How to Remove Hacked Site Manual Action – New Google Update
On 5th of Oct Google made changes in the algorithm that targets hacked sites which impacted 5% of queries. If you are one of the webmaster that suffers from hacked site penalty then go ahead this is for you.
“This site may harm your computer”, “The Website Contains Malware”, “Report Attack Page”.
Unfortunately, your site has been hacked by Cybercriminals if you see the messages like the one above. I hope you never see this, but if so, the right action need to be taken ASAP for its recovery.
According to a survey, 30,000 websites are hacked everyday, which shows that cyber crimes are highly increasing and continuously affecting the sites. The hackers may hack your website for the following reasons.
• To steal your credential information
• To record your keystrockes activities
• To redirect your website traffic to another website
The hackers can affect your site in many ways like adding spammy text or by installing a malicious software (malware). To recover your hacked site, there are mainly two options
• Either do it yourself
• Or take help from experts
If you want to do it yourself, it is important that you are technically expert. The process for hacked site recovery includes the following steps.
1. Build a Support Team
If you are technically very expert and can do it at your own, you may skip this step and go to step 2.
If not, then build a support team, contact to your hoster to find the recovery options. You can also take help from Google webmaster help forum to get responses from top contributors or can ask for help from your friends or family who are experts in this field.
2. Quarantine Your Site
• To prevent users to access your site, firstly you need to temporarily put it offline. By doing so, the malicious content or software will not affect the visitors computer and you can smoothly perform all the tasks.
• Remember, use of 4xx or 5xx HTTP status code would not fully protect the users because the malicious content can still affect the visitor’s computer. Also, disallowing from robot.txt will not offer any value because it only blocks the crawlers, visitors can still see your website content.
• View all the user’s account and check for any suspicious account created by hackers. If so, delete them to avert any future login by hackers. Change the passwords of all user accounts.
3. Touch Base with Search Console
It mainly includes two steps, first verify your website ownership in GWT and second understand the type of hack whether it is malware or spam.
If you have already verified your site, then its great. If not, then follow the below steps.
• Firstly, go to Google webmaster and login to your Google account. In the dashboard, select Add a site, type the URL and continue.
• A verification page will appear on WMT. You will see multiple ways to verify ownership, here I am not going to discuss each. To learn about all the methods, you can visit this page.
• Remember that your site need to be online for verification process. You can again make it offline once the process is completed.
After verifying the ownership, it’s time to find the nature of the attack. In this step you will determine in which ways your site has been hacked by
– Spammy content
– Malicious software or
– Phishing attack
To know about the nature of the attack, go to the “Security Issues” and follow the below steps.
• If the site has been affected by malware, you will see “Malware” at the top level heading and its types such as “Error template injection” or “Modified server configuration”.
• If the site has been hacked with spammy content, you will see “hacked” in the top level heading.
• You will see a “Phishing Notification” in the message center, if the hacker has created a phishing page on your site.
4. Assess the damage (Spam)
If the site has been hacked by spam content or phishing attack, then continue with this step.
The purpose of hackers to hack the websites may include the stealing of login and other credential information of your users.
Hackers generally try to take benefit from well reputed sites. For example, to get more traffic, he may add any spammy text (advertisements, hidden text, spammy links etc) to redirect your visitors to his site.
Before you proceed to the recovery process, you need to know how much the site has been damaged. The information provided on security issues will help you to investigate about the hacked URLs.
To see the damage caused by hacking, follow the below steps
• Firstly, perform a google search for the cached version of the URL. To view the cached version, type
Let’s say that you want to investigate the URL www.example.com/index.html. Now, to find the cached version of this URL, type
If Google has the cached version of the page, it will show the hacker’s undesirable content.
• After investigating the hacked URL. Lets come to the next action. Perform a site search by typing
It will return the list of pages of your website. To check the cyber criminals evidences, check all the cached versions of URL’s
5. Assess the Damage (Malware)
To investigate the page affected by malware, follow the below steps
• First, don’t open the page in your browser, it’s just like inviting a trouble.
• View the source code of the page on the file system
• Check the source code through Wget or curl
• Now go to the malware section of WMT, here you will see two buttons at the top.
Download table and request a review.
The pages in the table will show you the samples of infected URL’s of your site. Clicking on the URL will take you the details of the infected page with specific action item.
6. Identify the vulnerability
It’s the time to know how the hacker may have attacked to your site. It can have a following reason
• Weak or re-used password, which is relatively easy for cybercriminals to steal. It allows to directly access your server. To prevent your site from this, make use of strong passwords (including letters, digits and special symbols) which are comparatively difficult to crack.
• Software installed on your server, the OS, content management system or plugins are out of date.
• Permissive coding practices such as open redirects and SQL injections.
7. Clean and maintain your site
If you have an up to date backup, then go ahead and restore it and make sure to correct all the vulnerabilities. For those, who have no backup of their site will need a completely fresh install of database, plugins, OS and all other applications.
8. Request a review
Before requesting a review, make sure that you have cleaned up the site from the hackers vandalism.
If your site was infected by malware or spam then.
• First log in to WMT
• Select verified site and go to security issues
• Select request a review.
– If the site was hacked by Phishing than request a review at https://www.google.com/safebrowsing/report_error/
Once the site is found clean, the malware warning will be removed from search engines and browsers. If the review get failed, means your site still contains infected URL. In this case, review all the steps in the hacked site removal or contact to a specialist for help.
After the review process, if you don’t see any warning regarding to malware and phishing, then congratulations, you have successfully removed the hacks from your site.