Google puts up a notice that says, “This site may be hacked” if they suspect that your website has a lot of spam content on it.
So, if your customers are complaining that your site is hacked and if you see this notice in the Google Search Results…
…then you’ll need to fix this issue immediately.
“This site may be hacked” is far too vague for you to take immediate action. Fortunately, we see this very often with many of our customers. And in this article, we’re going to walk you through removing the notice step-by-step.
Don’t worry, we will get you through this.
The Google warning for “This site may be hacked” is issued mainly because some hacker has planted malware on your website that is spreading spam. You’ll need to scan and remove the malware from your website and then appeal the notice with Google Search Console.
What does “This Site May Be Hacked” mean?
The “This Site May Be Hacked” means Google has blacklisted your website. Google has deemed your website as “malicious” by its Safe Browsing’s security standards. So, what does “this site may be hacked” mean? It’s one of 8 malicious website warnings issued by Google to protect its users.
In simple terms, Google thinks your website is hacked and some hacker is injecting content full of spam. Visiting your website forcibly downloads viruses, trojans, potentially unwanted programs (PUPs) to their PCs.
Over the course of this article, we’ll cover exactly how to remove the “site may be hacked” notice for good. We’ve also included some FAQs that may be helpful.
How to confirm “This Site May Be Hacked” for your WordPress website is showing
You might not always see “This site may be hacked” in your own search results. In fact, many business owners get to know about this issue only when their customers email them about it.
So, the first thing to do is to confirm if your website really has a website hacked warning on its links. This is a relatively easy task and we’ll show you 5 methods to do it:
- Visit your website from another computer
- Use incognito mode to visit your website
- Check your email for a security notification from Google Search Console
- Check Google Safe Browsing for a blacklist
- Check Google Search Console for security notifications
If you get the evidence that you’re looking for using the first two methods, then that’s more than enough to confirm your website’s status. In that case, we recommend that you head over to Google’s Search Console and skip to our section on how to remove a hacked website warning.
Just in case the first two ideas weren’t definitive, here’s a walkthrough of the remaining methods. These are slightly more nuanced, so follow along step by step.
Check Google Safe Browsing for a “This Site May Be Hacked” Warning
Google Safe Browsing is a good place to check for a website warning.
To clarify: If Google decides that your website is hacked, you’ll receive an email from Google Search Console that details the problem. We recommend that you use Google Search Console to fix the problem.
Using Google Safe Browsing is just a small hack that you can use to save time on confirming if your site has been blacklisted.
Again, to clarify: Safe Browsing only lets you know if your website has been flagged. It’s not a tool for removing malware or even understanding the nature of the problem. If you’ve already received an email from Search Console, it’s always better to head directly to Search Console.
Check Google Search Console for security notifications
This process only works if you have Google Search Console set up properly. Also, you’ll need Google Search Console to remove the “this site may be hacked” notice. So, if you skipped this last part, you really should get to it.
If you’ve never done this before, follow the instructions on this video to verify your website before you go forward with the rest of this article:
IMPORTANT: Verification is an important step. If you have unauthorized users on your Search Console, you’ll need to add yourself as a legitimate user through verification and remove any unauthorized users.
Once that’s done, head over to the Security tab on the Search Console:
Go to the list of infected pages to see the ‘Detected Issues’:
Once you’re sure that Google has indeed issued a warning, you’ll need to take a few steps to remove the hacked site warning from your website.
How to remove “This Site May Be Hacked” warning
If you followed along with the article so far, you should know for sure if your website has been flagged as a hacked site by Google.
You’ve also verified your Google Search Console and reached the ‘Security’ tab.
Now we’ll remove the notice from your website in 4 simple steps:
- Step 1: Assess the extent of the hack
- Step 2: Remove the malware
- Step 3: Appeal the Google Blacklist
- Step 4: Prevent future attacks
This may sound challenging, but this article has step-by-step instructions. So, just follow along.
A simpler alternative is to use a comprehensive WordPress security plugin to find and remove the malware from your website.
Step 1: Assess the extent of the hack
Head back to the Google Search Console’s Security tab.
Now, click on the infected pages section and click on the ‘Learn More’ link in the ‘Detected Issues’ section. We’re going to analyze where the infection really is:
- On a page? (Eg.: blog.example.com/pages/page1.php)
- In a group of pages? (Eg.: blog.example.com/pages/)
- In a post? (Eg.: blog.example.com/post1/)
- In the entire blog? (Eg.: blog.example.com/)
- In the whole domain or subdomain? (Eg.: example.com)
In the instance above, you’ll see that the infected subdirectory is ‘Photos’. Knowing where the malware has spread will help you remove it much more effectively.
A simple way to filter down to when the malware was implanted, is to check the date when Google stumbled onto spam on your website right next to the URLs flagged by the ‘Detected Issues’ section of the ‘Security’ tab.
This method can help you check if you installed any themes or plugins around the time indicated, and thus find the vulnerability. Plugging vulnerabilities is an important part of keeping your website safe.
Of course, there is always malware that lies dormant for a while. In those instances, this trick doesn’t work. We highly recommend that you install MalCare to scan your website for malware instead.
Also, a more principled move than checking a timestamp is to ‘Test Live URL’ after URL inspection for the blacklisted pages to analyze the malicious code:
However, this is not really an easy task. A smarter alternative is to use a WordPress malware scanner to pinpoint the exact nature, location, and intent of the malware.
Step 2: Remove the malware
Malware removal is the pivotal step in this process. If you can’t remove the malware infection on your website, you can’t appeal to Google to remove the “this site may be hacked” warning.
