Google ‘Site may be hacked’ Message
Not a good sign
Freakier than a spider in the bath, the Google ‘This site may be hacked’ alert added to your listing in the SERPs is guaranteed to keep visitors away in droves. And often, noticing this label is the first inkling you have that something may be wrong.
Why is it there?
You will see the warning when Google believes that a hacker may have changed some of the existing pages on your site or added new spam pages. Google knows that the site owner that receives the hack message is usually completely in the dark about the infection and the alert is there to give you a heads up as much as to protect searchers.
Google’s Advice to Webowners:
The “This site may be hacked” notification won’t be removed until the webmaster of the site takes action.
Try these steps to fix your website:
- Register and verify your site in Google’s Search Console.
- Sign in to Search Console and check the “Security Issues” section to see details of sample URLs that might be hacked.
- Fix the security issue that allowed your website to be infected. Otherwise, your site is likely to be reinfected.
- Read Google’s resources for hacked sites for detailed information on how to fix your website.
- Request a review in the Security Issues section in Search Console when your entire website is clean and secure. After Google checks that your site is fixed, they’ll remove the “This site may be hacked” message.
Google’s Resources for Hacked Sites
The page you are directed to is helpful. It tells you that if you have received this warning it is likely that your site has been hacked. The warning will stay in place until you do something about it. They provide the following short video.
How was my website hacked?
Out of date or insecure software is an open door to hackers. If you run a WordPress site you will constantly see update alerts for plugins and themes. This is why. While plugin updates might improve functionality, they are also pushed out to counteract an insecurity.
But hackers don’t always need to break in by brute force. Sometimes you have unwittingly given them the keys. Keystroke loggers, hidden in free software that you have downloaded on to your own computer can report back your login credentials (as well as bank details and personal identity data).
Of course, if you use the same password and username across accounts, the massive data breaches reported by Target, Yahoo, LinkedIn and the like should be enough to make your hair stand on end. Stolen IDs are big business. As a site owner you put your own visitors at risk by not taking the basic security step of using a unique and strong user/password combination.
Why was my site hacked?
There are two sides to that question. To the first, why your site in particular, you might as well ask, why was I pickpocketed? It’s nothing personal. You have something the hackers want and they identified a way to take it from you.
Chances are, unless yours is a high profile site, that your site fell foul of an automated script that scours the web looking for vulnerabilities.
On the other hand, you might rephrase the question: What do the hackers get out of hacking my site? To that there is more than one answer.
Black Hat SEO
In the salon hacks above, spam links and redirects have been inserted into the site code. The spam links increase the overall quantity of links pointing to the hackers’ target sites while the redirect falsely increases web traffic. The site owners are generally none the wiser that their sites have been infected until they see that dreaded ‘This site may be hacked’ message in the SERPS.
It takes less than half a second to unknowingly download malware from a hijacked site. According to ComputerSecurity.org:
Data theft is big business. And if the largest of sites like Yahoo, LinkedIn and Target can be hacked and user data stolen despite all the money they throw at their security, how much easier is it be to harvest the user data from small business websites? If you maintain a mailing list or subscriber database, how many of your users do you think are particularly careful with their passwords. Probably not very many, right?
In addition to scraping user data, hackers can swap out your login or payment pages and have your users just hand over their access and credit card details.
With these few examples, you can see why Google take site hacks so seriously. Although you might not consider site security to be an SEO issue, you will feel the pain in your web traffic if your site gets handed a hack alert. But more to the point, if you can make your site safer for your visitors, why wouldn’t you?
Has my site been hacked?
Try the following Google searches:
Hopefully you will not get a result like the one to the right. I have obscured the domain name of the site above and informed the site owner that his site has been hacked. If you see results like this, then your site is in trouble.
What do I do now?
Google’s resource page for hacked sites is very good and gives you a step by step action plan:
- Build a team: Contact your web host and build a support team
- Quarantine your site
- Use Search Console to identify hacking type
- Assess the damage (spam)
- Assess the damage (malware)
- Identify the vulnerability
- Clean and maintain your site
- Request a review
It happened to me!
If your site collected the dreaded ‘site hack’ alert in the SERPS, please share your experience below. How long do you think your site was infected before you discovered the problem? What did you do about it? Was your traffic affected and how long did it take to recover?