Recently, a client called us asking for assistance in getting Google to remove the “This site may be hacked” notice that Google had placed beneath the search results for its website. Although not commonly known, Google actually does this thousands of times a day to websites around the world that it detects have been compromised — infected with malware, suddenly originating spam, sensitive information has been extracted from it, etc.
If this unfortunately happens to your site and you’d prefer to try and resolve on your own, here are recommended steps to take:
1. Clean up the site
Start by accessing Google Search Console (formerly called Webmaster Tools) and go to the area that notifies you of any security issues the site is having. Google will list the URLs on the site that are malicious and causing the “This site may be hacked” message. Pages where the meta description tags have had content added or hidden div tags now include links to many sites are examples of what Google will report on. Also check .php files to see if any content has been added, as well as any changes made to the .htaccess file.
2. Check both your www and non-www sites
Verify the non-www version of your site, as this is where hackers often try to hide content in folders that may be overlooked. While it may seem like http://abc123.com and http://www.abc123.com are the same site, Google actually treats these as different sites.
3. File a reconsideration request with Google
Google will respond to notify you that the site is free from hacked content (nasty warning goes away) or why it still detects a problem and advice on what to look for.
4. Secure your site against future attacks
Keep the CMS such as WordPress or Joomla up to date with the most current version. Make sure all the plugins are up to date as well and obtained from a reputable source. Also make sure a difficult password is used to access the administrative section of the CMS, or even consider using two-factor authentication for administrative access.