Whether you want to talk about it or not, every open source system can be targeted by hackers. While in my experience other systems are far worse (I won’t mention names), it is not unheard of to have your WordPress site hacked.
I’ll be going through security prevention in another post, but there are some very important things you should do to avoid getting hacked in the first place and the mitigate risks if you ever do. Regular upgrades of WordPress plugins, regular backup and security scans should be top of the list.
But for now, let’s look at how you know when your site has been hacked:
1. Your emails start bouncing
This is one of the worst things that can happen when your website is hacked. It works like this:
- Hackers break into your WordPress site and install scripts that send out thousands of emails from your IP address.
- People report them as SPAM.
- SPAM lists like barracudacentral.org and spamhaus.org see the reports and add you to their block lists.
Sometimes you may not even know your site has been hacked, you’ll just notice people aren’t getting your emails. If you have an agency and are hosting websites for others, the ban may even affect your clients’ domains.
2. Bad content is added to your site
If your site is hacked, the hackers may gain access to one of your theme files. If this is the case, they can fairly easily add things into the site.
The impact can range from annoying to devastating. I’ve seen:
- Sites that have a lot of (bad) invisible code added. This code is visible to crawlers like Google, invisible to the human eye and can slow the site down and ultimately, get your site added to blacklists.
- Sites that have unwelcome links and content added into the footer on every page.
- Sites that have been completely replaced with new content (and they tend not to be images of pretty puppies…).
If this happens, you may not know because the content may not always be visible.
3. Your website is slow or crashes
This can happen for a variety of reasons.
One reason may be that the hacker has added so much bad code that the site slows down. Another is that the hacker has added your site into a network of sites or a spam email network where traffic is sent to the site and re-directed.
Either way, this is not good. Hopefully, you will find out about it fairly quickly (assuming people are visiting your site regularly).
4. You are lumped with a big bandwidth bill
I’ve seen this on hosts that charge a lot for bandwidth. In Australia, bandwidth is very expensive and at least 10x at compared to the US as a general rule. It’s not uncommon for hosts to only provide you with a certain amount of bandwidth and when you go over, it is very expensive.
Bandwidth is used when people visit your site or send you emails. When your site is hacked, your bandwidth charges can potentially go through the roof from:
- Large files being added to your site, which increases the amount of data downloaded every time you have a visitor.
- Malicious scripts added to your server that send out thousands of emails that add to your bandwidth usage.
- Huge traffic spikes in the case where your site has been added to a network.
This can happen very quickly, and unless your host is in the habit of warning it’s customers when there are spikes, you may not know before it’s too late.
5. Your traffic plummets
If your site is hacked you might notice that your traffic disappears. This can happen for a few reasons:
- If the site has crashed or is slow, people will drop off.
- If Google has blacklisted your site, people will see warnings when they search for you in Google and they won’t click through.
- Your traffic is re-directed automatically to another site.
- Traffic will bounce as soon as they see anything unusual on your site.
Some people don’t actively monitor their website traffic, so it may not be obvious that this has happened.
6. Your traffic surges
A big traffic surge is also possible. In point 3 above, I talked about the situation where your site is added as part of a re-direct network. This could result in huge increases to your traffic in a short time period.
But don’t get excited there’s no benefit to this traffic! It will ruin your analytics reporting, slow your site and increase your chance of being added to a blacklist. Not to mention potentially crashing your server. Either way it kills the site experience for users and being blacklisted is going to result in less targeted traffic and a tarnished reputation.
7. Your website disappears
Sometimes when a site is hacked, a hacker can get into the files and remove the whole site.
I’ve seen it as bad as removing every single site on a server in extreme cases. If your host backs up their sites to the same server you can imagine how devastating that would be.
Do you know anyone who has had their site hacked?
Please tell us in the comments about what happened.