Quick Steps to Take When Google Lists Your Site as Hacked

Ryan Gould
by Ryan Gould 16 Jan, 2023
Webmasters whose websites have come under attack may notice the message "This site may be hacked" accompanying their organic listings in Google's search results.

The message is part of Google's #NoHacked campaign, which was first announced back in 2014. 

( Image source)

Google launched the #NoHacked campaign in response to the upsurge of hacked sites in 2014 when it was reported that 180 percent more websites had been hacked than in any other year prior. Google came up with the "hacked" message as a way to warn its users not to click on affected sites, which could expose them to spam, phishing, virus and malware attacks. 

While this message may be handy for searchers who want to avoid the risk of digital infection, the webmaster is left with a site that may be defaced or altogether unusable providing a user experience that is frightening for visitors. 

The good news is that Google returns a different sort of tag for websites that may have been infected with viruses or malware: "This site may harm your computer." 
( Image source)

So, the "hacked" message can provide solace that the site may only require a minimal amount of cleansing to return to full operation. 

How to Remove the "Hacked" Message

Google first recommends that webmasters contact their host provider to assist with the hack. The host can then determine if the hack has affected other sites under their control and may provide solutions. If the host provider cannot help, and the hack is apparent, such as "Hacked by [Hacker's Name]" replacing the homepage headline, Google recommends searching for similar instances in its search engine. For example, searching for "Hacked by [Hacker's Name] fix" could yield the cure webmasters seek.

The bad news is that many hacks are undetectable by webmaster and visitors alike; making the "hacked" message in Google extra frustrating for site owners. If the host cannot help and searching Google yields nothing, Google recommends that website owners register their sites with Google Search Console (GSC) to determine if a hack has indeed occurred. 

To verify a website within Google Search Console, an HTML file or meta tag will need to be placed on the website. Or, webmasters can verify ownership through their domain name provider, Google Analytics or several other methods. 

Once the website has been registered, and if a hack has occurred, Google will show a list of pages and URLs that may have been affected within Search Console.

Website owners should also check that their GSC account has not been hacked. When logged into GSC users will be able to see all users that have access and can purge the unknowns manually if any appear. If emails accompany the names, webmasters will want to delete the addresses from their users list. Also, the site owner should permanently delete from the hacked site any verification token that was used to give the hacker access to the GSC account.

If the real site owner is purged from the system, or a new owner is added that no one on the team recognizes, the website has most probably been hacked, according to Google. 

Steps to Cleanse a Website

First things first, webmasters should change the passwords to the dashboards of their websites so that they are secure and not easily guessed. Updating all website software and plugins, and ensuring the host is a reputable one are also critical steps to take. Finally, switching to https:// and enlisting the help of security organizations and/or software can usually rid most sites of any offending code, malware, or virus.

Google provides further resources for webmasters affected by Spam and Malware, which should fix most issues. 

After a Website Has Been Cleansed

When malware, HTML and other harmful or defacing elements have been removed from the website, webmasters are then encouraged to ask Google for a follow-up Security review within Search Console. 

Google will usually return a message that indicates that it could take time for the site to be reviewed, but webmasters will know when the review process has ended when a message appears in their Search Console dashboard.

If the website is still hacked, Google will keep the message in the search results, and the entire cleansing and review process will need to be enacted again. 

If the site has been effectively cleansed, the message will be removed and the site can be operated and maintained as normal.

About the Author
Ryan Gould is the Vice President of Strategy and Marketing Services at Elevation Marketing, a B2B marketing agency. Ryan helps medium and large brands improve sales and market share by developing integrated marketing experiences distinguished by research, storytelling, engagement and conversion.