Hack detection
Know the moment your site
is compromised
GhostlyX scans your site every hour for defacement, phishing redirects, and other signs of compromise. The moment something suspicious appears, you get an email. When the issue clears, you get another one.
Get started freeacme-corp.com
Hack detection
Sites
Last scan
Scans run
Issues found
Resolved
Active issues
No issues detected
GhostlyX ran its last scan and found nothing suspicious.
Recent scans
Simulated preview with sample data. Get started free to monitor your real sites.
Hourly
Scan frequency
7
Issue types detected
Instant
Alert on first detection
Automatic
Recovery notifications
Automated website compromise detection, built into your analytics
Most site owners find out their site has been hacked from a customer complaint or a Google Safe Browsing warning. By that point the damage is done. GhostlyX hack detection runs an hourly check on your site's homepage and alerts you the moment it spots something wrong, so you can act before your visitors or search rankings are affected.
Each scan fetches the live page, inspects the HTML, follows any redirects, and checks the HTTP response status. The results are compared against the previous clean state. If the scan finds a new issue, an alert email is sent straight away with a description of exactly what was detected.
You will not receive repeated alerts for the same ongoing issue. GhostlyX sends one alert when an issue is first detected and one recovery email when the scan comes back clean.
Defacement keyword detection
Scans the page body for known defacement phrases such as "hacked by" and "owned by" that indicate a successful intrusion.
Phishing redirect detection
Identifies JavaScript window.location redirects and meta refresh tags pointing to external domains that do not match your site.
Unexpected domain redirect
Detects HTTP redirects that land on a completely different domain, a common sign of DNS hijacking or server compromise.
HTTP error detection
Flags HTTP 429, 500, 502, 503, and 504 responses so you know when your site is throwing server errors to real visitors.
WordPress critical error
Detects the WordPress "There has been a critical error on this website" message that appears after a plugin or update failure.
WordPress maintenance mode
Alerts you if your site is stuck in WordPress maintenance mode after an interrupted update.
Missing tracking script
Detects if your GhostlyX script tag has been removed from the page, which can indicate a template or deployment issue.
Alert and recovery emails with full context
When a scan detects an issue, GhostlyX sends an alert email to the site owner. The email lists every active issue, describes what was detected, and links directly to your site dashboard.
When a subsequent scan confirms the issue is gone, a recovery email is sent automatically. You do not need to log in to clear the alert. Everything is handled for you.
One alert per incident
You are notified once when an issue is first detected, not once per hour for the same problem.
Issue description in the email
The alert includes the exact text or redirect URL that triggered the detection, so you know what to look for.
Automatic recovery notifications
When the issue resolves, GhostlyX sends a recovery confirmation without any action needed from you.
Direct dashboard link
Every alert email links directly to your site dashboard so you can act in one click.
Available on
Scale plan
from $69 / month
- Hourly scans on all your sites
- 7 issue types detected per scan
- Instant alert emails on detection
- Automatic recovery notifications
- Per-issue detail in every email
- Enable or disable per site
Frequently asked questions
What is website hack detection?
Website hack detection is an automated monitoring process that regularly fetches your site's homepage and scans the HTML for signs of compromise. GhostlyX checks for defacement keywords, phishing redirects, unexpected domain redirects, HTTP errors, WordPress critical errors, and missing tracking scripts. If any issue is found, an alert email is sent immediately.
How often does GhostlyX scan my site for hacks?
GhostlyX runs hack detection scans every hour on all sites where the feature is enabled. Each scan fetches the live homepage, analyses the HTML, and compares the results against the previous scan. You are only alerted once per incident, not once per scan.
What types of attacks does hack detection find?
GhostlyX hack detection identifies seven issue types: defacement keywords in the page body, phishing redirects via JavaScript or meta refresh tags, unexpected domain redirects, HTTP error status codes (429, 500, 502, 503, 504), WordPress critical errors, WordPress maintenance mode, and missing GhostlyX tracking scripts.
Will I get an alert for every scan that finds an issue?
No. GhostlyX sends one alert when an issue is first detected and one recovery email when it is resolved. You will not receive repeated notifications for the same ongoing issue.
Does hack detection replace a web application firewall?
No. Hack detection is a monitoring tool, not a firewall. It identifies visible signs of compromise after they occur and notifies you so you can act quickly. It does not block attacks in progress. For active protection, combine it with a WAF such as Cloudflare.
Which plan includes hack detection?
Hack detection is available on the Scale plan. You can enable or disable it per site in your site settings.
What happens when a hack is detected?
When GhostlyX detects an issue, it creates an incident record and sends an alert email to the site owner. The email describes the issue type, what was detected, and a direct link to your site dashboard. When the issue is no longer detected in a subsequent scan, a recovery email is sent automatically.
Stop finding out about hacks from your customers
GhostlyX watches your sites around the clock and alerts you the moment something looks wrong.