{"id":3148,"date":"2023-10-08T17:16:06","date_gmt":"2023-10-08T16:16:06","guid":{"rendered":"https:\/\/www.lrob.fr\/?p=3148"},"modified":"2025-04-27T05:34:12","modified_gmt":"2025-04-27T03:34:12","slug":"how-to-check-if-my-wordpress-site-has-been-hacked","status":"publish","type":"post","link":"https:\/\/www.lrob.fr\/en\/blog\/internet\/wordpress\/securite-wordpress\/comment-verifier-si-mon-site-wordpress-a-ete-pirate\/","title":{"rendered":"How can I check if my WordPress site has been hacked? Warning signs to be aware of"},"content":{"rendered":"<p class=\"gutenify-section-416f49d0-65c1-11ee-ab92-a798eae102a1\"><strong>It's sometimes hard to tell the difference between a malfunction and a hack. But there are signs that your site may have been hacked. Today, let's take a look at the 8 most common signs to spot a hack on your WordPress site.<\/strong><\/p>\n\n\n\n<p class=\"gutenify-section-22b8c7e0-65c2-11ee-ab92-a798eae102a1\">\u274c Warning: if in doubt, it's best not to connect to the site administration. Indeed, if your site is hacked, this may allow the hacker to recover your password. What's more, the hacker may trigger certain actions automatically when you act on the hacked site, which would make the situation worse.<\/p>\n\n\n\n<p class=\"gutenify-section-5522fa70-65d1-11ee-8f2f-11b98139c5e2\">\u2705 If you think your site has been hacked, you need to suspend your hosting until your site's files and database have been dealt with directly.<\/p>\n\n\n\n<p class=\"gutenify-section-5522fa70-65d1-11ee-8f2f-11b98139c5e2\">Repairing a WordPress site requires respecting a scrupulous protocol like the one I offer in my <a href=\"\/en\/services\/repairing-and-securing-pirated-wordpress-sites\/\" target=\"_blank\" rel=\"noreferrer noopener\">repairing and securing hacked WordPress sites<\/a>. If you have any doubts, contact me and we'll be happy to advise you. <a href=\"\/en\/services\/repairing-and-securing-pirated-wordpress-sites\/\" target=\"_blank\" rel=\"noreferrer noopener\">free assessment and immediate safety measures<\/a>.<\/p>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" data-aos=\"fade-right\" id=\"rank-math-toc\"><h2>Contents<\/h2><nav><div><div><a href=\"#1-publicites-et-redirections-non-autorisees\">1. Unauthorized advertising and redirections<\/a><\/div><div><a href=\"#2-impossible-de-vous-connecter-en-tant-quadministrateur\">2. Unable to log in as administrator<\/a><\/div><div><a href=\"#3-vous-recevez-des-notifications-de-mails-rejetes\">3. You receive notifications of rejected e-mails<\/a><\/div><div><a href=\"#4-alerte-de-securite-google-safe-browsing-ou-antivirus\">4. Google Safe Browsing or antivirus security alert<\/a><\/div><div><a href=\"#5-contenu-indesirable-et-langues-etrangeres\">5. Unwanted content and foreign languages<\/a><\/div><div><a href=\"#6-utilisateurs-inconnus\">6. Unknown users<\/a><\/div><div><a href=\"#7-pages-de-phishing\">7. Phishing pages<\/a><\/div><div><a href=\"#8-fichiers-intrus\">8. Intruder files<\/a><\/div><div><a href=\"#comment-reagir-si-je-note-lun-de-ces-signes\">What should I do if I notice any of these signs?<\/a><\/div><\/div><\/nav><\/div>\n\n\n\n<div class=\"wp-block-group gutenify-section-8ca410c0-65c1-11ee-ab92-a798eae102a1 is-layout-flow wp-block-group-is-layout-flow\" style=\"padding-top:var(--wp--preset--spacing--30);padding-bottom:var(--wp--preset--spacing--30)\">\n<h2 class=\"wp-block-heading gutenify-section-41738f90-65c1-11ee-ab92-a798eae102a1\" id=\"1-publicites-et-redirections-non-autorisees\">1. Unauthorized advertising and redirections<\/h2>\n\n\n\n<p><strong>Unwanted ads or redirects to third-party sites appear on your site.<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"cause-et-explication\">Cause and explanation<\/h3>\n\n\n\n<p>The hacker was able to break into the site's files and\/or database to insert these ads and redirects. His aim is to steal your traffic to generate revenue.