How to fix this site may be hacked – Yikes!

Your customer calls you up and asks you if your site’s safe to visit. When you Google yourself, you see those five horrible words under your site’s listing: “This site may be hacked“. What do you do next?

Find out what Google knows

Google’s decided your site’s hacked, but how do you find out why? Google Search Console. Google provides Search Console for website owners to get information about the health of their website and how it’s showing up in searches. Your issue might pop up in the “Security Issues” section (under “Security & Manual Actions” part of the menu) if you have the new design, or “Security Issues” in the old version.

Google search console really is the quickest way to find out why you’re getting “this site may be hacked” against search results for your website.

Animated gif of how to access the security issue if you see "this site may be hacked" in Google search results

Do you use WordPress?

If so, that’s great. There’s a few must have plugins out there that can really help find and fix the issue. You might want to try iThemes Security and run a malware scan (which you can do in the free version on the homepage – the pro version allows you to run them automatically).

It’s not a bad idea to install iThemes Security anyway; it’s one of the plugins we install on all our client’s sites by default because it does such a great job of securing their website.

iThemes security malware scan

Not using WordPress or want another opinion?

No problem! Securi offer SiteCheck. Just pop your website address into the box in the middle of the page, click “Scan Website” and Securi will check your site over and notify you if there are any issues. Securi also notifies you if your site’s software is outdated (if you’re using a known content management system, that is).

If you want to continue down the Google route, they provide the snappily-named Google Safe Browsing Check. Again, pop your website’s address into it and it’ll run through a series of checks to see if it’s aware of any issues on your site.

How to get rid of “This site may be hacked”

At this point, using some of the tools listed above, you may have narrowed it down to an issue in one sketchy-looking file. If that file can be deleted, great (but do make sure it’s not one you need!) But what if it’s more than that? Or a file you can’t find to delete?

At this point you might be uncertain. That’s totally OK; it’s time to call in the professionals. You’ve got a few options:

  • Your hosting company may be able to help you. Reach out to them, tell them what you’ve seen and forward any results of the above tests on to them
  • Contact a dedicated cyber security specialist who’ll clean your site up. Securi offer this service from $199.99 per year
  • Get support from a WordPress help company who will not only clean up the hack and secure your site, but offer you ongoing support on content, updates and other website issues too

Your hosting company

First and foremost, your hosting company may be able to help. Be careful here though; a lot of hosting companies may well see your site’s files as your responsibility and refuse to help. Some even go as far as to block access to a hacked site until they know it’s been cleaned. Additionally, their support staff may not be willing or able to help.

Long story short; choose whether to involve your hosting company carefully. If you’re not 100% certain they’re going to help, it might just be worth moving on to the next options.

Contact a dedicated cyber security specialist

There are a good number of cyber security specialist companies out there. In the WordPress space the front runners are Securi and Wordfence. Both also provide a “Site Cleaning Service”, which effectively means if your site’s hacked they’ll fix it.

Their service generally tends to be very thorough but very focussed; a cyber security company will generally clear the issue, set you up with some good security and send you away with a checklist of “you should also do these things”. Generally, they won’t be able to help you with the ongoing stuff, or things outside of security. That’s where our final option comes in…

Get support from a WordPress help company

Getting in touch with a WordPress support company to get some WordPress help might be the best option. Make sure they assess your hacked site first; giving them the information you found earlier and FTP access should be enough for them to give you a good idea of what they’ll do to fix the issue.

After they’ve fixed the issue you’ll have a support company on hand to help you with

  1. Making sure your site doesn’t go down
  2. Fixing any of those niggling WordPress issues
  3. Generally marketing consultancy & questions
  4. Making your site quicker
  5. Search engine optimisation
  6. Ecommerce & Woocommerce

Getting this site may be hacked appearing for your site?

Contact us now and one of our technical team will take a look at the issue for you today. We’ll be happy to advise you which plan you need to go for, what we’ll do to fix the issue and what we’ll do to stop it happening again. Just get in touch via our contact form, or live chat.