Is your website acting weird?
In today’s online business world, having a WordPress website is essential. You’re busy enough running your business, suddenly one day your website is acting like it has a mind of its own and you start wondering if you’ve been hacked. Chances are you have been and here are 3 signs that your website is hacked and how to avoid them.
-
A sudden increase in spam
You’re getting a lot of spam comments and spam emails from weird email addresses. These comments tend to show up in high numbers and no matter how many times you delete them, you keep getting more of them every day. That’s a good time to activate Akismet. I’ve also provided more tips on this episode 3 Tips to Fry the Comment SPAM on Your Wordpress Website.
-
Your website has users that you didn’t add
When you click on “User”, then “All Users” on your WordPress dashboard, you notice additional usernames that you did not add yourself. Worst, some of those users have an “Administrator” role. Remove those users immediately especially the ones with admin level permission. Consider installing a two-factor identification plugin like Clef Two-Factor Authentication.
-
Your website redirects to other websites
People are reporting to you that when they visit your website on a mobile device, it takes them to a shopping website, a phishing website or worst a porn site. You should get this cleaned up right away.
These are tech monsters that you absolutely do not want to deal with, they can be an entrepreneur’s nightmare, but the good news is that you can recover from them.
This type of backdoor hacking is a method that hackers use to bypass security so they can do whatever they want with your website. In order for them to continue to do so, they require a hiding place.
Further clean-up steps will keep your website from being hacked and here are a few you can apply today.Click To Tweet-
-
Delete themes that you’re not using
There are generic themes that come pre-install with the WordPress platform, they’re not that pretty so people rarely use them. They also keep them around and this is the ideal place for hackers to hide that allows them to survive any upgrades. Access your files via your web hosting dashboard and delete those themes.
-
Delete plugins that are not updated and plugins you’re not using
People rarely check their plugins and this is the favorite place for hackers code to survive. Some of those plugins are never updated and are poorly coded. Do a plugin inventory and check the last time they’ve been updated. More than 1 month, they have to go. If you’re not using a plugin, permanently delete the files. You can always re-install it when you need to use it.
-
Remove PHP files on your upload folder
Yep your upload folder in your media file, a place you would never think to check. You can access your upload folder using your web hosting dashboard. PHP files are the perfect backdoor exploit and they do not belong in your media folder. If you see such files, remove them immediately.
-
Protecting your website has more to do than just protecting you. You are also protecting your visitors. These are 3 actionable steps that will take you less than 15 minutes to complete. If you feel overwhelmed dealing with those tech monsters, stop by my Facebook group, Website & Social Media Lab, I am happy to answer your questions.
Great tips.. only bad thing about deleting old plugins is that you lose the data. I have an old CTT plugin and now use another… so I thought, I will deactivate the plugin.. and now I notice that my old CTT aren’t working right… so I have to keep it… or replace ALL of those old CTT’s… ugh. Otherwise, excellent! Oh, on spam, not much we can do on those ghost referrals either. 🙁
These are all GREAT things to do. Thanks so much. Already have Askimet which I love but know there are unused plugins that I can remove. And never thought about the unused themes. Will get that done pronto.
Glad you’re being pro-active Alene.
When I was building WordPress websites, the biggest thing that caused them to go wonky was outdated plugins. Gotta keep on top of that! Great tips.
I rarely check the Users section or the upload folder, so thanks for those valuable tips! We just bought the paid version of Akismet and that has eliminated the few spam comments we did receive. Plugins drive me crazy because they require frequent updating, but they do make life easier. Appreciate your no-nonsense, easy-to-read (and understand) article. 🙂
Great tips….I think I will be deleting some plugins!
Wow, great tips. Thank you. I’ve been wondering if I could delete themes I don’t use!
Yes Brenda you definitely can delete them. Glad this was useful to you.
This is really great advice. One of my friends is dealing with a really nasty hack on her blog right now. I’m going to forward this to her. She’s got a pro doing the fix for her, but this will be a great point of reference for her.
Thx for sharing this article with your friend Jennifer. These pesky tech monsters are becoming more and more frequent because they count on the area where we tend to get comfortable.
We have a coach who watches this stuff for us but its good info for me to know about.
It’s always good Roslyn to stay informed to know exactly what is your coach doing for you. You don’t want to be completely in the dark when it comes to your business.
OM Gosh you just blew my mind. Thanks so much for the valued info. Going to fix the site I have now.
Awesome Celea. Please let me know if you have any questions fixing your site.
Great article, Webly! The first thing I do when looking at a new site is a plugin and user audit. A lot of borders out there! 😉
Online business is great, it also comes with its set of challenges too. Thx Mindy!
Oh no the skull of death. Another option to consider Shantell is to do a full backup of your website. This way you can just reload the whole website, images, plugins and all.
Glad you did Gary. Thank you!
Hello,
Great article on learning that WordPress and the plugins are extreme,y important in the function of the site to work well.
Thank You,
Lori English
Glad this is valuable to you Lori.
Thanks for the tip about the php files in the upload folder. Would not have thought of that.