It’s also the most difficult to execute and there are two basic ways to remove malware:
- Remove malware using a WordPress security plugin
- Removal malware manually (NOT RECOMMENDED)
We highly recommend that you avoid trying to manually remove malware from your website. It’s very easy to wreck your website completely, and therefore risky. Here’s why a plugin is the best option:
- Google Safe Browsing can classify your website content as spam. However, it can’t help you remove the malware from your site or even understand the infection.
- Even if you have skill to find malware, it takes a really long time to do it yourself. Unless you have dedicated processes and bandwidth to handle cybersecurity threats, it’s a bad idea.
Use a security plugin
MalCare is the best-in-class WordPress security plugin. It offers a complete suite of security tools that automatically scans, cleans, and protects your WordPress website from hackers and malware attacks.
That’s not all; you also get:
- One-click instant malware removal in 3 minutes or less
- Automatic malware detection
- Daily malware scans
- Powerful protective features
Signup for MalCare and clean your WordPress hacked website today.
Remove malware manually (NOT RECOMMENDED)
You’ve already heard this multiple times, but we’ll say it again. Trying to remove malware manually is always a bad idea and can have many unintended consequences.
That said, you can do it using 4 steps:
- Scanning files on the server for malicious code;
- Scanning the database tables for malicious commands;
- Finding backdoors and ghost admin accounts;
- And finally, removing the malicious without breaking the website.
But before you begin, take a full backup of your website. If you end up wrecking your website, this backup will help you get back on track.
Every hacked website shows signs of compromised security. These can be specific keywords, functions, and string patterns that are commonly associated with malware.
The task is to find these malicious code snippets and remove them without damaging the website’s essential code.
A full tutorial on removing malware from a website is beyond the scope of this article. You can check out this article on how to remove malware from a WordPress hacked site.
If you feel that this is too difficult or too technical, just go ahead and install MalCare. It’ll take you less than a minute to clean your website of even unknown malware.
Step 3: Appeal the notice
Now that your site is clean, you’ll have to request Google Search Console to reindex your site and remove the “this site may be hacked” warning.
This is a simple process, so just follow along with these instructions:
Step A: Go to the ‘Security Issues’ tab on Google Search Console.
Step B: Select “I have fixed these issues”.
Step C: Click on “Request a Review”.
Step D: Describe all the actions you took in the input field. The more descriptive and clear you are, the better it is for your application. Then click on ‘Submit Request’:
Step E: Finally, click the Manual Actions section.
Step F: Repeat the first four steps to resolve all your security issues on Google.
NOTE: The warning won’t be removed immediately. Google takes up to 3 days to review the website and remove the “This site may be hacked” notice. But this is the best process you can follow. In 72 hours, you should be able to get back to business as usual.
Step 4: Prevent future attacks
A big part of website security is not getting hacked in the first place. Protecting your website from an attack is always better than scrambling to recover from one.
So, while Google processes your request to be reindexed in the search results without a hacked site warning, why don’t you just go ahead and prevent future attacks?
We’ll show you exactly how to do it.
The simplest path is to install MalCare. There’s no simpler way to amp up your defenses. With MalCare, you can:
- Run automatic daily site scans for malware.
- Activate a WordPress firewall to help you filter out malicious traffic.
- Remove malware from your website with one click without any risk to your website.
- Implement WordPress hardening measures that work in a few quick clicks.
As a bonus, you get highly convenient login protection and traffic monitoring as well. Use MalCare today to never get slapped with the “this site may be hacked” warning from Google again.
What it means for your visitors if your website is hacked
Just for a moment, let’s look at it from your visitors’ points of view. Here’s what your customers and website visitors are risking by visiting your hacked website:
- They may download ransomware that holds their data hostage for money;
- Their PCs may crash or their files may get deleted;
- Any financial or personal data that you collect from your customers can get leaked;
And all this is assuming if people still visit your website after seeing the hacked website notice. For most businesses, this notice can scare off even loyal customers for good. And for good reason.
It is super important to scan your website regularly for malware. It is the responsible thing to do, and it is a covenant of trust that you build with your visitors.
Why does Google say this site may be hacked?
Google flags sites that have a lot of spam content as “this site may be hacked”. It is highly likely that your site has malware in it that’s injecting spam into your web content. You’ll need to find and remove the malware on your site and then appeal to Google to remove the hacked site notice.
How to remove “this site may be hacked” notice?
You can remove “this site may be hacked” notice from Google by finding and removing the malware on your site. Once that’s done, you’ll need to notify Google Search Console that you’ve resolved all security issues.
How long does Google take to remove the tag “this site may be hacked”?
The exact time taken to remove the tag “this site may be hacked” by Google can vary. After you remove the malware from your site and notify Google Search Console that your site is now clean, Google takes 1-3 days to remove the notice.
Can you be hacked by visiting a website?
In certain cases, yes. There is a type of malware known as drive-by downloads. If you visit a website infected with a drive-by download malware, your PC will automatically download malware as well. However, the Google warning says only that the site in question is hacked and not that you have been hacked.
What are signs that a website has been hacked?
For extreme cases, you’ll see the Red Screen of Death if you try to visit the site. But there are a bunch of small indicators of being hacked. We recommend that you read our article on how a WordPress hacked site behaves.
A hacked website can bring forth a lot of misery. Most websites that are flagged by Google also have their Google Ad accounts suspended. In most cases, your web host suspends your hosting account as well.
Take a quick look at both and check if everything is still running. If you handle the crisis fast enough, neither of these actions are taken against you.
Whether it’s website protection or cleanup, we recommend that you install MalCare. Your entire site security can be managed from a single dashboard and most of it will be on autopilot.
And that’s all, folks!
We have a tireless support team that can guide you through any difficulty. So, if you’re stuck somewhere and unable to remove the “this site may be hacked” notice, just get in touch with us and we’ll sort things out for you.