3 Signs That Your Website Is Hacked & How To Avoid Them

Home / Web Design / 3 Signs That Your Website Is Hacked & How To Avoid Them

Is your website acting weird?

In today’s online business world, having a WordPress website is essential. You’re busy enough running your business, suddenly one day your website is acting like it has a mind of its own and you start wondering if you’ve been hacked. Chances are you have been and here are 3 signs that your website is hacked and how to avoid them.

  1. A sudden increase in spam

    You’re getting a lot of spam comments and spam emails from weird email addresses. These comments tend to show up in high numbers and no matter how many times you delete them, you keep getting more of them every day. That’s a good time to activate Akismet. I’ve also provided more tips on this episode 3 Tips to Fry the Comment SPAM on Your ‪‎Wordpress‬ Website.

  2. Your website has users that you didn’t add

    When you click on “User”, then “All Users” on your WordPress dashboard, you notice additional usernames that you did not add yourself. Worst, some of those users have an “Administrator” role.  Remove those users immediately especially the ones with admin level permission. Consider installing a two-factor identification plugin like Clef Two-Factor Authentication.

  3.  Your website redirects to other websites

    People are reporting to you that when they visit your website on a mobile device, it takes them to a shopping website, a phishing website or worst a porn site.  You should get this cleaned up right away.

These are tech monsters that you absolutely do not want to deal with, they can be an entrepreneur’s nightmare, but the good news is that you can recover from them.

This type of backdoor hacking is a method that hackers use to bypass security so they can do whatever they want with your website.  In order for them to continue to do so, they require a hiding place.

Further clean-up steps will keep your website from  being hacked and here are a few you can apply today.Click To Tweet

    1. Delete themes that you’re not using

      There are generic themes that come pre-install with the WordPress platform, they’re not that pretty so people rarely use them. They also keep them around and this is the ideal place for hackers to hide that allows them to survive any upgrades. Access your files via your web hosting dashboard and delete those themes.

    2. Delete plugins that are not updated and plugins you’re not using

      People rarely check their plugins and this is the favorite place for hackers code to survive. Some of those plugins are never updated and are poorly coded.  Do a plugin inventory and check the last time they’ve been updated.  More than 1 month, they have to go.  If you’re not using a plugin, permanently delete the files.  You can always re-install it when you need to use it.

    3. Remove PHP files on your upload folder

      Yep your upload folder in your media file, a place you would never think to check. You can access your upload folder using your web hosting dashboard. PHP files are the perfect backdoor exploit and they do not belong in your media folder. If you see such files, remove them immediately.

Protecting your website has more to do than just protecting you. You are also protecting your visitors. These are 3 actionable steps that will take you less than 15 minutes to complete. If you feel overwhelmed dealing with those tech monsters, stop by my Facebook group, Website & Social Media Lab, I am happy to answer your questions.


  • May 26, 2016, 1:50 pm

    Great tips.. only bad thing about deleting old plugins is that you lose the data. I have an old CTT plugin and now use another… so I thought, I will deactivate the plugin.. and now I notice that my old CTT aren’t working right… so I have to keep it… or replace ALL of those old CTT’s… ugh. Otherwise, excellent! Oh, on spam, not much we can do on those ghost referrals either. 🙁

  • May 26, 2016, 4:07 pm

    These are all GREAT things to do. Thanks so much. Already have Askimet which I love but know there are unused plugins that I can remove. And never thought about the unused themes. Will get that done pronto.

    • Webly
      May 30, 2016, 12:58 am

      Glad you’re being pro-active Alene.

  • May 26, 2016, 5:08 pm

    When I was building WordPress websites, the biggest thing that caused them to go wonky was outdated plugins. Gotta keep on top of that! Great tips.

  • May 26, 2016, 7:34 pm

    I rarely check the Users section or the upload folder, so thanks for those valuable tips! We just bought the paid version of Akismet and that has eliminated the few spam comments we did receive. Plugins drive me crazy because they require frequent updating, but they do make life easier. Appreciate your no-nonsense, easy-to-read (and understand) article. 🙂

  • May 26, 2016, 8:11 pm

    Great tips….I think I will be deleting some plugins!

  • May 26, 2016, 8:30 pm

    Wow, great tips. Thank you. I’ve been wondering if I could delete themes I don’t use!

    • Webly
      May 29, 2016, 11:24 pm

      Yes Brenda you definitely can delete them. Glad this was useful to you.

  • May 26, 2016, 11:13 pm

    This is really great advice. One of my friends is dealing with a really nasty hack on her blog right now. I’m going to forward this to her. She’s got a pro doing the fix for her, but this will be a great point of reference for her.

    • Webly
      May 27, 2016, 12:04 am

      Thx for sharing this article with your friend Jennifer. These pesky tech monsters are becoming more and more frequent because they count on the area where we tend to get comfortable.

  • May 27, 2016, 2:21 am

    We have a coach who watches this stuff for us but its good info for me to know about.

    • Webly
      May 29, 2016, 11:25 pm

      It’s always good Roslyn to stay informed to know exactly what is your coach doing for you. You don’t want to be completely in the dark when it comes to your business.

  • May 27, 2016, 2:45 am

    OM Gosh you just blew my mind. Thanks so much for the valued info. Going to fix the site I have now.

    • Webly
      May 30, 2016, 12:55 am

      Awesome Celea. Please let me know if you have any questions fixing your site.

  • May 29, 2016, 12:10 pm

    Great article, Webly! The first thing I do when looking at a new site is a plugin and user audit. A lot of borders out there! 😉

    • Webly
      May 30, 2016, 12:57 am

      Online business is great, it also comes with its set of challenges too. Thx Mindy!

  • Webly
    May 30, 2016, 12:56 am

    Oh no the skull of death. Another option to consider Shantell is to do a full backup of your website. This way you can just reload the whole website, images, plugins and all.

  • Webly
    May 30, 2016, 12:57 am

    Glad you did Gary. Thank you!

  • September 2, 2016, 9:26 pm

    Great article on learning that WordPress and the plugins are extreme,y important in the function of the site to work well.

    Thank You,
    Lori English

    • Webly
      September 4, 2016, 6:02 pm

      Glad this is valuable to you Lori.

  • September 8, 2016, 7:21 pm

    Thanks for the tip about the php files in the upload folder. Would not have thought of that.