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group gutenify-section-741ff910-65c1-11ee-ab92-a798eae102a1 is-layout-flow wp-block-group-is-layout-flow\" style=\"padding-top:var(--wp--preset--spacing--30);padding-bottom:var(--wp--preset--spacing--30)\">\n<h2 class=\"wp-block-heading gutenify-section-417145a0-65c1-11ee-ab92-a798eae102a1\" id=\"2-impossible-de-vous-connecter-en-tant-quadministrateur\">2. Unable to log in as administrator<\/h2>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-28f84493 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<p><strong>Your administrator password no longer works or seems to change unexpectedly after each reset.<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"cause-et-explication-1\">Cause and explanation<\/h3>\n\n\n\n<p>The hacker has introduced a backdoor (code hidden in your site) enabling him to change all your passwords at will.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure data-wp-context=\"{&quot;imageId&quot;:&quot;69d52eb53706b&quot;}\" data-wp-interactive=\"core\/image\" data-wp-key=\"69d52eb53706b\" class=\"wp-block-image size-full wp-lightbox-container\"><img loading=\"lazy\" decoding=\"async\" width=\"423\" height=\"649\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on--click=\"actions.showLightbox\" data-wp-on--load=\"callbacks.setButtonStyles\" data-wp-on-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/www.lrob.fr\/wp-content\/uploads\/2023\/10\/wp-erreur-login.png\" alt=\"\" class=\"wp-image-3153\" srcset=\"https:\/\/www.lrob.fr\/wp-content\/uploads\/2023\/10\/wp-erreur-login.png 423w, https:\/\/www.lrob.fr\/wp-content\/uploads\/2023\/10\/wp-erreur-login-98x150.png 98w, https:\/\/www.lrob.fr\/wp-content\/uploads\/2023\/10\/wp-erreur-login-196x300.png 196w\" sizes=\"auto, (max-width: 423px) 100vw, 423px\" \/><button\n\t\t\tclass=\"lightbox-trigger\"\n\t\t\ttype=\"button\"\n\t\t\taria-haspopup=\"dialog\"\n\t\t\taria-label=\"Enlarge\"\n\t\t\tdata-wp-init=\"callbacks.initTriggerButton\"\n\t\t\tdata-wp-on--click=\"actions.showLightbox\"\n\t\t\tdata-wp-style--right=\"state.imageButtonRight\"\n\t\t\tdata-wp-style--top=\"state.imageButtonTop\"\n\t\t>\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewbox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\" \/>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-group gutenify-section-a75a5540-65c2-11ee-ab92-a798eae102a1 is-layout-flow wp-block-group-is-layout-flow\" style=\"padding-top:var(--wp--preset--spacing--30);padding-bottom:var(--wp--preset--spacing--30)\">\n<h2 class=\"wp-block-heading gutenify-section-d4c11060-65c1-11ee-ab92-a798eae102a1\" id=\"3-vous-recevez-des-notifications-de-mails-rejetes\">3. You receive notifications of rejected e-mails<\/h2>\n\n\n\n<div class=\"wp-block-columns are-vertically-aligned-top is-layout-flex wp-container-core-columns-is-layout-28f84493 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-vertically-aligned-top is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:50%\">\n<p><strong>You receive notifications of bounced e-mails (also known as \"mailer-daemons\") that you have not sent yourself.<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"cause-et-explication-2\">Cause and explanation<\/h3>\n\n\n\n<p>The hacker is using your site to send emails, or may have compromised your email password. In some cases, they are simply using a poorly configured and insecure contact form as a platform to send emails to the recipients of their choice, which also needs to be addressed to avoid your blacklisting.