Back to Posts List

7 Ways To Tell If Your Website Has Been Hacked

Share this article

Last updated May 7th, 2020 by Ashley Halsey in

Hacked website

In this day in age, businesses rely heavily upon their website as a means of driving sales and reaching customers. It is usually the first point of contact between a potential customer and the business, and thus, it commands a level of investment. Because of this, it can be frustrating and upsetting to have one’s web page hacked and rendered useless. Such an event is becoming a growing concern, as hackers become more sophisticated with their methods of gaining unauthorized access to a webpage or server.

Sometimes it is obvious when a website has been hacked; there is clear vandalization. Other times it is not apparent that one's web page has been hacked. Here we will look at the seven most reliable ways to tell if one’s website has been hacked.

1. Host Provider Takes Sites Offline

The host may receive reports that the site has been hacked. This may come from users or from software the host runs on its servers. When this occurs, the site is usually taken offline right away. Almost all hosts will notify a client if their website is taken offline.

In some cases, a host may quarantine or reformat a site to stop the malware from spreading on its servers. This can result in the webpage being permanently altered and is a good reason to do regular backups of one's webpage.

2. Website Is Black Listed By Search Engines

Most people are familiar with the "this site may harm your computer" warning on Google. This is what occurs when google has blacklisted a site they believe, and usually for a good reason, to be compromised. A major issue that occurs when a site is blacklisted is that the email account associated with the site can be blacklisted as well. This can be particularly damaging if the user has a Gmail account. If the email is blacklisted, the user will not have access to it and will not be able to change the website's admin settings.

Google also provides a "This site may be hacked warning." It does this when changes have been made to one's site that it perceives as odd. This is usually the addition of Black Hat SEO links and content.

3. Strange Content Added To Site

Some hackers try to add content to one's webpage stealthily in hopes it will go unnoticed. This usually manifests itself in the form of links leading to websites where items such as prescription drugs, knock-off purses and sunglasses, and other goods can be purchased.

These minor changes can be hard to spot and, if done with tact, will go unnoticed by Google's algorithms. Often it will appear as if no changes have been made at all, so one must closely examine their content regularly to determine if their website has been hacked.

4. New And Unexplained User Accounts

User accounts in this context do not refer to individuals signing up to a website; it refers to accounts created on the content management system. The owner of a website can grant permission to specific users to access a website and upload content to it. If a new or unexplained account is created, it could very well mean the website was hacked.

5. Unknown Plugins

A plugin is a piece of software that adds extra features to an existing system. Some of the more commonly known plugins are applications such as Adobe Flash, Java Virtual Machine, an AdBlocker. Plugins are useful tools for enabling and customizing functionality. It is essential to keep in mind that while plugins can be used to deliver value, they can also be used to gain unauthorized access to a website. A common trick that hackers use is to disguise malware as plugins to gain access. It is important to keep close track of what plugins are installed on one's website.

6. Make Use Of Website Security Tools

Several security tools can aid an individual or business in identifying a hack on their website. These tools range from applications that scan plugins and javascript code to content and backlink scanners.

Another popular tool is a code scanner. This type of tool runs a scan on the websites' PHP code, searching for malware or otherwise nefarious changes to the source code. Traffic monitoring can also be handy. It is common for hacked sites to be utilized in spamvertising campaigns, which will cause a sharp spike in traffic.

7. Review Files And Content

To ensure one's site has not been hacked, a thorough review of the web pages content should be done regularly. A hacker's intention is not always the same. Sometimes they want to take control of a webpage to use in a spam campaign, sometimes they want the information contained in the database, and something they just want to leave links leading back to a sales page. Depending on their intention, different types of clues will be left.

For example, when viewing the server logs, if the same IP address is seen hitting a page for days or weeks, it likely indicates a hack. As well, one may see many different IP addresses accessing an unrecognized page. This is also a sign of a hack.


Those who are serious about their webpages' security need to employ a multifaceted approach to ensure unauthorized access does not occur. The different facets come in the form of manual checks as well as security software. Together, the risk of a website hack is significantly lowered.

Ashley Halsey

Ashley Halsey is a professional writer at Lucky Assignments and Gum Essays. She has been involved in many projects all over the country and abroad. When not writing, the mother of two enjoys traveling, reading, and attending business training and management seminars.

comments powered by Disqus