5 Warning Signs Your WordPress Website Has Been Hacked (And What to Do)

Sign #1: Google Shows a “This Site May Be Hacked” Warning

If Google flags your site as dangerous, it gets removed from search results entirely. Visitors see a scary red warning screen and immediately leave. This alone can cost you weeks of lost traffic and business. Check Google Search Console regularly — it’s free and takes 5 minutes to set up.

Sign #2: Your Website Has Become Mysteriously Slow

Unexplained slowdowns can mean your server is being hijacked to send thousands of spam emails, mine cryptocurrency, or run malicious scripts — all without your knowledge. If your site has slowed down for no apparent reason, get it checked immediately.

Sign #3: Pages or Content You Didn’t Create

Hackers often inject pages stuffed with spam links, or redirect your visitors to gambling, pharmacy, or adult websites. If customers report being redirected, or you spot unfamiliar content in your sitemap, you’ve almost certainly been compromised.

Sign #4: Your Hosting Provider Suspends Your Account

Quality hosting providers constantly scan for malware. If your account gets suspended without warning, it’s almost certainly malicious code. Don’t just restore and move on — find and remove the root cause or it will happen again.

Sign #5: Admin Accounts You Don’t Recognise

Log into WordPress → Users. If you see administrator accounts you didn’t create — someone has full backend access to your site. This is serious. Act immediately.

What to Do If You’ve Been Hacked