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-vertically-aligned-top is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:50%\">\n<figure data-wp-context=\"{&quot;imageId&quot;:&quot;69d52eb53772b&quot;}\" data-wp-interactive=\"core\/image\" data-wp-key=\"69d52eb53772b\" class=\"wp-block-image size-full wp-lightbox-container\"><img loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"559\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on--click=\"actions.showLightbox\" data-wp-on--load=\"callbacks.setButtonStyles\" data-wp-on-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/www.lrob.fr\/wp-content\/uploads\/2023\/10\/non-delivery-bounce-email-example.png\" alt=\"\" class=\"wp-image-3154\" srcset=\"https:\/\/www.lrob.fr\/wp-content\/uploads\/2023\/10\/non-delivery-bounce-email-example.png 640w, https:\/\/www.lrob.fr\/wp-content\/uploads\/2023\/10\/non-delivery-bounce-email-example-150x131.png 150w, https:\/\/www.lrob.fr\/wp-content\/uploads\/2023\/10\/non-delivery-bounce-email-example-300x262.png 300w\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" \/><button\n\t\t\tclass=\"lightbox-trigger\"\n\t\t\ttype=\"button\"\n\t\t\taria-haspopup=\"dialog\"\n\t\t\taria-label=\"Enlarge\"\n\t\t\tdata-wp-init=\"callbacks.initTriggerButton\"\n\t\t\tdata-wp-on--click=\"actions.showLightbox\"\n\t\t\tdata-wp-style--right=\"state.imageButtonRight\"\n\t\t\tdata-wp-style--top=\"state.imageButtonTop\"\n\t\t>\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewbox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\" \/>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-group gutenify-section-9d661d80-65c2-11ee-ab92-a798eae102a1 is-layout-flow wp-block-group-is-layout-flow\" style=\"margin-top:0;margin-bottom:0;padding-top:var(--wp--preset--spacing--30);padding-bottom:var(--wp--preset--spacing--30)\">\n<h2 class=\"wp-block-heading gutenify-section-c5e69d70-65c2-11ee-ab92-a798eae102a1\" id=\"4-alerte-de-securite-google-safe-browsing-ou-antivirus\">4. Google Safe Browsing or antivirus security alert<\/h2>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-28f84493 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<p><strong>When you visit your site, your browser displays a \"Dangerous or malicious site\" alert, either via Google Safe Browsing or via your antivirus software. The blocked URL displayed belongs to your site or to a third-party site.<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"cause-et-explication-3\">Cause and explanation<\/h3>\n\n\n\n<p>Your site contains URLs from <a rel=\"noreferrer noopener\" href=\"https:\/\/fr.wikipedia.org\/wiki\/Hame%C3%A7onnage\" target=\"_blank\">phishing<\/a>malware, or redirects to malicious sites. Google maintains a database of these malicious sites, which all web browsers use to protect visitors.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure data-wp-context=\"{&quot;imageId&quot;:&quot;69d52eb537d90&quot;}\" data-wp-interactive=\"core\/image\" data-wp-key=\"69d52eb537d90\" class=\"wp-block-image size-full wp-lightbox-container\"><img loading=\"lazy\" decoding=\"async\" width=\"581\" height=\"339\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on--click=\"actions.showLightbox\" data-wp-on--load=\"callbacks.setButtonStyles\" data-wp-on-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/www.lrob.fr\/wp-content\/uploads\/2023\/10\/site-malveillant-ou-dangereux.png\" alt=\"\" class=\"wp-image-3151\" srcset=\"https:\/\/www.lrob.fr\/wp-content\/uploads\/2023\/10\/site-malveillant-ou-dangereux.png 581w, https:\/\/www.lrob.fr\/wp-content\/uploads\/2023\/10\/site-malveillant-ou-dangereux-150x88.png 150w, https:\/\/www.lrob.fr\/wp-content\/uploads\/2023\/10\/site-malveillant-ou-dangereux-300x175.png 300w\" sizes=\"auto, (max-width: 581px) 100vw, 581px\" \/><button\n\t\t\tclass=\"lightbox-trigger\"\n\t\t\ttype=\"button\"\n\t\t\taria-haspopup=\"dialog\"\n\t\t\taria-label=\"Enlarge\"\n\t\t\tdata-wp-init=\"callbacks.initTriggerButton\"\n\t\t\tdata-wp-on--click=\"actions.showLightbox\"\n\t\t\tdata-wp-style--right=\"state.imageButtonRight\"\n\t\t\tdata-wp-style--top=\"state.imageButtonTop\"\n\t\t>\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewbox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\" \/>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-group