Help! “This site may be hacked” How to Fix and Remove the Mesage

If you received This site may be hacked from within Chrome, or a Google search or even an email from Google - then unfortunately your website has a vulnerability and has been compromised by a Cyber criminal. You need to resolve the issue of having you website hacked ASAP, as it can take a while for this message to be removed from Google.  However if the message is "This site may harm your computer" then refer to this article.

Malicious Software Infecting Computers and How to Fix This Site may be Hacked

Here’s How To Remove “This Site may be Hacked”

  1. Restore a backup not infected
  2. Don’t have an uninfected backup – you will need to manually identify the modified files and this also extends to the database.
  3. Determine if vulnerability still exists with something like https://sitecheck.sucuri.net/
  4. From within Google Search Console Tool submit a Request a Review

So what Does “This site may be hacked” really mean?

The main reason cyber criminals hack website is for financial gain. This normally falls into couple of areas:

  • Hijack the website regarding shopping carts
  • Change the text on a website or adding links on your website to theirs – you may or may not be able to see the content via your browser
  • Redirecting your website traffic to their website
  • Stealing user information from your website of their desktop – Phishing content

So until Google has confirmed you website is no longer hacked they will continue to show in the Google Search results the message of “This site may be hacked”.

Assessing the Extent of your Hacked Website

Log into Google Webmaster Tools and from within the Security Issues area review the example hacked URLs. Google does not provide all of the hacked pages – they just provide a number of examples of pages which have been compromised.

There will be information on there either code injection or content injection into you website. This will give you a better idea on how to attack the problem.

There is a standard plan we use for such activities. So with the knowledge of if it was code injection and or content injection into your website you need to identify all of the pages on your website and map out which pages have been hacked and as you resolve the hacked pages you need to capture this. The more methodical you are on this, the better the result. This can be an extremely slow process as you review your website.

While assessing the damage of you website you need to do the following:

  • Obtain a full list of all the pages on your website from Google
  • Review cached pages in Google
  • Utilise the Google Fetch tool in Webmaster Tools to review pages
  • Also look at using Wget and cURL to fetch pages from your website as well.

If your website has Malware installed by visiting the website page you computer may get infected. So ensure you have up to date anti-virus software.

How to Fix a Hacked Website

You may be able restore the website to a valid a backup before the website was hacked. Which can be one of the faster ways to overcome the issue.

If you don’t have a valid backup, you will need to look at the file system to understand which files that had been changed like the .htaccess or other system files. This also extends to the database as the hacker may have injected information into your database. You are able to review your database via phpMyAdmin within the Control Panel of your web hosting.

Once you have created up your website you still need to understand where and what caused the vulnerability. This could be as simple as you didn’t keep up to date with the latest versions of the software installed on your website. Or one of your plugins or extensions may have some malicious code built into it.

This can be a slow and tedious process in updating all the software and then determining if the vulnerability still exists – as this is how the hacker originally entered your website. You need to plug this security vulnerability. There are software tools which can help identify if you have any vulnerabilities like performing a scan with https://sitecheck.sucuri.net/

Removing the “This site may be hacked” message from Google

Once you have identified and removed the malware or modified content and also fixed the vulnerability then you need to request a review from Google. If Google identifies any futher malware on your site it extends the whole process.

From within Google Search Console Tools from within the Security Issues you will need to submit a Request a Review process. This can take anywhere from 1 to 2 weeks depending on your website with the review process.

Google message about

This can be a rather involved processes to undertake, if it seems a little overwhelming then please get in contact with us and I’m sure we will be able to help you.