How do I check whether my site has been hacked?
The last thing anyone wants to hear about their website is: ‘Has your site been hacked? It looks/behaves weird…’
Unfortunately, there are plenty of hackers out there, and even more easy targets for hackers. All it takes is someone using an easy-to-guess password, an outdated/insecure web platform, a default password that never got changed, known bugs, etc.
Here are a few telltale signs that you could be in trouble:
Google displays a warning about your site in its search results
Neither of which is a guarantee that your site is currently hacked, but either is definitely a sign that you should check your site with a fine-toothed comb!
Chrome sees red when you access your site.
Google visits (almost) the entire Internet on a regular basis and has its ways to detect when ‘something is rotten in the state of Denmark’, so to speak. It will alert you with a big fat red warning (if you’re using Chrome):
Your robots.txt file has been modified.
This method is a beauty of simplicity: All the culprit has to do is add the following two lines above the existing content of the robots.txt et voilà! Google and other search engines will stop indexing the site and anything already indexed will drop in rank or get removed altogether. And let’s face it: unless you have some very special site, the majority of your visitors are organic traffic (aka they found your page/site via a search engine)
This will tell anything (mostly search engines) which checks your robots.txt file for information that you want none of your pages indexed.
(WordPress specific)Check the WordPress-FAQ
WordPress provides a thorough list of things to check when you suspect your WordPress-based site has been hacked.
- [more to come]