How to Remove Google’s “This Site May Be Hacked” Warning

Sep 25, 2019

How to Remove Google’s “This Site May Be Hacked” Warning

Sep 25, 2019

Having your website compromised is one of the biggest challenges you’ll ever face as a website owner. But don’t worry. The good news is that your website is recoverable. And in this article, we’ll help you take the steps required to remove Google’s “This Site May Be Hacked” warning.



If you have malware and are looking to just clean the infection and fix the site, you can install our WordPress Malware Removal Plugin (MalCare). It’ll instantly clean your site. But to get remove the “this site may be hacked” warning, you’ll need to come back and read the rest of the article.


1. Why is Google Saying That This Site May be Hacked?

Google, being the world’s biggest search engine platform takes measures to offer a safe browsing experience to its users. It crawls hundreds of thousands of websites on a daily basis many of which, turns out are infected with malware. When hackers find their way into your website, it’s safe to assume they will exploit it. They can use your site to sell illegal drugs or redirect your traffic to their site. In this way, your hacked site may harm visitors.

To protect Google search engine users from becoming victims of such malicious activities, Google may mark your website as hacked, and you will have to remove Google blacklist warning (see the image below).

this site may be hacked

Google marked this site as hacked

If you find this message beneath your website’s name on Google search result, then it’s very likely that your website is hacked. In the next section, we’ll show you how you can remove the Google warning this site may be hacked.

2. How to Remove Google’s “This Site May Be Hacked” Warning

There are two steps you need to take to fix your website and those are:

    • Remove malware from your website
    • Request a review by Google

We’ll discuss both the steps in detail in the next sections. Note that if Google has marked your website as hacked, there is a good chance that other search engines have marked your site as hacked too. The next steps that you take will enable you to remove the hacked message from every search engine.

Removing Malware

There are two primary approaches to removing malware from your website. You can use a security plugin to get the job done quickly and easily, or you can do it yourself but it requires technical knowledge.

Going forward, we’ll show you how to remove malware using a security plugin. But in case you are curious how manual clean up works, take a look at this step by step guide on  how to fix hacked WordPress website.

How to Select a Security Plugin?

Before removing malware, the WordPress malware removal plugin first needs to determine what types of malware are present on your website and where. Not every security plugin you come across is capable of doing that.

Most of the plugins run a surface-level scan and what that means is they look into files and folders where malware is generally found. Since they avoid searching elsewhere, naturally a whole lot of malware goes undetected (take for instance, WP-VCD malware).

Another reason you have to be careful while selecting a security plugin is that many don’t look for new malware. This means that they have a list of known malware and they try to look for just those. And in the process, they end up ignoring new types of malware that are much more harmful to your website. But MalCare Security Service is not plagued by such shortfalls.

    • MalCare will perform a website malware scan on a daily basis. The plugin keeps a track of all changes and upon finding any mysterious modification, it thoroughly investigates. That’s how it finds malware in places where other plugins don’t normally search.
    • Not just that, the plugin goes beyond looking for known malware and probes into the pattern and behavior of codes to detect new malware.

Removing Malware With MalCare

To clean your website with MalCare, all you need to do is activate the security plugin and add your website to the MalCare dashboard. It’ll start scanning your entire website automatically. Once the scanning process is complete you can proceed to clean your website by selecting the Auto-Clean button.

It’ll take a few minutes for MalCare to clean your website and once done, we’ll proceed to the next step.

Submit Website For Review

The warning “This site may be hacked” won’t be removed until you tell Google to review your website. To inform Google, register or login into Google’s Search Console. Then from your search console account navigate to the Security Issues section and select Request a Review. You may have to wait for a few hours to up to a few days for Google to remove the warning.

security issues detected

Select Request Review

Google said “this site may be hacked” but I got my site up and running in no time with the help of this step by step guide. You can too. 👍 Click To Tweet

3. How to Prevent Being Suspended in the Future?

While you may have fixed the issue at hand, there’s no guarantee that you won’t be hacked again. As a WordPress site administrator, you can do a lot to improve the security posture of your site. You can avoid this situation by taking preventive measures. This will ensure that your website remains protected from hackers, bots and the rest.

Keep You Website Up-to-date

Earlier we spoke of how skipping updates is a major reason behind why websites get hacked. We’d suggest setting aside some time every week to update your website. To learn more about updates, take a look at this comprehensive post on WordPress updates.

Use Stronger Credentials

The WordPress login page is the most vulnerable page of your website. Hackers target that page and try to guess your usernames and passwords. Having a strong password and a unique username makes all the difference. And being an admin of the website, it’s your responsibility that all users of your website are using strong credentials. It also helps preventing brute force attacks. That is why you need to have a strong password policy in place.

Install a Security Plugin

Having a security plugin is the best way to ensure that your website is protected 24×7. The security plugin will run a daily scan on your website and clean it if it’s infected with malware. Most security plugins offer firewalls that’ll help thwart attacks launched on your site. Security plugin like MalCare offers advanced measures that help harden your website against hack attempts.

With that, you have come to the end of how to fix “This Site May Be Hacked” warning.

It’s worth mentioning that hacked websites can face other issues like web host suspension and Google blacklisting. We strongly suggest that you find out if your website is facing these issues and proceed to fix them.


Final Thoughts

Removing the “this site may be hacked warning” involves three major courses of action:

  1. Cleaning your hacked website
  2. Taking preventive measures
  3. And then request a review from Google

Removal of malware ensures that your website is no longer a threat to Google users. To save your site from future hack attempts, the best practice that security experts recommend is to install a security plugin.

 Level up your Site Security – Try MalCare Today!

Clean the malware from site to remove Google's blacklist warning
Share via
Copy link