I am having a problem with my Wordpress website and I think that it has been hacked. First of all, my site is really slow. I have also noted some funny content that has been added on my site. Could this be a sign that my site has been hacked? What do you suggest I do about it?

Could be a plugin vulnerability... I would strip it down to only the essential core plugins, make sure wordpress is up-to-date. Remove all files, change your ftp details and username/passwords.

Same problem as mine. But thank you for this tips.

Also be sure to not share your admin account information with anyone. I recommend changing your password. On the side note, try not using Admin as your username, you will most likely be targetted for a hack :D

what kind of content has been changed?
if it's an image you linked to from another page, might just be the owner replaced the image. if it's part of the wordpress text, maybe there's been an update of their material.

anyway, wordpress isn't the best way to create a website anyway. you give way too much rights to other parties (since you're using their software).

but a site being slow,means nothing. might just be there's a lot of traffic on that server.

Hi, "Qqueen".

Did you get your problem resolved?

If not, what other steps have you taken to confirm one way or the other if your site has been hacked?

What browser do you use?
The reason I ask is because, if you use Firefox it usually accesses a database that documents bad sites and should block your site from loading if your site has been added to the known "bad" site list. So load your site in Firefox and see if any warnings appear.

Alternately, you can submit your site to some of Google's webmaster tools. For example, their diagnostics tool (replace "example.com" at the end of this URL by the domain of your own site):


WordPress is notorious for getting hacked. I had a WordPress blog myself for a while, but it got hacked, and I decided to give up on it (I wasn't a prolific blogger anyhow.)

Please post back to let us know how this matter progresses.

All the advice above is positive. I'm guessing you haven't gone very far into security, and as I've had a wordpress site hacked three times, it's obvious that I haven't either. First thing is that whether human or bot the bad guys may stay one step ahead of you, and we do what we can. Things on my 'to do' or 'doing' list which may help:
limit the number of login attempts
or something similar
password protect directories
modify .htaccess
delete the default admin account
hide the wordpress version - I'm sorry if I missed someone saying that before.
Plugins are definitely a weakness. In my case, I suspect a file in a google map plugin.
If the part beyond the links doesn't make sense, go with installing the plugins in the links. If you google 'wordpress security' you'll find lots more. Stay with the funny content, rather than slowness to see what's really happened. If you are with a commercial host and have, for example, cpanel, you might be able to see where it's come from by looking in the log. You can block specific IPs.
Just typing 'wordpress security' in google will bring up a ton of stuff.
For you and anybody else, if we start a new thread it could help people.