use it to perform other malicious activities.
What are the 2 possible signs that you have been hacked?
Two possible signs that your website has been hacked include unusual activity in your siteโs logs or analytics and changes to your siteโs appearance or content without your authorization.
Can a hacked website be recovered?
Yes, a hacked website can be recovered, but itโs important to act quickly to limit the damage and prevent further attacks. The recovery process typically involves removing the malware, repairing any damage to your site, and implementing stronger security measures to prevent future attacks.
Why do people hack websites?
There are many reasons why people hack websites, including financial gain, political activism, personal vendettas, or simply for the challenge. Some hackers target websites to steal sensitive information or install malware, while others deface sites to make a political statement or demonstrate their skills.
How do you check if a website is infected with malware?
To check if a website is infected with malware, regularly scan your site with a security plugin like MalCare to detect and remove any malware infections.
Share it:
You may also like

WordPress Nonce โ All You Need To Know About It
Ever clicked a link on a site and gotten a confusing error message instead of the page you expected? Maybe you were trying to submit a form or delete aโฆ

2 Simple Fixes For index.php File Corrupted on WordPress Site?
Dealing with broken links and jumbled pages is not fun, and itโs definitely not what you want your visitors to see. A corrupted index.php file is a common reason forโฆ

How to Check if Google is Indexing My Site? โ 4 Easy Methods
You just launched a shiny new site. Youโve put in hours crafting content and setting it all up. Now, you eagerly wait for it to appear in Google search resultsโฆ.
How can we help you?
If youโre worried that your website has been hacked, MalCare can help you quickly fix the issue and secure your site to prevent future hacks.

My site is hacked โ Help me clean it
Clean your site with MalCareโs AntiVirus solution within minutes. It will remove all malware from your complete site. Guaranteed.

Secure my WordPress Site from hackers
MalCareโs 7-Layer Security Offers Complete Protection for Your Website. 300,000+ Websites Trust MalCare for Total Defence from Attacks.