How to keep your website safe from hackers is top priority.     I have been a webmaster for over 20 years (used MS Frontpage) and this is the first time I experienced a hacked website.  I was not concerned about how to keep my website safe.   Most noteworthy,  WordPress is vulnerable to hacers through password guessing- the username and password access box is online and not hidden from view.  Another vulnerability of WordPress is possible structural weaknesses in plugins and themes-updates must be done as soon as they are available.

Clues That My Website Was Hacked

  1. Google search emails the comment that the language has been changed to Janpanese-country Japan.  There was another email in addition to my email address under the administration section of Google Search.
  2. The user management screen shows another email address in addition to my email address as a user.  In order to delete the hackers email address, I had to delete his Google verification.  The verification code was in the index php header of my hacked website.   It takes some time to find the verification but I found the code and gladly deleted it.
  3.  The cpanel contains nine sitemaps that were not mine.    The hacker submits 147,000 links using my site domain name and submitted the links to Google.  I delete the hacked website from Google Search that and stops the link submission.  (Luckily I check email every day.)  The WordPress dashboard contains twelve posts and no Japanese links in my cpanel for the wordpress folder.  At this time, there are still 1,000- 404 error Japanese pages attached to my site.  
  4. Check the links on Site:my website.com  that shows that many links were in Japanese.  The Japanese links direct to a shopping cart.  The English links directs to my website.   The server of my websites had backups of past sites.  Thankfully, the support team immediately uploaded an unhacked copy of my site.  Now when anyone clicks on a Japanese link there is a 404-pages not found.  
  5.  Clicks spiked on the day the website was hacked.

Reasons why I did not keep my website safe from hackers

  • I was lulled into competency because no website of mine was ever hacked.  I created easy passwords (so I could remember easily) on the Google Search, website passwords, email, and cpanel.  Good chance that the hackers guessed my easy passwords.  As a result of this hack, I have only computer generated passwords because they are much more difficult for hackers to guess.
  •  A WordPress plugin could have been weak.  From this point forward I will check how often the plugin was last updated.  Sometimes a WordPress plugin can cause the website to be unassessable to the webmaster by freezing the screen.  I did not have a test site to test the plugins.   If a plugin causes problems with the site then the problem could be an access to a hacker.  Check the website dashboard for plugin updates often.  
  • No website security program to keep my website safe from hackers.  Now there is the Wordfence plugin to help protect the site.  The WordPress plugin Loginizer Security is good for limiting login attempts and locking the access to the website.   Siteguarding.com:  How to protect websites from hackers.
  •  No knowledge of how often the server backed-up the site or how long they kept the backups.  Positively know that your server backups your site.  How often do they backup and how long do they keep the backup?  The server I use  immediately placed a clean backup of my site online.  That saved much work and frustration because my site was clean the same day it was hacked.    The wordpress backup plugin caused great frustration-after activating the plugin, there appeared a white screen with the word “upload” but there was not way to exit the screen.  The server had to help me to re-gain access to my dashboard.  Now, I only use my server for backups.