How to Check if Your Website Was Hacked

If you suspect your website was hacked, you need a clear way to confirm it. Many hacks are subtle. The site might still load, but hidden scripts, spam pages, or redirects can be damaging your reputation in the background.

This guide walks you through practical checks you can run without being a security expert.

1) Look for visible changes

Check your homepage and key pages for unexpected text, images, or links. If anything looks unfamiliar, take a screenshot and note the time.

2) Search for spam pages

Use Google with a site search like:

site:yourdomain.com spam keyword

If you see pages you did not create, it could be a hack.

3) Check for unexpected redirects

Try loading your site on mobile, desktop, and incognito mode. If any version redirects to a strange site, you may have a redirect hack.

4) Check your server or CMS logs

If you have access, look for unusual logins, unknown admin accounts, or sudden spikes in traffic. These are common signs of compromise.

5) Run a security scan

Use a trusted website scanner to check for malware or injected scripts. Many hosts also offer basic scans.

6) Inspect for unexpected scripts

In your page source, look for scripts you did not add. Hackers often insert malicious code or tracking scripts.

7) Check Google Search Console warnings

If you use Search Console, check for security warnings or manual actions. Google often flags hacked sites quickly.

What to do if you confirm a hack

1. Take screenshots and document changes.
2. Reset passwords and remove unknown users.
3. Restore from a clean backup.
4. Contact your host or security provider.