How to tell if your Joomla or WordPress site is hacked

malicious sign

7 quick hints to help you notice that your site may have been affected by malware

A site affected by malicious content costs reliability, time and money -least of all. Nobody likes a site to be suspended by google or hosting provider due to malware. So, how can you tell that?


1. Your site takes too much time to load

You had a fast site and now needs many seconds to load. You have enabled Joomla!’s zip page compression and cache, you have install extensions to increase speed, you have prevent heavy extensions or scripts from loading in home page, images are web optimized, but your site is slow. Chances are that malicious scripts cause the malfunction.

2. You notice unfamiliar url on the browser status bar

When a browser loads a page, the external sources that are used are displayed real time in the status bar  -usually located at the left bottom corner. It is ok to appear google analytics, cdn, affiliates ads and other url that you have allowed, but if you notice unfamiliar url this is really a bad sign. Malware probably have compromised your site security.

3. You have install in the same web server another Joomla! or WordPress site and left unattended

You installed a cms such as Joomla! or WordPress in your web server and forgot it; the administrator left unattended the site for some weeks (or even days). High chances are that, it has been hacked, due to outdated framework version or security precautions that have not been taken.

4. Your site is not updated promptly

Apart from the “crime” of not updating at all, you update your site rarely; or security update releases are not installed immediately. The time is enough for malicious software to find “holes” and enter in your site.

5. New users have been registered despite your policy

You have not provide registration or login links in the front end of your site. Your site policy is against user registration. But new user have been added, with strange names or emails, too. If it has not been done on purpose by your co admins then you should get suspicious enough.

6. You have unknown or .php files in your media folder

Unknown files have been uploaded to media (images) folder. Even worse, their ending is .php. 99.9% it is a malicious file that must be removed immediately.

7. Use Pingdom service

Pingdom’s website speed test is a marvelous free tool which give you a thorough and detailed report about you site’s load time. It analyzes the page and finds finds bottlenecks. Examine the report thoroughly. It gives you full report about the scripts, images and whatever your page loads. If you see e.g. a weird script that shouldn’t be loaded, it ‘s a sign you might be hacked.

These were some quick hints to start scenting that something malicious is going on with your site. Read next,

Stay in touch. In our next articles we will give concise and intuitive ways about removing malware and securing your site.

I ‘d love to hear your story or how this article help you. Feel free to leave any comment below!

1 thought on “How to tell if your Joomla or WordPress site is hacked”

Leave a Comment

Your email address will not be published. Required fields are marked *

Shopping Cart
Scroll to Top