Discovering your website has been hacked is one of the most stressful experiences a site owner faces. Rankings can drop overnight, Google may display security warnings that drive away all your traffic, and the reputational damage to your brand can outlast the technical fix. But the damage is recoverable β and the faster you act, the faster you restore your rankings and traffic.
Immediate First Steps
Do not panic and do not take the site offline unnecessarily. Taking your site offline immediately destroys all your rankings β Google will rapidly deindex a site that consistently returns errors. Unless the hack is actively serving malware to visitors, leave the site running while you investigate and clean it.
Check Google Search Console immediately. As we covered in our guide to website security and SEO, Google Search Console sends security alerts when it detects malware, hacked content, or phishing. The alert will identify which URLs are affected and what type of issue was detected β this tells you exactly what the hacker has done.
Check for manual actions. As we covered in our guide to checking for Google penalties, Search Console's Security and Manual Actions section shows any manual actions applied to your site. A manual action for hacked content requires explicit cleanup and reconsideration before rankings restore.
Identifying the Hack
Common hack types have recognisable symptoms:
Spam injection. Your pages now contain links to casino, pharmaceutical, or adult sites in the footer or hidden in the page source. Search Google for site:yoursite.com casino or site:yoursite.com viagra to find affected pages.
Malicious redirects. Mobile users or visitors from specific referrers are redirected to spam sites while desktop visitors see the normal page. Check your site from a mobile device on a different network.
New pages created. The hacker has created thousands of spam pages on your domain to benefit from your authority. Search site:yoursite.com and look for pages you did not create.
Phishing pages. Pages impersonating banks, PayPal, or other services to steal user credentials. Google Safe Browsing will flag these immediately.
The Cleanup Process
Step 1 β Restore from backup. If you have a clean backup from before the hack, restoring it is the fastest path to recovery. As we covered in our security guide, daily offsite backups are essential specifically for this scenario.
Step 2 β Close the vulnerability. Before cleaning, identify and close how the hacker got in β otherwise they will re-hack immediately. Change all passwords using our password generator, update WordPress core, themes, and plugins, check for unauthorised admin accounts, and review file permissions.
Step 3 β Remove malicious content. Use a security scanner (Wordfence for WordPress, Sucuri for any platform) to identify infected files. Remove all injected content β check .htaccess, PHP files, and database content for injected code.
Step 4 β Request a review from Google. Once the site is clean, go to Search Console β Security Issues β Request Review. Explain what was hacked, how you found it, and what you did to fix it. Be specific β vague requests are delayed.
Restoring Rankings After a Hack
After Google approves your reconsideration request or removes its security warnings, rankings typically begin restoring within two to four weeks. Use our broken link checker to verify no spam links or injected content remain. Submit an updated sitemap to encourage re-crawling of all your pages with their clean content.
Summary
Hack recovery requires acting fast: check Search Console for the nature of the hack, restore from backup where possible, close the vulnerability before cleaning, use security scanners to remove all injected content, and submit a specific reconsideration request to Google. Post-recovery, implement the security measures covered in our guide to website security to prevent recurrence.
Missed the previous article? Read: SEO for WordPress: The Complete Optimisation Guide for 2026