Recovering Website SEO After a Hack
The WordPress Security Learning Center
Recovering Website SEO After a Hack

1.7: Recovering Website SEO After a Hack

Basics
Updated June 15, 2018

If your site has been hacked and you have successfully cleaned your site and closed the security hole the attacker used to gain access, you’ll need to recover any damage done to your SEO ranking and reputation. The goal with this lesson is to give you an understanding of how to recover your SEO ranking and reputation after a hack and to provide a list of action items to ensure that you fully recover.

First let’s do a quick review in bullet form of how you recovered from a hack:

  1. You confirmed that you have in fact been hacked.
  2. You backed up your site before taking any action.
  3. You took your site offline while performing the cleanup.
  4. Ideally you also determined how the attacker gained access and closed the security hole. If your site had many out of date themes, plugins or other software, then simply updating to the newest versions of everything will likely close the security hole.
  5. You removed all signs of infection.
  6. You brought your site back online.

Now that you’re back online you will need to start with assessing how much damage was done to your SEO.

Doing the SEO Damage Assessment

Check Google SafeBrowsing

First, check if your site is listed on the Google safe browsing list by visiting the following URL:

http://www.google.com/safebrowsing/diagnostic?site=http://example.com/

Replace ‘example.com’ with your site website hostname.

Google puts compromised websites into two categories:

  • Attack sites: Sites that host software that will infect visitor computers.
  • Compromised sites: Sites that have been hacked and host spam or other content that an attacker has installed.

In either case you will be told on the safebrowsing page above if your site falls into either category.

Check Google Search Console

Next check Google Search Console. When you sign into Search Console, first check “Messages” on the left side. If your site is infected a message may appear here.

Next click the “Security Issues” link on the left side. This will let you know if Google’s crawlers have detected malware on your site.

Now check your email

Google will frequently email an address it finds on your site or in your site’s whois record letting you know that your site has been infected. It will try to email any addresses that look like support or administrative email addresses, like ‘admin@’, ‘webmaster@’ and ‘support@’ yoursite dot com.

Check how your site is appearing in search results

Go to Google and do a search for the following:

site:example.com

replace example.com with your own domain name. The above search will return all pages that Google has indexed for your site. If your site has been infected Google will often flag your search results with a message saying either:

  • “This site may harm your computer” or
  • “This site may be compromised”

Either of these messages in the SERPs (search engine result pages) is a clear sign that Google considers your site infected.

The Impact of Malware and Being Hacked on SEO

Google has a responsibility to protect their customers. For this reason your site will be penalized in the search results once it has been hacked. The impact of a compromise on SEO is twofold:

  1. Your site will experience a huge drop in search engine ranking.
  2. Search engine users will be warned that your site has been compromised in the search results.
  3. Even if they click on the search results, they will likely receive a browser warning, which originates from the Google Safe Browsing database, that your website has been compromised.

The effect on traffic is immediate. Three gates have been thrown up by Google preventing or dissuading visitors from getting to your site. Your SEO traffic will plummet.

How to Recover Your SEO Ranking and Reputation After a Hack

The good news is that your SEO traffic and reputation can recover within 24 hours if you act quickly and correctly. In the interest of getting your site back in the SERPs quickly, lets do this bullet form:

  1. Make absolutely sure that your site no longer hosts malware, spam or any content the attacker may have installed. If it still contains anything malicious you will waste time having to redo this process.
  2. If you have not already added your site to Google Search Console, do that immediately. Google Search Console is an essential part of understanding what URLs on your site are infected and what the status of your site is. It’s also how you’ll submit a request to Google to remove your site’s blacklisting. You can learn how to add your site to Google Search Console on this Google page.
  3. To get your site back into the Google search index, you need to “request a malware or unwanted software review“. The link to the left goes to Google’s page explaining how this works. The process is very simple. You need to go to the “Security Issues” report in Google Search Console for your site and click Request a review.

Malware reviews by Google tend to be faster than reviews related to SEO ranking. If your site no longer contains malware, your site may regain its ranking within 24 hours.

Note that this article was updated on June 15th, 2018 and contains current information on how to recover your SEO after a hack. There are several articles describing this process that are out of date, including on stopbadware.org which is a non-profit collaboration sponsored by Google. The information on that site was written before Google unified the process of requesting a review into their Search Console interface. You can now find all issues related to SEO or malware infection in the Search Console and whether you’re submitting what used to be called a “request for reconsideration” or a malware removal request, it all happens in Search Console.

Lastly, Don’t Feel Too Bad

Now that you’ve submitted your site for a review by Google, you simply have to wait. Getting a site hacked can happen to anyone, so don’t feel too bad. Several famous websites have been defaced by hackers including The Sun and The Sunday Times newspapers in the UK.

Forbes.com was hacked and used to attack readers who visited the site using malware. The attack on Forbes readers lasted four days.

Even the Angry Birds website belonging to game maker Rovio was hacked and defaced thanks to rumors that they were sharing data with the NSA.

The important thing to do if your site is compromised is to recover quickly, understand how the hack occurred and ensure that it doesn’t happen again.

Did you enjoy this post? Share it!

The WordPress Security Learning Center

From WordPress security fundamentals to expert developer resources, this learning center is meant for every skill level. Get serious about WordPress Security, start right here.