We all work really hard to get our websites onto Google’s top search rankings. But sometimes, things go wrong and a website gets hacked. And if that wasn’t annoying enough, Google will, on occasion, label the hacked site with a “malware warning” on its search results. The search rankings of the website will disappear and even changing its server log-in information and upgrading security won’t fix it.
What can you do when you see the dreaded “This site may harm your computer” label or “Phishing attack ahead” warning for your site?
Being able to see the messages above means one good thing – the hacked website is still within the Google index and hasn’t been completely removed.
This is what Google does when it thinks a site has been infected by malware or hacked:
- Put a hacked flag on the suspected site in their ranking database
- Remove the site from ranking competitively by suppressing it in keyword searches
- Attempt to contact the site owner
- Send out a malware warning through the website’s (verified) Google Webmaster Tools account
- Report the site to com, where the site will be included in their Badware Site ClearingHouse list
However, most clients are finding that Google doesn’t perform all these tasks all the time, and site owners often don’t realize they’ve been attacked until they have already been labeled with a malware warning or their site has gone missing from the Google index.
What can we do in this situation?
First of all, find out if your site has been hacked by using a free malware scanner or doing sample searches with:
site:yoursite.com with keywords like “sex”, “porn”, “Viagra”, etc.
If Google turns up with any of the above pages, it is very likely your website has been hacked.
So you’ve verified your website has been hacked. How can you recover your website?
There are some very specific steps for this, and Google provides some resources on what to do.
Here are our tips:
- Change the FTP and login information for the website.
- Log onto Google Webmaster Tools and check for a malware warning from Google. Follow the prompts under “Security Issues” if available.
- Use the Google Fetch and Render tool to visually check your website’s pages for malware code.
- Review the entire site for malware codes and files and remove them.
- If you’re using WordPress or Joomla or another CMS, review the plugins and server permissions to look for injected code or malicious commands. Upgrade to the newest version of WordPress.
- Watch the Google “Best Practices against Hacking” video.
- Read through the Google “Webmaster help for hacked sites” page.
- There’s also a Google Webmaster Central Help forum for you to get help.
- And when it comes down to it, professional assistance might be necessary. Check out org for resources.
After these 9 steps and verifying that your site is malware free, it’s time for a Google Review. Depending on the type of hack on your site, the procedure can vary.
For phishing warnings:
Submit an incorrect phishing warning report. This starts a manual review by a Google engineer to decide where the phishing page has been cleared. Most reviews take a day to process and you will see the warning page disappear if it is successful.
For sites that had a problem with malware or spam and received the “This site may have been compromised” message:
Use the Google Webmaster Tools account. Log in and choose the affected verified site, click on “Security Issues” and then “Request a Review”. These requests can take up to three weeks to be reviewed. Google will let you know it has received your request.
Have you ever been hacked? It happens to even the most careful site owners so we’d love to hear your tips and tricks in the comments section below!