In the second of our posts on using Google Search Console, we look at how you can tell Google that your site is no longer compromised if a “This site may be hacked” message is displaying above your website in search results.

This site may be hacked Google message

This can happen if your site has been the victim of hackers, spam or phishing scams.

We have heard numerous times from our customer that their sites have a message in Google search results expressing that they have been hacked.

The actual message that will appear in the Google results will be “This site may be hacked”. This message scares searchers away from visiting your site, in apprehension of getting some kind of infection or be diverted to spam or malware.

For some entrepreneurs, website admins, blog proprietors, and any individual who possesses a site, having your site hacked is a standout among the most troublesome issues to experience.

At the point when your WordPress website is hacked, it implies that somebody has accessed your site. This permits the hacker to perform any activity on your site. They can include spam content, divert guests to different destinations, introduce infections on guest’s computer, and gather sensitive data from your website.

On the off chance that the issue is not tended to, your site traffic will be influenced greatly and lead visitors away.

This is the approach to address the issue you are confronting. Here is the way you can begin on recuperating a site that has “This site may be hacked” message in Google.

Sign up to get updates via Google Search Console

If Google add “This site may be hacked” to your search listings, they will notify you via your Google Search Console. Even if your site is currently fine, it’s a good idea to sign up for email notifications on Google Search Console, so you’ll get an email if your site is ever marked as hacked. If your site is compromised, you’ll also get a notification as soon as Google re-reviews your site and confirms that it’s clean.

To turn on email notifications, go to Search Console Preferences (access via the gear icon in the top right hand corner).

Resolve any security issues

Before you can ask Google to remove the “This site may be hacked” message from search results, you will need to take action to resolve any security problems on your website. There are a number of resources that can help you do this, including the Stop Badware website and Google’s 7 step process to recover a hacked site.

Request a Review

Once you are confident the security issues have been resolved, you can let Google know and ask them to re-review your site.

To do this, navigate to the message within the Security Issues area of Google Search Console, where Google will have provided information on the areas they believe are affected.

Select “Request a review” and provide details of how you resolved the security issues.

Once a review is requested, Google will review your site to confirm the compromised content is no longer available. This can take up to several weeks, depending on the type of security issue you experienced. As soon as Google confirms that your site is clean, you will receive a notification via Google Search Console and the “This site may be hacked” message will be removed from search results within 72 hours.

If your site fails the review, the infected URLs will be displayed in the Security Issues section of Google Search Console and the message will remain on your search listings. In this situation, you’ll need to repeat the process of cleaning your site and resolving any issues that remain, before you can re-submit your site to Google.

Clean Up the Mess

This step is critical and must be completed first before you go any further. We can not ask Google to take a look at your site and verify it is not infected when there still may be malware or malicious code on your WordPress site. This post will not explain the detail of this step but you can follow the steps outlined in the link below for an easy clean out of the majority of infections that exist. We also can do the cleaning for you with our WordPress Infection Malware Virus Removal.

Quick Steps to WordPress Infection Cleanup:

Verify Ownership of Site

You have to enlist and confirm your site in Google’s Search Console first. You can verify ownership of your site through meta label, HTML document or Google Analytics code.

When you’ve confirmed your site, you can check the security issues you are having. There is an area inside of the Search Console that will show you any security issues your site is having. Google will list actual URLs that are malicious and causing the “This site may be hacked” message.

Take action and make sure you examine any of those URLs for content that you have not added or approved for display on your site.

Request a Site Review from Google

If you are certain that all security issues on your site have been cleaned out or removed, it is time to been Google into the mix for a site review. This will prompt Google to double check that your site is in fact clean and there is no content that will trigger the “This site may be hacked” message is search results.

This site review process can take up to 72 hours to complete and once completed you will be notified at the email address on your Google Search Console account.

Hopefully if you did step #1 properly, Google Search Console will give your site a clean bill of health and remove the “This site may be hacked” message from all search results.


Jonathan Terreo

Jonathan is a Software/Web Developer that loves blogging in the free time. He loves to upload quality content to his websites. He is a WordPress/SEO expert due to his experience.