W O R D P R E S S
A T T A C K
Prevent your WordPress
Website from being hacked
5 S I G N S O F
I' M INFECTED
How can a person or organization know when their website has been
compromised before it gets out of control? More importantly, how
can that same person or organization know their website has been
compromised before their customers find it themselves? Actually, it
really isn’t hard to find a hack.
Here are 5 signs you can watch for to make sure your
site hasn’t become a victim.
Hacktarget’s WordPress Security Scan
Online WordPress Security Scanner to test vulnerabilities of a WordPress installation.
Checks include application security, WordPress plugins, hosting environment and web
These online site checkers will scan your site and tell you if your
WordPress is compromised.
Gamasec’s Malware Detection
This remote website Malware detection scanner investigates URLs in order to detect
suspicious scripts, malicious media and any other web security threats hidden into
legitimate content and located on your websites.
Webcheck.me Website Scanner
This tool allows you to check your website against many known problems like
misconfiguration or malware (and much more).
BETTER WP SECURITY
Better WP Security can also help
determine a problem by looking for
changes to files on your site. It can look
for added, removed or modified files
and report back to you via email. As
nearly all hacks involve inserting code
into WordPress files this can be a good
indication that someone has gotten into
your site and done something they
GOOGLE WEBMASTER TOOLS
Google Webmaster Tool is one of the best tool for webmaster which you can get
for free, and if you have not yet submitted your Website in GWT, you are missing
out vital information regarding your website. Google Webmaster Tool can get
the data, tools and diagnose for a healthy site, with this tool you can check your
WordPress for potential issues that Google has detected. If Google has detected
malware on your WordPress, you or your visitors might see a warning saying
“This site may harm your computer.” or “The Website Ahead Contains Malware.”
If you’ve been blacklisted by Google, one of your best sources for help is Google
Webmaster Tools. Google will watch your site for problems when it scans and
reports any problems back to you in GWT.
Another major indicator your site has been
hacked is unusual activity often in the form of
a traffic spike or unusual amounts of spam. For
example, if you have an old post that suddenly
becomes popular for no apparent reason you
might have a problem. Along these same lines,
you should watch for visitors from unusual
parts of the world, and watch for extra
comments or anything else that can’t be easily
LOOK AT THE FILES
PHP files in your theme, the .htaccess file and extra files in
your WordPress home directory are all common places you will
find hacked code on a WordPress or other site. What you’re
looking for here, in the case of PHP files, is “hidden” or
complicated code. Scan your entire file structure for “base64”
or look at the ends of your PHP files. If there is anything you
don’t recognize it could very well be something bad. In the
case of .htaccess look for redirect rules to domains you’re not
familiar with, or other blocks of code that make no sense.
Figuring out that you have a problem might not
always be obvious. Most attacks these days will
center on .htaccess or a PHP file and will use the
infected site to attack its users. Services such as
ScanVerify combined with plugins like Better WP
Security can help you find the infected files quickly
and easily so that, when something does go wrong,
you’re back in business as soon as possible.
Looking through the files
manually could be boring,
but it is, without a doubt, the
most effective way of finding
an attack as you are exposing
an attack directly.
Or if you need help from our
professional team, contact us!
Article Source: https://www.clickittech.com/wordpress/wordpress-
ClickIT Smart Technologies