gutenify-section-cab1d9c0-65c5-11ee-ab92-a798eae102a1 is-layout-flow wp-block-group-is-layout-flow\" style=\"padding-top:var(--wp--preset--spacing--30);padding-bottom:var(--wp--preset--spacing--30)\">\n<h2 class=\"wp-block-heading gutenify-section-2243b790-65c5-11ee-ab92-a798eae102a1\" id=\"5-contenu-indesirable-et-langues-etrangeres\">5. Unwanted content and foreign languages<\/h2>\n\n\n\n<p><strong>You see additional or modified articles or pages on your site. Often in a foreign language. And often with suspicious links to other sites.<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"cause-et-explication-4\">Cause and explanation<\/h3>\n\n\n\n<p>The hacker controls your site. Either by adding an administrator account, or by using a backdoor to inject code into the database. This allows him to insert any content he wishes.<\/p>\n\n\n\n<p>Not to be confused with \"spam\" comments. This concern needs to be addressed, but does not necessarily mean that your site has been compromised. This concern needs to be addressed, but does not necessarily indicate that your site has been compromised.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-group gutenify-section-1d7eb570-65c5-11ee-ab92-a798eae102a1 is-layout-flow wp-block-group-is-layout-flow\" style=\"padding-top:var(--wp--preset--spacing--30);padding-bottom:var(--wp--preset--spacing--30)\">\n<h2 class=\"wp-block-heading gutenify-section-e975d3c0-65c5-11ee-ab92-a798eae102a1\" id=\"6-utilisateurs-inconnus\">6. Unknown users<\/h2>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-28f84493 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<p><strong>You see one or more unknown administrator users in your WordPress user list. Sometimes you notice that your existing admin account details have changed.<\/strong><br>NB: As you don't want to log in to the site administration, you can also see this in the database table wp_users (via phpMyAdmin for example).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"cause-et-explication-5\">Cause and explanation<\/h3>\n\n\n\n<p>The hacker controls your site. Either via an administrator account added or compromised, or (and this is the most common case) via a backdoor enabling him to inject code into the database. In particular, this enables him to control the site's users.<\/p>\n\n\n\n<p>Not to be confused with unwanted users registering on your site. This concern must be addressed, but does not necessarily mean that your site has been compromised.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure data-wp-context=\"{&quot;imageId&quot;:&quot;69d52eb53829f&quot;}\" data-wp-interactive=\"core\/image\" data-wp-key=\"69d52eb53829f\" class=\"wp-block-image size-full wp-lightbox-container\"><img loading=\"lazy\" decoding=\"async\" width=\"828\" height=\"389\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on--click=\"actions.showLightbox\" data-wp-on--load=\"callbacks.setButtonStyles\" data-wp-on-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/www.lrob.fr\/wp-content\/uploads\/2023\/10\/wordpress-admin-intrus.png\" alt=\"\" class=\"wp-image-3155\" srcset=\"https:\/\/www.lrob.fr\/wp-content\/uploads\/2023\/10\/wordpress-admin-intrus.png 828w, https:\/\/www.lrob.fr\/wp-content\/uploads\/2023\/10\/wordpress-admin-intrus-150x70.png 150w, https:\/\/www.lrob.fr\/wp-content\/uploads\/2023\/10\/wordpress-admin-intrus-300x141.png 300w\" sizes=\"auto, (max-width: 828px) 100vw, 828px\" \/><button\n\t\t\tclass=\"lightbox-trigger\"\n\t\t\ttype=\"button\"\n\t\t\taria-haspopup=\"dialog\"\n\t\t\taria-label=\"Enlarge\"\n\t\t\tdata-wp-init=\"callbacks.initTriggerButton\"\n\t\t\tdata-wp-on--click=\"actions.showLightbox\"\n\t\t\tdata-wp-style--right=\"state.imageButtonRight\"\n\t\t\tdata-wp-style--top=\"state.imageButtonTop\"\n\t\t>\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewbox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\" \/>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-group