Website May Be Hacked
Higher-risk issue — be cautious and consider professional help sooner.
Strange pages, pop-ups, warnings, or behavior suggest someone may have tampered with your site. Stay calm and avoid risky changes.
Common signs of this issue
- Pages you didn't create appear, or content has changed on its own.
- Visitors are redirected to spam, ads, gambling, or adult sites.
- Google or your browser shows a "deceptive site" or malware warning.
- Unexpected new admin users, or you're locked out.
- Your host emails you about malware or suspicious activity.
Safe checks you can do yourself
None of these require sharing passwords with anyone.
- Do these checks without logging in from a shared or untrusted device.
- Search Google for
site:yourdomain.comand look for pages or text you never published. - Check Google Search Console (if you use it) for security notices — this is a read-only check.
- Note exactly what you're seeing and where (which pages, what the redirect goes to). Screenshots help a professional act faster.
- Confirm whether you have a known-good backup from before the problem started.
What this usually means
Signs like these may indicate a compromise — but they can also come from a bad plugin, an expired service, or a misconfiguration. No one can be certain a site is hacked just from the outside.
If it is a compromise, the priority is to contain it safely and clean it properly, not to delete files at random, which can destroy evidence and break recovery.
What not to do
- Don't log in or enter passwords from a device you don't trust.
- Don't delete files or the database in a panic — you may lose the ability to recover or investigate.
- Don't pay any "ransom" pop-up or unknown party demanding money.
- Don't share your passwords until you've verified who you're working with.
When to get help
A suspected hack is one of the clearest times to get professional help. Proper cleanup, finding how they got in, and preventing reinfection is detailed work — and a self-help guide is not a substitute for real incident response. If your site handles customer data or payments, treat it as urgent.
Not sure what to do next?
Answer a few short questions and we'll point you to the safest next step — DIY, a freelancer, or a direct review. No passwords required.
Is this a business website? If this issue may be costing you leads, sales, or trust, you may want a direct review instead of trial and error.
Frequently asked questions
Can you tell for sure if my site is hacked?
Not from the outside alone. The signs above are reasons to investigate carefully — a proper review of the files and logs is what confirms it.
Should I just delete everything and start over?
No — not as a first step. You may lose recoverable content and the evidence needed to stop it happening again. Get help to clean it properly.