10 Signs Your WordPress Site Has Been Hacked

WordPress powers over 40% of all websites on the internet — which makes it the number one target for hackers. Many attacks go unnoticed for weeks, quietly stealing data, sending spam or harming your SEO while your site appears to be running normally.

Here are the 10 most common signs that your WordPress site may have been compromised.

1. You're seeing a Google warning

If Google displays a "This site may harm your computer" or "Deceptive site ahead" warning when someone tries to visit your site, it means Google has detected malware. This is one of the most serious signs — your site has been blacklisted and visitors will be turned away until you clean it.

2. Visitors are being redirected to another website

One of the most common hacks involves injecting redirect code that sends your visitors to a spam, phishing or adult website. You may not see it yourself if the redirect targets new visitors or users on mobile — so check from a private browsing window or ask someone else to check for you.

3. Your hosting company has suspended your account

Hosting companies actively scan for malware and if they find it, they'll suspend your account to protect their servers. If you receive an email saying your account is suspended, malware is a likely cause.

4. New admin users you didn't create

Log into your WordPress dashboard and go to Users. If you see admin accounts you don't recognise — often with generic names or random strings — your site has been accessed by an attacker who has given themselves administrator access.

5. Your site is suddenly very slow

Some malware uses your server to send spam emails, mine cryptocurrency or run automated scripts. This puts enormous load on your server and can cause your site to slow to a crawl or become completely unresponsive.

6. You notice strange files in your hosting

If you have access to your hosting file manager and you notice PHP files with random names (like xd3f9.php) in unusual locations like the root directory, uploads folder or theme files, these are almost certainly backdoors or malware scripts.

7. Your search result listings look wrong

Search your site on Google using site:yourdomain.com. If the results show pages with strange titles like "Buy cheap Viagra" or text in foreign languages, hackers have injected SEO spam into your site — a technique called "pharma hack".

8. You can't log into your WordPress admin

Attackers often change admin passwords once they're in, locking the legitimate owner out. If your password suddenly stops working and you haven't changed it, this is a serious warning sign.

9. Customers are receiving spam from your domain

If contacts are telling you they're receiving spam emails that appear to come from your domain, hackers may be using your mail server to send mass spam campaigns. This can permanently damage your domain's email reputation.

10. Your antivirus flags your site

Antivirus tools like Malwarebytes, Norton or even browser extensions will sometimes flag websites with known malware signatures. If someone reports that their antivirus is blocking your site, take it seriously.

What to do if your WordPress site has been hacked

If you recognise any of these signs, act immediately:

1. Don't panic and don't try to fix it yourself if you're not experienced — you can make things worse
2. Take a screenshot or note of any error messages
3. Contact your hosting company and let them know
4. Call a WordPress expert — we handle hacked site recovery for UK businesses

How to prevent future hacks

The best way to deal with a hack is to prevent it happening in the first place. A proper WordPress maintenance plan includes daily security scanning, firewall protection, regular updates and regular site health checks — so if the worst does happen, you can recover in minutes rather than days.