gutenify-section-72841f30-65c8-11ee-ab92-a798eae102a1 is-layout-flow wp-block-group-is-layout-flow\" style=\"padding-top:var(--wp--preset--spacing--30);padding-bottom:var(--wp--preset--spacing--30)\">\n<h2 class=\"wp-block-heading gutenify-section-e397cb10-65c6-11ee-ab92-a798eae102a1\" id=\"7-pages-de-phishing\">7. Phishing pages<\/h2>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-28f84493 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<p><strong>You may notice that some URLs or files (often .html) resemble pages from well-known sites, either through a statistics tool or when exploring your site's files.<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"cause-et-explication-6\">Cause and explanation<\/h3>\n\n\n\n<p>This is called phishing. The hacker has taken control of your site and can write files of his choice into it, or write to the database. Phishing allows the hacker to lure visitors to your site whom he has previously sent false e-mails, in order to use it as a gateway and retrieve personal information from his victims.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure data-wp-context=\"{&quot;imageId&quot;:&quot;69d52eb538640&quot;}\" data-wp-interactive=\"core\/image\" data-wp-key=\"69d52eb538640\" class=\"wp-block-image size-full wp-lightbox-container\"><img loading=\"lazy\" decoding=\"async\" width=\"114\" height=\"236\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on--click=\"actions.showLightbox\" data-wp-on--load=\"callbacks.setButtonStyles\" data-wp-on-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/www.lrob.fr\/wp-content\/uploads\/2023\/10\/fichiers-phishing-site-web.png\" alt=\"\" class=\"wp-image-3156\" srcset=\"https:\/\/www.lrob.fr\/wp-content\/uploads\/2023\/10\/fichiers-phishing-site-web.png 114w, https:\/\/www.lrob.fr\/wp-content\/uploads\/2023\/10\/fichiers-phishing-site-web-72x150.png 72w\" sizes=\"auto, (max-width: 114px) 100vw, 114px\" \/><button\n\t\t\tclass=\"lightbox-trigger\"\n\t\t\ttype=\"button\"\n\t\t\taria-haspopup=\"dialog\"\n\t\t\taria-label=\"Enlarge\"\n\t\t\tdata-wp-init=\"callbacks.initTriggerButton\"\n\t\t\tdata-wp-on--click=\"actions.showLightbox\"\n\t\t\tdata-wp-style--right=\"state.imageButtonRight\"\n\t\t\tdata-wp-style--top=\"state.imageButtonTop\"\n\t\t>\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewbox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\" \/>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-group gutenify-section-191b4200-65ca-11ee-ab92-a798eae102a1 is-layout-flow wp-block-group-is-layout-flow\" style=\"margin-top:0;margin-bottom:0;padding-top:var(--wp--preset--spacing--30);padding-bottom:var(--wp--preset--spacing--30)\">\n<h2 class=\"wp-block-heading gutenify-section-01da58b0-65ca-11ee-ab92-a798eae102a1\" id=\"8-fichiers-intrus\">8. Intruder files<\/h2>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-28f84493 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<p><strong>You notice unusual files via FTP or your hosting panel. You notice even one intruding file or folder in your WordPress files. Sometimes these are \".zip\" files, sometimes they're in the underlying folders.<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"cause-et-explication-7\">Cause and explanation<\/h3>\n\n\n\n<p>The hacker has been able to send unwanted files to your site and now has complete control. He can read existing files and add new ones. He will usually have taken care to hide \"backdoor\" files throughout the files in an attempt to retain access to the site even if you clean up the content.  If in doubt, compare with the archive on wordpress.org or <a href=\"https:\/\/www.lrob.fr\/en\/services\/repairing-and-securing-pirated-wordpress-sites\/\">call in a professional to repair your site thoroughly<\/a>.