Hire Me
WordPress Security 7 min read

Signs Your WordPress Site Is Hacked (Malware Checklist)

A visual checklist to verify if your WordPress files, databases, or landing pages have been compromised by hackers.

1. Overview

WordPress powers over 40% of the web, making it a primary target for hackers. Often, malware infections are silent—designed to run in the background to send spam emails or host deceptive pages without the owner noticing. Learn the warning signs of a compromised WordPress site.

2. Signs & Symptoms

Check if your WordPress site exhibits any of these indicators:

  • The website loads slowly, or your hosting provider warns you about high CPU/disk resource limits.
  • New admin users you didn't create appear in your Users dashboard.
  • Weird Google search descriptions written in Japanese or Russian appearing under your domain name.
  • Unfamiliar files with random names (e.g. wp-db-cache.php or radio.php) appearing in core directories.

3. Technical Explanation

Hackers inject code backdoors (usually written in PHP) to maintain server access even after admin passwords are changed. Common backdoor injections utilize PHP statements like: 

<?php
eval(base64_decode("aW5jbHVkZSAoImJhY2tkb29yLnBocCIpOw=="));
?>

This allows hackers to send terminal command requests directly through the browser. They also hijack the .htaccess file, adding conditions to redirect users coming from search engines to advertising links.

4. Step-by-Step Fixes

What to do if your site is compromised:

  1. Run Wordfence Security: Install the free Wordfence plugin, set scan options to 'High Sensitivity', and review the list of modified core files.
  2. Clean core files: Overwrite core folders (wp-admin, wp-includes) with clean files downloaded from wordpress.org.
  3. Restore default .htaccess: Open the root folder, locate your .htaccess file, and replace its contents with standard WordPress code.
  4. Update salts: Generate fresh keys at api.wordpress.org/secret-key/1.1/salt/ and copy them into your wp-config.php file. This automatically logs out all users, including hackers.

5. Summary Checklist

Keep your site secured:

  • Update plugins, themes, and WordPress core weekly.
  • Disable file editing inside the dashboard (add define('DISALLOW_FILE_EDIT', true); to wp-config.php).
  • Never install pirated or nulled premium plugins.
  • Enforce strong passwords and two-factor authentication (2FA).
🟢 Online & Ready Average response < 1hr
Hire on Fiverr