If your website is hacked you will likely either discover it in Google search, or if you have Google Search Console, you will get an email notification there. Or, maybe you will just bump into it in Search Console. In Google search console, webmasters are warned about hacked websites in 3 places: in Messages, under Search Traffic | Manual Actions, and under Security Issues.

Here is what a hacked site looks like in Google Search Results.

Here is what a hacked site looks like in Google Search Results.

Hacked WordPress Websites go wild in 2016

In October 2016 I have seen an outbreak in hacked WordPress websites. Common entry points for hackers include revslider and gravity forms, as well as a plethora of outdated plugins such as social sharing doodads. Chances are you are much better off taking these things off of your website. There are better contact forms, nobody gives a crap about your slider, and if you are in business to make money people rarely want to share your content all over Twitter. A good plugin to stop many attacks is Wordfence. Usually, when attackers get in the add pages to your site that you do not know about; this is formally called URL injection.

Here is a screenshot of the “Manual Actions” are in Google Search Console:

A manual action placed on a hacked wordpress website.

A manual action placed on a hacked wordpress website.

And here is a screenshot of the “Security Issues” section of Google Search Console which says the site has been hacked with spam:

Hacked with spam security warnings in Google Search Console.

Hacked with spam security warnings in Google Search Console.

Repairing hacked sites

The fix of a site depends on the attack. On the last site that I fixed it was so badly damaged I just scrapped it and started fresh. I pulled the old content off of the wayback machine and put a new site up using my favorite WordPress theme, U-Design. A theme can be an entry point as well and it is important to have a reliable theme that is updated when critical updates are released. If you aren’t sure how to repair your hacked site feel free to email me. I won’t sell you anything you don’t need and if the fix is complicated I will be happy to refer you to someone who has time to fix it.

Fixing it with Google and other search engines

In Google you will go to Search Console and request a review. In my experience, this does not take a long time, maybe a few days, so don’t worry about the message that says it will take weeks. Once your site is secure and all the bad content is deleted, submit it for a review.

Submitting a site for review in Google Search Console.

Submitting a site for review in Google Search Console.

Will my hacked site hurt SEO?

No, not if it is fixed quickly. I have seen sites recover in the rankings by themselves in a few short weeks. However, sometimes attackers accidentally break a site, and if you don’t notice it, search engines will just see your site as missing and get “404 errors” or “500 errors”.

If you were hacked or have gone through this please let us know about it below.

Len

Leave a Reply