Signs your WordPress website has been hacked

Expert UK WordPress agency Peacock Carter guide you through signs your WordPress website may have been hacked – and how to solve it.

Ever had a funny feeling something about your website isn’t quite right? Maybe your WordPress website has been hacked. This guide by the WordPress experts at Peacock Carter gives you an insight in to how you might know.

We’ve been building websites for over 11 years now, and have become adept at noticing signs of hacking in website’s we’re inheriting from clients.

WordPress is a great content management and blogging system for you website, but as with any software, it’s important to keep on top of your website’s security updates. Without these your website can be hacked – accessed without your permission – and content can be harmed.

Hacking can not only leave your website unfunctional, it can harm your hard-earned search engine rankings and effect your business, so it’s important to address issues as quickly as you can.

1. Spam links in your WordPress post & page content

Finding spam links in your WordPress website’s page and post content is a common sign your website has been hacked. Look through your page and post content for links that look out of place.

Sometimes, these spam links are hidden from view in the Visual editor tool in WordPress, and you will need to use the Text editor view at the top-right of the editor panel:

Visual and Text editor views in WordPress

One telling sign your website has been hacked is to search your content for words related to common spam topics: fashion, “rolex watches”, etc. More elaborate content is hidden using inline CSS in your website; using the Text editor view above, you may be able to see this by searching for the word “absolute”.

2. Unusual WordPress user accounts

Check the user accounts who have access to your WordPress website. Navigate to the Users > All Users screen in the WordPress administration panel:


Check your WordPress users if your website has been hacked

If you spot user accounts that should be there, or you don’t remember creating, you may need to delete them (or as your web development agency for help). This is particularly important for accounts which have full WordPress administrator rights.

Reset your own account password, and get any other users with access to the website to reset theirs too.

3. A sudden dip in traffic

As we mentioned above, hacked websites have the potential to lose their search engine rankings as they’re deemed “unsafe” or “unreliable” in search engines. If you have experienced a sudden drop in search engine traffic, it could be due to your WordPress website being hacked (though there are many other causes for this too!). Talk to your WordPress website agency, or your digital marketing company for more advice.

How to clean your WordPress website up

To get your WordPress website back to a clean state after it’s been hacked, approach a reliable WordPress developer (as pure coincidence, that would be us!). You can also take some precautions yourself:

  1. Reset your WordPress administrator account passwords to something secure using a secure password generation tool such as
  2. Remove any suspicious links or user accounts as soon as you can
  3. Talk to your web developer or web design agency

These are just a guide to some common signs of hacking for your WordPress website. Sometimes, hacking doesn’t leave a trace; please consult an experienced web developer and discuss having a security audit of your website undertaken if you’re unsure.