There are a few ways to tell if your WordPress site is infected:

  • you open up your site and ups! it says it has been hacked!
  • your site is moving really slow or your hosting company reports that you are overusing resources, but you don’t see any extra activity in analytics
  • when you search your site over google you notice some pages that shouldn’t be there
  • it’s reported as an usafe site by your antivirus or browser

What to do if you think your WordPress site is infected

  • First thing, don’t panic. Everything you do while panicking might prove wrong later. Really, don’t panic.
  • Password protect your site via htaccess (you can do it from Cpanel or Plesk) so you can have a look at the site while stopping the public seeing your broken site.
  • Look for backups and see if restoring an older version fixes the problem temporarily (but your site will be vulnerable once again).
  • If you know a bit of how WordPress work you can re-install all the plugins and check if this solves the problem.
  • If you are still in trouble and don’t know what to do next, drop us a line here. We are a real company. Seriously, we have thousands of hours worked with WordPress for companies across the World.