WordPress is one of the most popular web content managers. It is very likely that many of our favorite websites use this CMS to provide the content to their users, as is the case for example. We ourselves can set up a website of any subject easily and quickly with WordPress, however, we must configure it correctly to avoid being victims of possible hacks.
It is highly recommended that you take into account a series of recommendations when making a configuration with WordPress, it would also be interesting that you review point by point all these recommendations to know if there is any irregular operation on your website and that you have not taken into account previously.
Problems with access and user management
Your usual username and password combination may not be correct, according to the administration portal. If you try to perform password reset, but the message that will help you recover it does not arrive, it is possible that someone has changed access. If you have managed to obtain the necessary support to regain access, look at the list of authorized users on your site. If you see an unknown profile and search through your alerts and there is no notification, this is a clear sign that your site has been hacked.
On the other hand, pay attention if the users do not have an administrator profile in addition to yours, and others who have given their consent to that privileged access. If there is a profile of this or any other type that you do not know, this can also be a sign.
Important: Any type of event scheduled, update, or activity performed from the administration of the portal, if you do not recognize it is another signal that should cause you to be alert.
Unknown visit to the site and irregular search results
Many times we do not pay much attention to these details, but suspicious visits and the unusual activity they generate should cause you to be alert:
- If you notice visits from unknown sources using Google Analytics.
- If you see a certain number of visits that have links to promotions of doubtful origin.
- When you perform maintenance of the website, during the scanning activities, you realize that you have parts of “strange” code that you have not put there, or directly if you see malicious code. Example: cryptojacking scripts to undermine cryptocurrencies using the computer or mobile resources of legitimate visiting users.
On the other hand, pay attention to aspects such as unusual search results, metadata and titles of publications that have been altered and you do not remember making any changes. This can also inform you that your WordPress site has been a victim of hacking, even more so if in the logon history, a record is verified from an unknown location and / or unknown user.
Irregular traffic data and unavailability of the WordPress site
If from one day to another, site visits have decreased greatly for reasons such as problems with SEO or the inclusion of Google’s part of your site to the blacklist , it is for you to suspect. Even more so if the inclusion in the blacklist is due to factors that you do not recognize. Another important signal is the failed access to the website: which indicates that the website does not exist or, when entering the domain of the website, automatically redirects to any site.
Also, be sure to check the availability or not of your backups if you manage to regain access to your site administration. If you do not have it available, it is likely that these backups have also been appropriated. Here is the importance of applying redundancy to backups , if possible, to other reliable providers in the face of such events. On the other hand, it is important to check the root files for lost and / or suspicious files that affect the regular operation of the site.
Problems with associated emails
This is closely related to the first pair of signals discussed above. If you have problems accessing your WordPress account or even having access, you cannot send or receive emails, it is a clear sign that the site has been hacked (probably). In any case, if you have any doubt or irregularity, you can consult with your provider -if you have it-, so that I can provide you with more support in case it is an inconvenience of your responsibility.
