If Google ever suspects that your website has been hacked they will begin to warn potential visitors in the search results. Needless to say, if Google search results label your website as hacked — it is very bad for business.
When Google thinks your website has been hacked you need to do 3 things:
- Determine if the site really was hacked and if so clean it up!
- Tell Google that the site is clean and that the message can be removed.
- Ensure that the site is secure going forward.
How to approach the problem
We recently received the following email. (NOTE: email has been edited to protect client privacy)
“I received a call from a customer wishing to register for our event and she was concerned because the google search indicated that; “the site might be hacked” — Sure enough when I googled my business a “This site may be hacked” message comes up right below our website in the Google search results. Help!”
Has your WordPress website has been flagged by Google? Walk through the steps we used to resolve the situation for this client.If Google search displays - This site may be hacked - visitors won't click! Here's the fixClick To Tweet
1. Connect by FTP
We always begin by obtaining hosting FTP access to the site. We never add any plugins or update any website without first ensuring that we can connect by FTP. Once we’re sure that we can connect, we are ready to move on to step two.
2. Add the site to Google’s Search Console:
Recently Google rebranded Webmaster Tools as Google Search Console. Search Console is a free service. It is how you can submit a sitemap to notify Google to crawl your website content.
To verify the site you need to upload a verification file by FTP to the host server. Once the site is verified your site you will receive notices directly from Google about any website issues.
Notices such as this one: Hacking suspected:
Unfortunately, it appears that your site has been hacked. A hacker may have modified existing pages or added spam content to your site. You may not be able to easily see these problems if the hacker has configured your server to only show the spam content to certain visitors. To protect visitors to your site, Google’s search results may label your site’s pages as hacked. We may also show an older, clean version of your site.
In Search Console check the Security Issues to see details of sample URLs that may be hacked. In this case, all the URLs listed related directly to a single plugin.
3. Login to WordPress
When we logged in we found 16 WordPress updates had to be done. We checked, and fortunately, there were regular backups. We knew that we could restore the site should something go wrong so we proceeded to update all the plugins, themes and WordPress core files.
We could tell from the Google Search Console that the issue seemed to be coming from a specific URL which was connected to a specific plugin. We then checked the suspect plugin and found that the client wasn’t even using it. This was an old plugin that they had abandoned but never removed from their site. We deactivated and deleted the plugin.
WordPress Tip: The Yoast SEO Plugin now includes the Search Console. You can keep tabs of Google error notifications in WordPress. While we were at it, we set this up for the client.
We ran a malware scan and no problems were detected.
4. Let Google know that all is well
Now back to Google Search Console
- Use the Fetch as Google tool to confirm the hacked content has been removed.
- Request a review – Once Google confirms that your site is fixed, they will remove the hacked label. Unfortunately, this won’t happen instantly.
5. Make sure the website is secure and this doesn’t happen again
The Problem: Failing to keep WordPress up-to-date was the problem here. The client hesitates to update WordPress herself, she is afraid that updating WordPress might break her website.
The Solution: We offered the client a WordPress maintenance package. We will take care to make sure that her site is up to date and scanned on a regular basis.
If this has happened to you, we can help. Get in touch.