Fix This Site May Be Hacked Message from Google
There are several ways to address the issue you are facing. Here is how you can get started on recovering your hacked website.
1. Verify Site and Remove Users
You need to register and verify your website in Google’s Search Console first. You can verify your ownership through meta tag, HTML file, or through your domain name provider, and Google Analytics code.
When you’ve verified your site, you can check the security issues you are having. Search Console will also show details on the pages and URLs that might be hacked.
Then, head over to Manage site and look at the users and owners listed for your website. Make note of the email addresses of any unauthorized users and delete them from your users and owners list. Remember to remove any meta tag or HTML files that were used to identify those myseterious users.
2. Contact Your Host
It’s important to find specialists that can help you recover your website. Your website host know your website, hosting environment, and configuration the best. They also store the files for your website and allow them to become accessible over the Internet.
First, try looking for FAQ sections and discussions that are related to the issue you are having. You can see if there are readily available answers that can help you quickly resolve your website. If not, reach out to them via email or phone to chat with them directly and let them know about the issue you are having. They will be able to support you in recovering your website.
3. Seek Help From Discussions
The Internet is an endless resource of information and tools. There are many experts online that can help recover your hacked website.
Try searching online in forums that are related to your issue. Google Webmaster Central discussion forum contains a subforum on hacked websites that allow you to connect with top contributors in the community.
Chances are, there are many resolved issues and methods that you can try to fix your site. You can also post your issue in the forum and have them answered in the community as well.
4. Request a Review from Google
If your website provider has removed the hack on your website, you can complete the review for phishing here.
In addition, you can request a review in the Security issues section in Search console. The process will take some time and once completed, you will receive a message in your Search Console. However, make sure your website is clean and secure, or else the message will remain.
If you’re still experiencing issues with malware on your site, check out Google‘s page for more technical solutions!
Now that your website is free from hackers, it’s important to ensure that you’re preventing the issue from re-occurring. Here are a few tips on keeping your website safe.
5. Godaddy :
If you are hosted with Godaddy just give them a call and they can help you spot the code but they cannot take it out for you. Ours was installed in the index.php area of our website. You can also check for this code by visiting /appearance/editor/index.php in your wordpress dashboard (You won’t be able to delete it out of there though, you will need to login to your file manager at Goddady – See Below). Here’s what the malicious code looks like:
You see how there is no <script> codes before the <head> (opening of the head section of your code).
(Godaddy Continued) Godaddy can’t help me or the technician doesn’t know what I’m talking about? How Do I remove the Code Myself?
Here’s how to find the file your self. Go to “My Account” – Select Hosting – Click “File Manager” – Make sure your in the “Web Root Section” and you will see all of your core files. Heres what they look like:
Click on the file that says “index.php” *Remember earlier we said (no code above the<?php in the index.php) This index.php has malicious code in it above the <?php of the code and therefore it is malicous. (Same goes for the header.php – see below)
Remove the code and make sure that <?php is at the very top on line 1 of your code and click save. Jump back to your site and try to see if it’s still redirecting. If it hasn’t stopped, the code may be somewhere else. Also, some of these malware codes stop redirecting after a user clicks 1 time so get other people to click on your site from a google search before you decide that it’s fixed. You may be jumping the gun.
Check the Header.php
A normal Header.php looks like this: (No code goes above <?php, so if you have code above there, its probably malicious as well.)
Heres what a normal wp-config file for wordpress looks like:
The generic names above will be replaced with the actual URL of your site. If you notice that your URL looks funny or is a completely different URL alltogether then this is where your malware is coming in.
Run a Malware Scanner Like Securi Scan
We tried running this plugin and it did show that we had malicious code but not where it was. It seemed like they just wanted us to sign up for their protection first. I wouldn’t suggest using this method unless you absolutely have to. The one benefit about this plugin is that it will log when users log in and make changes so that anytime you see changes from somewhere else you will know that you have been hacked.
6.Keeping Malware Out for Good
Now that you got the malware or malicious code removed from your site it’s time to keep it out. Here are steps to make sure your malware never comes back:
- Change all your passwords to your wordpress and godaddy
- Update all WordPress Plugins and get rid of any that you aren’t using (Do this for subdomains as well)
- Update all WordPress Themes (Even ones not being used)
- Install a security plugin like “I Themes Security Plugin for WordPress” (Easy – It has a checklist of things you should do to make sure your site is protected)