Give me 31 Days and I’ll Give You a Better Blog… Guaranteed

Check out 31 Days to Build a Better Blog

Give me 31 Days and I’ll Give You a Better Blog

Check it out

A Practical Podcast… to Help You Build a Better Blog

The ProBlogger Podcast

A Practical Podcast…

FREE Problogging tips delivered to your inbox  

9 Tips for Recovering Your Google Rankings After a Site Hack

Posted By Jim Stewart 29th of September 2017 Finding readers 0 Comments

website-hacker.jpgThis is a post by ProBlogger SEO expert Jim Stewart

While WordPress is a relatively secure platform, it can still be hacked. In fact, out of the 11,000 hacked websites Securi analyzed in 2016, 75 percent of them were running WordPress.

If your WordPress site has been hacked, fear not. By following these tips you can fortify your site and kick wannabe hackers to the kerb.

And provided you act quickly, your WordPress site’s SEO traffic—and even its reputation—can recover within 24 hours.

Here’s what you need to do.

Tip #1: Kick Out the Malware

The first step towards getting your site back into Google’s top SERPs is to make sure it isn’t harbouring hidden malware – malicious code the hacker has inserted into your site. If you don’t, all your repair efforts will be wasted. Worse still, you could end up infecting the computer of anyone who visits your website.

And while you’re at it, get rid of any spam, installed content or other suspect material you find.

Tip #2: Add Your WordPress Site to Google Search Console

Next, make sure you’ve entered your website into the Google Search Console (GSC). It will reveal your site’s overall status, and help you understand which URLs on your site are being affected by the hack. You can even use it to take down your site’s blacklisting.

Of course, you should already have GSC set up for your site as it can help enormously. But it can be especially useful when your site has been hacked. For example, it can send you a warning email when the message “This site may harm your computer” appears in Google’s search results — a sure sign your site has been hacked. Just make sure the email address it gets send to is one you monitor regularly.

You’ll need to go through a submission process to assure Google your site has been fixed and you’ve removed all malicious code. They will then remove the message from their search results.

Tip #3: Request a Malware Review

Google can review your WordPress site for malware and unwanted software. It’s a simple process, and it’s definitely effective. Navigate to the Google Search Console “Security Issues” report and request a review.

Tip #4: Download These Plugins

Once you’ve started recovering your website’s rankings, you should download a couple of plugins that are conducive to long-term security. Check out:

These plugins can secure your website from all angles, and give you complete control over unwanted visitors, admin permissions and keyword tampering.

However, try to minimize the number of plugins on your site. The fewer you have, the less chance there is of your site’s security being compromised.

Another option is to use a combination of Cloudflare (which hides your site’s actual IP address, making it harder for hackers to find) and a secure host such as WP Engine.

The post-hacking pick-up process is a long one. But it’s not impossible to overcome.

Tip #5: Find Out How You Were Hacked

If you’re dealing with a WordPress website hack, you need to understand how you’re being hacked. Narrow down the options, and look for inconsistencies. Ask yourself:

  • Is my WordPress site being directed to another website?
  • Does my WordPress site have any illegitimate links?
  • Has Google marked my website as Insecure?

These factors all play a major role. Once you’ve answered each questions, contact your hosting company. If your weak point was a plugin, remove it and protect your site from that vulnerability.

Tip #6: Clean up your Index

If your site has been infected with irrelevant pages, they can dilute your content and affect your rankings. Google may not recognise the hack, and take them into account when ranking your content. And if that content weakens your original content authority, your rankings will suffer.

These pages usually contain links that divert traffic away from your site. And it can be difficult to understand why why your rankings are dropping if they’re still being indexed.

To fix the problem, you need to isolate and manually remove the URLs from your index. Fortunately, it’s easy to do. Just go to Search Console, and under the Google Index section select ‘Remove URLs’.

And once they’re gone, you’ll need to monitor any crawl errors and re-submit your site maps.


Example of a Government site that has been hacked and cached by Google.

Tip #7: Move to a Secure Host

Your blog’s first line of defence begins with strong security from a robust hosting provider. That’s why we recommend WP Engine. It has exceptional security, and won’t let you install plugins that could compromise the security of your site.

Tip #8: Protect Other Avenues of Entry

If you’re using shared hosting, your other websites may have also been affected. So talk to your provider, and see if they can  identify any backdoors that may have led to your website being hacked. They may even be able to set up an additional login step that hides the real login page.

And don’t forget to change your passwords.

Tip #9: Consider Restoring your WordPress Site

Always keep backups of your WordPress site so you have the option of restoring it if necessary. If your WordPress blog is updated daily, you may have lost a lot of blog posts, comments and other content. If that’s the case, you may need to consider restoring it from a recent backup.

Even if you haven’t lost much content, it may still be worth restoring an earlier version to ensure your site isn’t harbouring unwanted content, visitors or other material.

You may also want to invest in an online security scanner, which can identify any WordPress files that have been compromised.

If you’d rather do it yourself check these files on your WordPress site:

  • Header.php
  • Index.php
  • Footer.php
  • Function.php
  • wp-config.php
  • .htaccess

You should also check your uploads and wp-includes directories.

Replace any compromised files, and if necessary reinstall the WordPress core files. But be careful. And stay up to date with WordPress’ new features, updates, bug fixes and news.

Chances are you’ve put a lot of work into both the design and the content of your website. So make sure you protect it by following these tips.

But always remember that if the worst comes to worst and your site is hacked, it’s not the end of the world. And with a bit of hard work you can recover your site and your Google rankings.

About Jim Stewart
Jim Stewart, CEO of BloggersSEO, is a recognised digital marketing expert. Jim is ProBlogger’s SEO expert and will share his vast SEO knowledge to equip you with the systems and skills to optimise and monetise your blog using tried and tested techniques. What Jim doesn’t know about SEO and blogging isn’t worth knowing.
  • Hi Jim,

    Helpful to know.

    Super informative post.

    My developer is on it with all the https stuff and plug in stuff and all the tech stuff I slowly am learning about. It helps to have skilled tech-side guys in your corner to keep your blog secure.

    Thanks for sharing.

    Ryan

    • Jim Stewart

      No problems Ryan

  • Hi Jim,

    I had a client not too long ago that had a hacked site. It was crazy, it took me forever to get it cleaned and made me realize how much damage hackers can cause.

    If I never clean up another website, it won’t hurt my feelings :)

    I’ve been meaning to install WordFence on my blog, but I already have so many plugins. So I just tightened up my blog with some code in the .htaccess file.

    So far so good. I also keep a daily backup of my site just in case. We can do everything possible to keep our site protected, but we never know if it’ll happen to us.

    The best defense is to have a current daily backup on hand just in case.

    Thanks for sharing these tips have a great day :)

    Susan

    • Jim Stewart

      Good advice Susan.

  • Sahil Akhtar khan

    Your tips was awesome it is very helpfull for me thanks

  • Really helpful tips.

  • Fazal Hussain

    Amazing blog post Jim it is not just helpful for the junior SEOs but also for other specialized people from SEO agencies.

  • Hello Jim,

    Great tips on recovering a site which has been hacked. These tips are very helpful to recover your site and also help to rank it again in Google. Cloudflare is really a great and I am also using it. Thanks for writing this post.

    Have a great day :)
    Vishwajeet

  • Excellent tips, really very helpful for me. Thanks.

  • Hello Jim,Great tips , Thanks

  • Thx for Sharing. Could use this for sure

    • Jim Stewart

      hopefully not too often!

  • Lucas Smith

    Hey Jim,
    Thanks for this really helpful article. My site have never been hacked before, but I’m saving this just for when the unexpected thing happens.

    Cheers,
    Lucas

  • disha patil

    nice information….savesfun

  • disha patil

    Amazing blog post Jim it is not just helpful for the junior SEOs but also for other specialized people from SEO agencies….www.savesfun.com

  • Yay!
    My hosting bandwidth was reached to its limit and my site was down for more than 5 days. I’m following the tricks and hope would recover my site traffic soon.

  • Really a great information, Prevention is better than cure. So, I should install those security plugins today.

  • Adword India

    Thanks for sharing this Great post.. This is really informative and useful. it is very helpfull for me thanks.

  • This is a nice piece of advice Jim, i have my site hosted with a company and I get a report every month for the site scan, up to now it is safe but after I read your article, i am thinking to add these plugins just in case, Great topic and thanks for the information.