WPL Security

13 Signs That Your IDX Website Has Been Hacked

Modern real estate agents depend on their IDX website to convert leads, communicate with clients, process transactions, and market services. If this website is hacked, it can cause lasting damage to a business and brand.

Of course the best action against hacking is prevention. At minimum, you should use strong passwords, up-to-date software, and HTTPS. But if a hack does occur, you want to catch it early and act quickly.

To help you recognize nefarious activity, we put together a list of 13 signs that your IDX website has been hacked. If you experience any of these, you should investigate immediately. Document what you are witnessing, and check your site status with Google Safe Browsing. If it’s clear your IDX website has been hacked, you should consult your hosting provider for a list of steps to take.

1. Defaced Homepage

This is the most obvious sign that your IDX website has been hacked because it will tell you. Many hackers attempt to work quietly so you don’t notice your site has been compromised. But others will announce the hack with a banner on your homepage. This is especially true for ransomware and other hacks that disable a site until payment is received.

WPL Security

2. Impaired Functions

Many hackers seek to modify your site’s functions a way that benefits them. In most cases, this involves injecting code to manipulate your site’s normal processes. In one way or another, this foreign code will interfere with your IDX website. If you notice features on your site suddenly are not working or a series of strange errors in your log, your site may be infected.


RETS Integration3. Unable to Log in

Hackers may lock you out of your IDX website by deleting your admin account. This may be the case on your site if you are not able to log in and a password reset does not work. You should create a new account via FTP and immediately investigate how the hacker was able to access your site.

WPL Security

4. Incorrect Search Results

You may notice that a Google search produces results with the wrong title or meta description. This may be the case even if your IDX website is operating normally without out any signs of hacking on the front-end. A famous example of this is the Japanese Keyword Hack.

WPL Security

5. New Pop-Ups

Many hackers make money by hijacking your site to show their own web ads. If you find strange pop-ups on your IDX website or receive complaints about them, this may be the case.

WPL Security

6. Redirection

Rather than displaying pop-ups, some hackers will redirect your site entirely. This will be very obvious to you if you are sent to a strange site when you try to access your site from your browser.

7. Browser Warning

If your IDX website is hacked, you and your clients may receive warnings from your browser. This famous “Red Screen of Death” attempts to alert you before you access a site with malware.

WPL Security

8. Slow Loading

Slow loading may be the result of a large number of new (foreign) processes operating on your site. It also can be the sign of a denial of service attack, in which hackers attempt to break your site by flooding it with requests.

9. Drop in Traffic

In the economy of the Internet, page views are a type of currency. So rather than steal money, hackers may find it easier to steal page views. This may be occurring on your IDX website if you notice a sudden, unexplainable drop in traffic.

10. Unusual Server Activity

Server logs provide a record of all activity on your IDX website, including logins, processes run, changes made, and errors. If someone maliciously accesses your website it will show up here.

11. New Scheduled Tasks

In most cases, hackers want to access your account, install some new script, automate it so it runs on its own, and move on to new targets. If you see new scheduled tasks or cron jobs on your IDX website, you should investigate a possible hack.

12. Suspicious Accounts

If you notice an account on your IDX website that you don’t remember creating, look into it. This is especially true if the suspicious account has administrative privileges.

13. Suspended Hosting Account

Hosting providers are sensitive to hacked sites. They want to protect their business by preventing any malicious code from duplicating itself elsewhere on their servers.  If you receive notice from your hosting provider about a suspended account, you have likely failed to recognize that your IDX website was hacked.

WPL SecurityFor more IDX website tips, check out 9 Real Estate SEO Tips to Generate More Leads From Your IDX Website Today and 13 Steps to Build An IDX Real Estate Website With WordPress

Rate our blogs


The opinions or information expressed in this article are those of the author and do not necessarily reflect the official views, policy, or position of Realtyna. The information on Realtyna’s Website is general, for informational purposes only, and is not to be relied upon or interpreted as real estate, legal, accounting, or other professional advice or a substitute. Please discuss anything related to the certification process, professional advice or legal procedures with your MLS providers.

Stay Up To Date

Get the Knowledge you need Delivered Straight to your inbox

1 Comment
  • Grace
    Posted at 12:07h, 12 November

    Cyber crime is increasing and continuous to accelerate causing more damages to the companies. Cyber security is definitely something to consider and especially using wordpress security plugins. You also need to be careful clicking on suspicious links or avoid giving information about the website credentials to avoid such incidence.