How to Recover SEO of Hacked Sites?
Posted: Mon Dec 09, 2024 6:47 am
Websites are sometimes attacked or hacked. In these cases, Google may impose penalties on websites in order to both protect users and provide a safer web experience. As a result, your site's SEO may suffer. In this article, I will share some suggestions on how to restore the SEO of websites that have been hacked or attacked.
You can find many threads on forums that show that traffic from Google has dropped after an attack or “hack”:
Hundreds of thousands of pages can enter the Google index at once due to pages that are not under your control being created on your site. These pages may initially open with a 200 status code and then send your visitors to the original target site with a 301. If you do not prevent this situation, many pages may remain in Google, as in the example image below:
Even if you don't want these pages, Google can find them more easily because they are automatically added to sitemaps in CMSs like Wordpress. They can even be included in the index even if you remove them from the sitemap:
Googlebot needs to recrawl the pages to reduce the number of URLs in the index. Even if you clean the viruses, you may experience problems with index optimization because Googlebot does not visit these pages after the first time it sees them:
Pages created as a result of Chinese or Japanese hacking attacks, which are well known in the SEO community, can appear in the SERP, as you can see in the example below:
Google itself has also made special statements just for this type of attack:
Additionally, browsers like Google Chrome may display a warning such as “this site has been hacked” or “this site may harm your computer” in the SERP:
Hacked or malicious pages may not be seen by Google or overseas chinese in worldwide data may not apply manual action to your site. In these cases, it is important to do your own checks. In the example below, you can see how the SEO performance of a hacked or attacked site decreases. It is also normal to see decreases in Google News & Google Discover reports.
It is also useful to check that the hacked pages are not in the sitemaps. You can check not only the sitemaps created for articles but also sitemaps such as images-sitemap.xml.
In the crawl statistics reports, you can also see how much crawl requests have increased since the pages entered the Google index, and how much requests have decreased after the pages were deleted. If there is a similar situation on your site, you should definitely review these important reports.
Your Core Web Vitals data may not be affected in this case. Since the data comes from the Chrome UX Report, the status of your pages in the index may be included here.
As I mentioned above, Google may not always send you an email or notification. When it does, you may receive a notification similar to the one in the example below:
Here is an example that can be found in Search Console:
When you clean your site from viruses and deceptive pages, you should definitely request a review and write down the detailed actions taken in the form that comes up. If this notification belongs to the previous site owner, you can also specify this situation in detail in the form. The manual action will be removed in a short time:
You can find many threads on forums that show that traffic from Google has dropped after an attack or “hack”:
Hundreds of thousands of pages can enter the Google index at once due to pages that are not under your control being created on your site. These pages may initially open with a 200 status code and then send your visitors to the original target site with a 301. If you do not prevent this situation, many pages may remain in Google, as in the example image below:
Even if you don't want these pages, Google can find them more easily because they are automatically added to sitemaps in CMSs like Wordpress. They can even be included in the index even if you remove them from the sitemap:
Googlebot needs to recrawl the pages to reduce the number of URLs in the index. Even if you clean the viruses, you may experience problems with index optimization because Googlebot does not visit these pages after the first time it sees them:
Pages created as a result of Chinese or Japanese hacking attacks, which are well known in the SEO community, can appear in the SERP, as you can see in the example below:
Google itself has also made special statements just for this type of attack:
Additionally, browsers like Google Chrome may display a warning such as “this site has been hacked” or “this site may harm your computer” in the SERP:
Hacked or malicious pages may not be seen by Google or overseas chinese in worldwide data may not apply manual action to your site. In these cases, it is important to do your own checks. In the example below, you can see how the SEO performance of a hacked or attacked site decreases. It is also normal to see decreases in Google News & Google Discover reports.
It is also useful to check that the hacked pages are not in the sitemaps. You can check not only the sitemaps created for articles but also sitemaps such as images-sitemap.xml.
In the crawl statistics reports, you can also see how much crawl requests have increased since the pages entered the Google index, and how much requests have decreased after the pages were deleted. If there is a similar situation on your site, you should definitely review these important reports.
Your Core Web Vitals data may not be affected in this case. Since the data comes from the Chrome UX Report, the status of your pages in the index may be included here.
As I mentioned above, Google may not always send you an email or notification. When it does, you may receive a notification similar to the one in the example below:
Here is an example that can be found in Search Console:
When you clean your site from viruses and deceptive pages, you should definitely request a review and write down the detailed actions taken in the form that comes up. If this notification belongs to the previous site owner, you can also specify this situation in detail in the form. The manual action will be removed in a short time: