Discovering your website has been hacked is never fun.
As a small business owner, that moment when you find out is one of the most stressful experiences.
Unfortunately, no-one’s website is safe from hackers. Not mine. Not yours.
But you can reduce the likelihood of being hacked.
Maintaining your website will certainly help.
Our free guide goes into this more: Top 13 real-world consequences of not maintaining your website.
But after the dust has settled and your website is fixed (hopefully!), how do you fix your presence in Google?
First let’s be clear about how a hack can cause damage for your business in Google.
BIG NEWS: Your Google presence could suffer significant damage from a hack – it could take months, even years to recover from.
But, if you’ve already acted fast, you’ve hopefully avoided Google’s attention. The important action is that your website has been fixed. If not, get that sorted now.
Google and other search engines won’t want to lose searchers by putting them in harm’s way. That’s why they could easily block your website from appearing in the search results, or tell everyone your website is hacked.
If you depend on Google traffic, a ban of any sort could ruin your business. If you’re blacklisted by Google you could lose nearly 95% of your organic Google search traffic. That can quickly impact sales and revenue.
A Google block is less likely to happen if you acted fast and fixed your website. Just make sure it doesn’t happen again.
If Google is OR isn’t as important to you, your website could still appear to be hacked when someone searches Google for your organisation’s name. This will severely damage your brand’s reputation and must be avoided.
So what actually is a hack, what does a hacked website look like in Google and how do you remove any evidence of a hack from Google’s search results?
An Example of a Website Hack
There are many different types of website hacks, but a common one has been named as “The Japanese keywords hack”.
This hack typically creates new pages on your website with autogenerated Japanese text in randomly generated directory names (for instance, http://example.com/ltjmnjp/341.html).
Here’s an example of what one of these pages might look like:
These pages are monetised using affiliate links to stores selling fake brand merchandise and then shown in Google search.
There’s a high chance that if you’ve been hacked like this, there will be lots of these pages in Google that are attached to your website.
You need to quickly get rid of them.
Find out what damage has been done in Google’s results
To discover whether the hack has contaminated Google’s search results for your website:
- Go to Google and search the following:
(replace example.com with your website’s domain/address)
Google will then show you a long list of pages from your website that are ‘in Google’.
Keep an eye out for any dodgy pages that shouldn’t be there. If you see any, it’s time to take action.
Fixing the Hack
By now hopefully you’ve already fixed your hacked website.
If you have fixed your site, all of the newly generated pages from the hack, when clicked on in Google’s search results, will now resolve to a 404 or 401 error code (page not found) (NB. clicking on hacked search results isn’t a clever thing to do for security reasons, you can find if your page is showing the correct error code in Google’s Search Console – URL Inspection Tool).
Making sure your pages have the correct response codes is an absolute must, because until that happens, your newly generated hacked pages can’t be removed from Google.
Time to clear up the mess in Google
I’ve carried out the following steps for small business owners that have come to me with a hacked website – it’s worked out well. If you need help, please send me an email.
For hacked website pages that didn’t exist before the hack
Let’s now assume that all the pages that the hack created now correctly result in a 404 ‘page not found’ error.
Google will eventually remove them, but it can take a while.
While you’re waiting, one sensible tactic is to use Google’s removal tool to hide those hacked pages for 6 months to stop them coming up in search results.
Hopefully, during that time Google will remove the pages permanently.
The Google Removals tool enables you to temporarily block pages from Google Search results on sites that you own. It can be found within the Google Search Console which is another powerful tool for small business owners, webmasters, SEO specialists and marketers to view the health of their website in Google.
Make sure you don’t use the tool to remove the pages that already existed before they were hacked. Just remove those pages that result in a 404 error and were created by the hack.
Google’s removal tool only allows the removal of one URL at a time so it can get a bit laborious if you have a lot to hide. I’ve had success with this Chrome extension to remove large numbers of URLs in bulk.
For hacked pages that existed before the hack
For hacked pages that existed before the hack, it’s best not to remove them from Google, but to tell Google to re-index the page using Google’s “Request (re)indexing tool” also found within the Google Search Console.
You could go through and manually request indexing of each hacked page, but if you have a large number of URLs Google says: “To request indexing of many new or updated pages, your best choice is to submit a sitemap, with the updated pages marked by <lastmod>.”
You might not have to use a sitemap if the hacking didn’t affect many of your existing pages, but it’s a good idea if you have lots of existing pages that need fixing in Google.
Obviously the 404 pages will not be in this sitemap, but pages that already existed but were hacked, should show up.
You or your webmaster will have to make sure they have an up to date <lastmod> in the sitemap which may mean that they have to go in and save/update each page.
I hope my tips will help you get your presence in Google back to how it should be – without all those hacked pages showing up.
If you rely on waiting for Google, you may be in for a long wait before the URLs disappear, that’s why it’s good to hide them.
If your website is not maintained throughout the month, it could be time to consider help.
For the price of a cup of coffee a day, our monthly website support and maintenance service will help you prevent the top 13 real-world consequences of not maintaining your website.
I’d be happy to talk with you more, so feel free to get in touch today to learn more about our monthly web care plans. Myself or one of the team will be happy to answer any questions you have.