How To Repair a Hacked Website & Recover Rankings (SEO) ?

How To Recover Hacked Website

How To Repair a Hacked Website & Recover Rankings (SEO) ?

Guide to Fixing and Recovering Your Hacked Website:

Hello Everyone today we are writing about very sensitive topic related to Websites Security. Daily hackers compromise or hack thousands of websites. Even Large Sites with good prevention measures get hacked. Security is one of the major problems in this world where Internet is like lifeline for the people from Browsing, Booking tickets, Shopping, Banking, Blogging, Education etc this everyday tasks is done online.

If Your Site or Blog Get hacked it can get damaged in many ways:
  • Loosing all Data - This is the worse thing that can happen.
  • Infected with Harmful Code - Adding malicious Scripts in your site making it vulnerable 
  • Stealing Login Credentials and other sensitive information - If you are running a big eCommerce Store or you have a products for your users then if your site get hacked then this nightmare can be true.
  • Loosing Ranking - If you response slowly in recovering your website or blog . or got to know your site get hacked very late then you might loose all the ranking & reputation of your site.

    Here in this post we will share some important measures to bring your website back to normal after it has been hacked.

    This Below Video is From Google Webmasters Where they have explained the process for recovering a site and removing and user-facing warnings. and How much time it can take to fix the site etc.

    This are some of the recovery measures you should follow step by step to minify damage to the site.

    1. Complete Scanning of Your Site
    2. How Worst is the attack or hack?
    3. Quarantine your site (if possible)
    4. Use Google Search Console
    5. Clean up malicious scripts or Spam
    6. Update the CMS or Other Plugins
    7. Complete Scanning of Your Site Again
    8. Request a Review To Google

    Complete Scanning of Your Site:

    First of all when you come to know that your site get compromise then the first thing to do is to scan the site with reputed anti-malware or antivirus. You can ask your Host to scan your Site or root directory to know whether any of the malicious scripts were inserted.

    If your Hosting Provider Does not help you in knowing which files or directories are effected then you can hire a team of professionals or you can scan your site online too and fix it by yourself or if you don't know then you can fix it by paying few bucks. 

    1. - Free Website Malware and Security Scanner is a very good site to scan malware for free and if you don't know how to fix then they have professionals to fix your site by taking few bucks based on the severity of the issue.

    2. - Detect types of malware including viruses, worms, and trojans

    The Main feature of this site is we can upload the file or enter the URL of our site or Search through IP Address or domain. This site also detects the Harmful malicious code.

    How Worst is the attack or hack?

    After analyzing or scanning your site you will come to know that how worst is the attack. If you are still confused after Scanning your site how bad the hack is then you have to go to Google Search Console Where you will come to know in the security issues section in the left Sidebar of the console. 

    If You already Signed-up to Google Webmasters then Skip this below Paragraphs.

    If you Still has not signed-up to Google Console then you are unaware of real tools for success of your business. So Sign up to Google by clicking on the link below

    After Signing-in to Google Webmasters add your Website And verify it to get future notifications from Google. In case of any emergency Google Will contact you through Search Console and you will receive messages and notifications.

    A hacker can hack your site in many ways that are:
    1. Hacked to host spam
    2. Hacked to distribute malware
    3. Hacked for phishing or fraudulent activities
    Check Messages in the Google Search Console to know what type of hack your website hit with. The Recovery steps for each of this type of hacks are different. Check "Security Issues" Section in the Search Console you may have received a message what type of hack your website hit with some explanation to remove it.

     If you have not received any message from Google in the console for any reason then search your site on google. You will see this type of warnings in the search results of your site.

    Images Source:

    Quarantine your site (if possible):

    When your site get compromised or hacked then running the site is useless. If you have registered members or shop in the site then this might be in the risk so it is better to take your site offline and quarantine it until the problem is resolved. Till Than your site will not be able to serve content to your users. Since the site has been hacked the content is likely worthless anyway.

    To Make your users notified stop your webserver or point your website's DNS entries to a static page on a different server that uses a 503 HTTP response code.

    Check What Google Has to say about Quarantine of site:

    By taking your compromised site completely offline, you can complete administrative tasks with less interference from the hacker, and meanwhile, malicious code or spammy files won't be exposed to visitors. It's unlikely that taking your site offline intermittently/temporarily during the recovery process will affect future ranking of your site in search results.

