How did my website get hacked even though Cloudflare SSL is alive?

All of a sudden when I woke up today I saw in the search console that “1 issue detected” appeared, after that, I checked the website file and saw that every single core file of wordpress has been edited?
Should Cloudflare SSL be considered secure?

This website:

I’m not sure whether you misunderstand the purpose of SSL certificate.

It does two things under the hood:

  1. Verifies the identity of the website - ensures that the users will connect to the correct server while visiting your website.
  2. Encrypts the connection between users and the server - ensures that no one can intercept the communication between them.

If your website got hacked and files got manipulated, they fall under different attack vectors. SSL is not going to protect you against this attack. You should check whether your WordPress setup is secure and without vulnerabilities. Most of the time, a WordPress site gets hacked by someone is because an outdated WordPress plugin is installed which may introduce a “hole” to get into your server and manipulate anything inside the server. There are tons of articles on the Internet on how to secure your WordPress setup, so be sure to check it out.


It would appear there’s brute force attacks happening. My sites and a few of my clients are getting hammered with log in attempts. Change password regularly and use a log in attempt limiter.

1 Like

Once you’ve clean-up your WordPress installation and/or server, you should consider Wordfence. I use their Premium along with Cloudflare, but they also have a free one available too though.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.