1 of 9

Decoding Behavior: Users, Bots, and Attack Signatures for Stronger Security

2 of 9

Signs Your Site is Hacked

  1. Site becomes extremely slow or unusable.
  2. Links redirect visitors to spam/malware sites.
  3. Google search results show spammy "gibberish".
  4. Unknown posts and pages suddenly appear.
  5. You get a massive, sudden flood of spam comments.
  6. New, unknown admin accounts are in your user list.
  7. Database audit reveals "invisible" posts or users.
  8. Search Console reports huge spikes in spam pages.

3 of 9

The Nuclear Option

  1. Delete everything except 3 things
  2. the child theme
  3. the wp-config.php
  4. the uploads folder

  • make sure nothing in uploads folder is executable

4 of 9

../access.log

5 of 9

Understanding Access Logs

  1. Who: The client's IP address (e.g., 192.168.1.1).
  2. When: The timestamp (e.g., [07/Nov/2025:06:15:00 +0300]).
  3. What: The request line itself (e.g., "GET /index.html HTTP/1.1").
  4. How it went: The HTTP status code (e.g., 200 for success, 404 for not found).
  5. How much: The size of the response sent in bytes (e.g., 12345).
  6. Where from: The "Referer" (the page they clicked a link on to get here).
  7. How: The "User-Agent" (the browser or bot making the request).

Elements of access.log

6 of 9

../access.log

7 of 9

../access.log

8 of 9

../access.log

9 of 9

Questions?

Let's discuss your security challenges