Skip to main content
Hack detection requires the Business plan or above.

How it works

When you enable hack detection, GhostlyX scans your site and records all third-party scripts and external resources present at that point. This becomes your baseline (the known-good state of your site). GhostlyX then monitors your site on a regular schedule. If anything new appears that was not in the baseline, an alert is sent.

Threats detected

Hack detection is designed to catch:
  • Cryptocurrency mining scripts
  • Ad injection scripts
  • Malicious redirects
  • Data exfiltration scripts (card skimmers, credential harvesters)
  • Any other third-party script that was not present when you set up the baseline

Enabling hack detection

  1. Go to Settings for your site.
  2. Toggle Hack detection on.
  3. GhostlyX immediately crawls your site to create the initial baseline.
  4. Save settings.

Updating the baseline

When you intentionally add a new third-party script (for example, a new chat widget or analytics tool), GhostlyX will alert you on the next scan because it is not in the baseline. After confirming the script is legitimate:
  1. Go to Settings.
  2. Click Re-baseline under Hack detection.
  3. GhostlyX re-crawls and updates the baseline to include the new script.
Only re-baseline after you have verified that any new scripts on your site are intentional and legitimate. Re-baselining after an actual compromise would mark malicious scripts as safe.

Notification channels

Hack detection alerts are sent through the same notification channels as uptime alerts. Configure them in Settings > Notifications.