How to recover a hacked website and get your SEO back on track

In the virtual world, it’s difficult to know when someone’s lurking at your website’s doorstep and what they may want. Unfortunately, in some cases, their intentions are not pure. 

Hacking has become commonplace for websites, so it’s imperative to be a vigilant host and flash the light above your doorstep regularly. By doing so, you can detect any issues before the damage they cause becomes too vast and irreparable.

If your wordpress website has been hacked and infected, we have some more information for you.


How to recover a hacked website and get your SEO back on track
How to recover a hacked website & get your SEO back on track

Signs that your site has been hacked

Once a hacker has gotten into your site and started to inflict damage, their actions can be noticed. This is mostly because of Google’s ultra-sensitivity to these kinds of things.

Here are a few ways you can find out if your site has been hacked:

  • Google alert – when visiting the site, you receive an alert that warns you your site has been attacked or contains malware
  • Your site is offline – hosting providers will take your site offline as soon as they discover it’s been hacked
  • Your site is flagged as ‘may be hacked’ or ‘may harm your computer’ on Google Search
  • You receive a Security Issues alert on Google Search Console
  • Your malware scanner or customers inform you
  • Your website is redirected to another URL
  • Massive drop in traffic and changes in bandwidth usage.

Steps to recover from being hacked

When it’s confirmed that someone has hacked your website, it’s time to put on your digital boot and kick them out. Your site isn’t completely lost and in most cases you can restore it.

Follow these steps to recover your site:

  1. Inform the hosting provider – most companies have trained staff who deal with hacking or can take you through the process of recovery.
  2. Turn off your site – take your site offline until the problems are fixed. Google suggests that if you’re unable to take it offline, make sure to return a 503 status code, preventing the site from being crawled by search engines.
  3. Check user permission to see if a foreign account has been added and granted admin permission. If there is one, remove the account immediately.
  4. Use URL Removal Tool in Google Search Console to remove hacked pages from search results.
  5. Check server logs for any suspicious activities, including modified or uploaded foreign files.
  6. Clean and maintain your site.
  7. Clean your server.
  8. Reset your password.

Getting your SEO back on track

You’ll need to prove to Google Search and to your customers that you’re back to running your regular, safe website.

The following steps will assist you in getting your SEO back on track and your online reputation restored:

  • Check site indexation on Google Search (using search command site:example.com). Your site will display warnings if it’s still considered as infected.
  • Check your ownership in Google Search Console. It’s likely that the hacker has verified ownership; if so, you will need to verify it again.
  • Check GSC Message Center and Security Issues report to see the extent of the attack.
  • Monitor regularly to see signs of improvements.
  • Make sure you revoke any URL removal requests so your content can be indexed again.

If you’d like to advance your site’s SEO a step further, contact the SEO specialists at Search Factory.


It can be unsettling having your website hacked, whether it’s a personal blog or the core of your online business, but there are always steps to take back control. By remaining aware of potential threats and responding quickly to hacks, you can keep your site and SEO working securely and effectively.