Have you received a notification from Google’s Search Console that hacked content was detected on your WordPress website? First thing’s first: remain calm. This can be a frustrating and frightening situation to find yourself in, and it can have a huge effect on the performance of your website on search engines. For most instances of hacking, however, you can solve the issue with just two plugins and 10 minutes of your time.
Has Hacked Content Been Found on Your WordPress Site?
If you have signed up for Google’s Webmaster Tools, you may have received a notification that hacked content has been found on your WordPress site. While this can be frightening in and of itself, it also creates severe repercussions in terms of your online visibility. Your page(s) will not show up as high on the Search Engine Results Page (SERP) as they normally would, and your website will also have a “this site may be hacked” notification noted prominently on the result. What can you do?
The Initial Notification of Hacked Content
If hacked content has been identified on your site, and you are signed up for Google’s Webmaster Tools, you’ll receive a notification e-mail from the Google Search Console Team. It will alert you to the domain where hacked content has been found, and some examples (though not exhaustive) of the URLs in question.
Google offers a five-step guide to clearing this information:
- Check Security Issues
- Check the rest of your site
- Test for hidden hacked content
- Fix your site
- Submit a reconsideration request
Google will also include some links to resources to help you, but they are vague, and like the instructions above, the solution may be out of order or frustrating to get implemented. So what’s the “quick fix” for hacked content? Two popular WordPress plugins will solve this issue for the vast majority of users.
Wordfence: WordPress Security Plugin
The first step is to install the Wordfence security plugin. The free version is sufficient for our needs, though you can review the additional pro options for additional peace of mind.
The installation is quick and easy, and getting your first scan started is intuitive: just follow the wizard as it guides you through the scan. If you are familiar with antivirus or anti-malware software tools, you’ll feel right at home.
When the scan is finished, you’ll see a list of issues that have been detected. You can mass-delete them with a single click, though be careful not to delete any files that you know for certain are not corrupted. For example, one misidentified hack was for our URL shortener post, because we included a link to shorte.st, which is blacklisted by Wordfence. Delete all offending files, and run a second scan for good measure.
WordPress File Manager
It’s possible that Wordfence has solved your issue in one step, but it also may not have identified all problems or is otherwise unable to remedy them. In this case, the next plugin you need to install is File Manager. This is a handy tool to have in general, not just for when you get hacked. File Manager lets you easily access and modify files and folders in your WordPress installation. In this case, we’re focused on the deletion capabilities. Offending URLs will often take one of two formats:
Where the x’s are randomly generated alphanumeric sequences, and the text at the end can vary depending on the hacker’s intentions. The purpose of these hacks is to create links to other sites, generating fake or misleading traffic. Those “marketing agencies” that offer you tons of cheap backlinks and traffic? This is one of their tactics.
If Wordfence didn’t identify all hacked URLs, or was unable to delete them, you can use File Manager to clean these out.
If you are running WordPress as an Administrator, you will be able to access all files and folders on your WordPress site. It is important to be careful here, as a wrong deletion can cripple your site. Review the folders in root, as well as /uploads/ to see if there are folders matching the alphanumeric sequences reported in the hacked content links. Delete the offending folders, but DO NOT delete the /uploads/ folder as a whole.
Submitting a Reconsideration Request to Google
Clear your cache with an optimization tool like Autoptimize for good measure, and your site is clean and ready to go. But before we go about submitting a reconsideration request, let’s do some housekeeping.
First: Change your passwords. The hackers got in somehow, and their easiest avenue of attack is by simply using your password.
Second: Make sure the offending folders and URLs really are gone by using the “fetch as Google” tool, where the URL is your verified property:
If the offending files are no longer found, then we’ve done our jobs! We’re ready to submit a reconsideration request to Google via the Manual Actions tab in Search Console, again where the URL is your verified property:
Be patient, as this can take some time. But if everything has been done as requested, your site will have its status as having hacked content removed.
Preventing Your WordPress Site From Getting Hacked Again
Now that our WordPress installation is clean, let’s ensure this never happens again! Google is great at notifying us when an issue occurs, but it’s best not to have this headache start in the first place. The two plugins we installed can be used in a maintenance function as well. If you’ve changed your passwords and user rights, you can simply run regular scans with Wordfence and keep a lookout for suspicious folders and content in your File Manager. It’s almost impossible to stop a dedicated hacker from accessing your system, but these types of attacks typically search for easy vulnerabilities and are done so automatically.
Hopefully that helps solve your security issues, but if you’ve had other problems or want to share alternative solutions please let us know in the comments below. Safe surfing!