<\/p>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"178\" height=\"537\" src=\"https:\/\/www.lrob.fr\/wp-content\/uploads\/2023\/10\/fichier-intrus-piratage-wordpress.png\" alt=\"\" class=\"wp-image-3157\" srcset=\"https:\/\/www.lrob.fr\/wp-content\/uploads\/2023\/10\/fichier-intrus-piratage-wordpress.png 178w, https:\/\/www.lrob.fr\/wp-content\/uploads\/2023\/10\/fichier-intrus-piratage-wordpress-50x150.png 50w, https:\/\/www.lrob.fr\/wp-content\/uploads\/2023\/10\/fichier-intrus-piratage-wordpress-99x300.png 99w\" sizes=\"auto, (max-width: 178px) 100vw, 178px\" \/><\/figure>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-group gutenify-section-3ccf7e90-6814-11ee-bd29-37085322ece7 is-layout-flow wp-block-group-is-layout-flow\" style=\"margin-top:0;margin-bottom:0;padding-top:var(--wp--preset--spacing--30);padding-bottom:var(--wp--preset--spacing--30)\">\n<h2 class=\"wp-block-heading gutenify-section-3cb84d10-6814-11ee-bd29-37085322ece7\" id=\"comment-reagir-si-je-note-lun-de-ces-signes\">What should I do if I notice any of these signs?<\/h2>\n\n\n\n<p class=\"has-text-align-left gutenify-section-fb16caa0-65cd-11ee-ab92-a798eae102a1\">If you spot any of these signs of hacking, don't become a cybersecurity expert if you're not, <a href=\"\/en\/services\/repairing-and-securing-pirated-wordpress-sites\/#contact-reparation\">contact me for immediate assistance.<\/a><\/p>\n\n\n\n<p>Ideally, you should host your site on a <a href=\"https:\/\/www.lrob.fr\/en\/web-hosting\/\">secured server<\/a> as offered in my hosting and webmastering packages. So <a href=\"https:\/\/www.lrob.fr\/en\/features\/secure-web-host-cybersecurity\/\">pirates are automatically blocked<\/a>This drastically reduces the risk of piracy. Also, malicious files are regularly scanned at server level, which is the most reliable way of proceeding.<\/p>\n\n\n\n<p>If there are no special security measures in place on the server hosting your site, you can start by using the <a href=\"https:\/\/wordpress.org\/plugins\/wordfence\/\" target=\"_blank\" rel=\"noreferrer noopener\">WordFence <\/a>which, while cumbersome and slowing down your site, will at least scan your site for malware and protect you from some basic attacks.<\/p>\n<\/div>\n\n\n\n<p class=\"has-text-align-left gutenify-section-1e1512f0-65ce-11ee-ab92-a798eae102a1\">And to keep your WordPress site always secure, don't miss my <a href=\"\/en\/services\/wordpress-webmastering\/\">WordPress webmastering services<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"<p>Il est parfois difficile de faire la diff\u00e9rence entre un dysfonctionnement et un piratage. Pourtant, des signes \u00e9vocateurs d&rsquo;intrusion sur votre site existent. Aujourd&rsquo;hui, voyons les 8 signes les plus courants pour rep\u00e9rer un piratage de votre site WordPress. \u274c Attention : en cas de doute, il est pr\u00e9f\u00e9rable de ne pas vous connecter \u00e0 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":3207,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[24],"tags":[],"class_list":["post-3148","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-securite-wordpress"],"_links":{"self":[{"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/posts\/3148","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/comments?post=3148"}],"version-history":[{"count":12,"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/posts\/3148\/revisions"}],"predecessor-version":[{"id":7205,"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/posts\/3148\/revisions\/7205"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/media\/3207"}],"wp:attachment":[{"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/media?parent=3148"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/categories?post=3148"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.lrob.fr\/en\/wp-json\/wp\/v2\/tags?post=3148"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}