How to identify a hacked WordPress website

Have you been having issues with your WordPress site? Is it showing erratic behaviour, or perhaps your links are not working correctly? You may have been hacked. But how would you know? Follow the steps within this post to find and rectify these issues. 

Don’t you love it when your WordPress site is working perfectly? All your plugins working in perfect tandem with your site. It’s a moment of calm reflection and a wave of self-congratulation washes over you. Except in reality, that isn’t always the case. There is always something that goes wrong, seemingly at the least. You notice that your WordPress site isn’t running as smooth as it usually does, and you notice that the links on some of your pages doesn’t always lead to where you expect… something is wrong and you are not quite sure what is causing it. You have probably been hacked, so you need to take some steps to ensure this issue can be resolved quickly, effectively and properly. How do you know you have been hacked? 

There are a few symptoms for being hacked on WordPress: 

  • Malware warning when trying to access your WordPress site.
  • Google search results flagging your WordPress site as harmful, or hacked.
  • Google alert notifying the site is being used in phishing campaigns.
  • Your malware or exploit scanner notifies you that you may have been hacked.

If you have one or (god-forbid) more of these symptoms, you need to take some evasive action to rid yourself of this digital headache.

It all seems fairly rote, and tedious… to be honest it can be. The problem is hackers are tricky little buggers and unless you take precautions and retain vigilance you open yourself up to compromising situations. Basically you will get shafted without the foreplay such an occurrence tends to imply. I’m trying to explain the scene articulately here. But you get my drift, of that I am sure. So, we have established there has been a hacking attack on your WordPress site… so what do you need to do next? Simple, follow these two steps and be on your way to rectifying the situation:

Perform a Local Machine scan

This will narrow the focus on possible threats that may be on your system/server. Run your chosen Anti-Virus software, and a malware-scan on your machine. Taking this action immediately will let you know if the threat/issue is local, rather than server-based.

Perform a WordPress scan

For continual security and peace of mind. I would recommend that one of your first plugin installations, is an exploit scanner. To begin exploit scanning of your Wordpress database and files download the Fixhacked scanner, this runs in the background of your Wordpress site with minimal impact on performance and alerts you to any issues that may crop up. Installing the scanner is easy and requires the download of a .php file which can be uploaded to your Wordpress site and activated from there: 

  1. Download the simple to use exploit scanner from
  2. Upload this scanner to your Wordpress site, it works just like installing a plugin.
  3. Let the scanner do the work, the scanning of your files. 
  4. Following the scan, we tell you which files are corrupted and which could be exploited. Providing you with a solution to any exploitation issues you may have. Giving you the opportunity to clean these up quickly and efficiently.

It is very simple and should you require any additional help, do not hesitate to Contact Us.

Until next time.

Try FixHacked for free for one month

Try our free scanner!

Hire an Expert

I need an Expert


Chat with us and find out what you need to know!

Start livechat