    Please contact your Hosting provider if you don't know how to take your site offline. For instance, your hosting provider might configure at 503 response for your site from outside your infected directories (which is a fine option). Inform your hosting provider that for testing purposes you need to toggle between online and offline .

    Having your site return a 4xx or 5xx HTTP status code isn't enough to protect your users. Harmful content can still be returned to users with 404, 503, etc. The 503 status code is a useful signal that your site is down temporarily, but the response should occur from outside your compromised server/site.

    Using a robots.txt disallow is also insufficient because it only blocks search engine crawlers. Regular users can still access harmful content.

    Please read more about this 

    Watch this above video from Google Webmasters where they have very well explained about Quarantine the site.

    Use Google Search Console:

    Google Search Console Helps to find what type of hack has hit to your site and they will message you about other details also. You can change your robots.txt file before changing it you can test it on Google Search Console. After completing recovery process you can ask a review to Google to reconsider the hack labeling for your site.  

    Clean up malicious scripts or Spam:

    As we have discussed above that hackers can target your site in number of ways From taking down your website and deleting its content to simply adding backlinks secretly, as above we said scanning the site will help us to know whether they have added any malicious code to our pages. If you found any suspicious content in the site then delete those pages carefully and so that your content should not get damaged.

    Make sure you have checked your site source code & check for any malicious PHP or JavaScript code that could be creating such content. Sometimes hackers create malicious scripts which generates spammy links or pages and self duplicates them to all the pages of your site as Hackers will often insert malicious scripts into your HTML and PHP files. These could automatically be creating spammy backlinks or even new pages.

    Update the CMS or Other Plugins:

    When you are running your site under a CMS then sites mostly get hacked due to vulnerabilities in a CMS System which get fixed with a patch with the update. Often website owners shows laziness in updating and future proofing site from getting hacked. older versions are more susceptible to attack. So always update your CMS and other third party plugins.

    Complete Scanning of Your Site Again:

    After completing all the recovery process now it is time for Scanning of your Site Again. If this time your scan results are clean with no malware or spam detected then it is the time for asking a review to google to remove the hacked badge from our site. But if your scan results detect malware again then you have to ask a team of professionals to review your site and take necessary steps to remove the malware.

    Request a Review To Google:

    After Following all the above steps now you have to send a request to review the site and unflagged as dangerous or possibly deceptive to users. you have to go to security issues section in the search console to request a review from there. before sending the request make sure your site is back to online and it is crawlable to googlebot.

    Watch the above video from Google Webmasters where they have explained everything what to do before requesting and how much time it takes for google to reply to your request.

    Other Important Tips:

    When you are connecting to your site when transferring files to your servers Always Use SFTP, which will encrypt everything, including your password, as a protection against eavesdroppers examining network traffic. Avoid using FTP. FTP does not encrypt any traffic, including passwords.

    .htaccess is the most important and sensitive file. If your .htaccess file is accessible to hackers then then can add malicious code and can hack your site. So Check the permissions of .htaccess. Contact your Hosting Provider Your hosting provider may be able to assist you if you need help. The .htaccess file can be used to improve and protect your site.


    If you are still facing any difficulty in recovering your hacked site then please hire a team of of professionals. If you are a beginner and don't know HTML, php, JavaScript etc then don't try to do it by yourself. 

    When your Review Request is approved then don't think that your site is fully protect and hacker will not try to hack again so you have to assure the best security for your website.

    Purchase a SSL Certificate Hyper Text Transfer Protocol Secure (HTTPS) for your website as this will encrypt communications between users browser and the website. Google Consider SSL Encryption as one of the small factors for Search Engine Ranking. So If you add this certificate You will not only securing your Website but also improving your site ranking in Google Search.

    That's It Thanks For Following our Tutorial '' How To Add Advanced Popup "Facebook Page Plugin Pro" to Blogger Blogs ?'' Along With us If you found any difficulty Please Comment and Share Your Valuable Opinion. And Stay tuned for More Tutorials Like This and Share this with your friends.

    No comments:

    Post a Comment