If you are running a WordPress site and suddenly your traffic drops, and when you check Google, you see that “This site may have been hacked by a third party” and your search rank drops significantly, there is almost a 100% probability that your site has been hacked and tampered with. In this article, we will explain how to deal with this situation.
In this article, we will explain how to deal with this situation.

Why does “This site may have been hacked by a third party” appear?

Google searches and indexes sites independently. If a link to a particular domain is embedded in a site, or if an illegal file (JS, etc.) is loaded in the HTML of a site, Google detects it and determines that the site has been tampered with. This is based on considerable evidence (100% of the time when WordPress Doctor was consulted, the site was a victim of tampering), so let’s first examine the damage to the site.

Find traces of tampering

When WordPress is tampered with, various traces of the tampering can be seen in the admin panel and access to the site. Here are some of the most common ones

Unknown increase in the number of WordPress administrator users.
●The number of accesses is increasing rapidly.
(This is often indicated in the server access logs, not in the access analysis.
●The number of e-mails sent is increasing rapidly.
This is a case where the site is a stepping stone for spam. (This is also often indicated in the server access log, not in the access analysis.
A large number of unintelligible words or URLs are being written in comments.
A large number of folders or files have been added to the WordPress directory without your knowledge.
●The site has become very heavy.
When a malicious file is loaded from the server where the malware was distributed, the malicious file distribution destination may have already disappeared, and this file cannot be retrieved, resulting in a heavy site.
Some functions on the posting screen are no longer available.
This is caused by tampering code interfering with WordPress functions.
The layout of the site suddenly collapsed.
This is caused by the tampering code interfering with the WordPress theme.
I can’t log in anymore.
The password for the administrator privilege has been rewritten.

In addition, you should also check your website for viruses at the following sites

Trend Micro Site Safety Center
http://safeweb.norton.com/
Norton Safe Web
http://global.sitesafety.trendmicro.com/index.php
SUCURI (recommended)
https://sitecheck.sucuri.net/

How to eliminate hacking tampering from a site? (First Aid)

Eliminating hacking from a site requires very specialized knowledge. We scan the site for tampering patterns collected from various requests and restore the site by eliminating the tampering code. Please note, however, that this is only a stopgap measure and will not stop all the entry points for site tampering. (If left unchecked, there is a risk of re-infection.)
This is a measure to stop secondary damage such as the sending of spam mail or the distribution of malware once it has occurred.

0 Back up the site and the database

1 Download a new template and replace the site with that template.
2 Stop all plug-ins. If you must use a plugin, download the ZIP file from the site, delete the old plugin via FTP, and reinstall it.
3 Update WordPress itself.
4 Delete the increased number of users and change the password for the administrator user.
5 Delete the increased number of comments. Deactivate all comment functionality on the site

Perform virus check again

After the above first aid measures are completed, check the site infection status again.

Here is a free malware scanner created by WordPress Doctor
[Free WordPress tampering, hacking, malware, and virus scanning (detection) WP malware scanner LITE

SUCURI (check from outside the site)
https://sitecheck.sucuri.net/

If first the infection is detected, and then it is not detected, then the first aid measure has been successful! We can then perform a more detailed inspection to eliminate the virus, regenerate plug-ins and themes, and take measures to prevent re-infection, so please contact us.

We have notified Google that the site has been restored.

Once the site is completely free of viruses and hacking tampering and security measures have been taken, we notify Google via the Google Search Console site that the viruses have been removed and we will ask Google to reinspect the site.

Register your site in the Search Console and request a review of the [security issue].

Check the box next to “I fixed the problem with my site” and click the “Request Review” button.

Related Posts:

  1. Learn how hackers rewrite (alter) files on your WordPress site to increase security!
    As convenience and site functionality increases with the improved capabilities of programs on servers, not just WordPress, tampering with files on servers has become a major problem. In this article, we will explain how hackers rewrite WordPress files and consider ways to improve security....
  2. What to do for your site users when WordPress is hacked, tampered with, or hijacked.
    This page explains how to respond to users (those who use the site) when there is a possibility of damage to users who visit the site, such as being redirected to another site, being sent to a sweepstakes site, or downloading malicious files due to WordPress tampering. This page explains how to respond to users (those who use the site)...
  3. WordPress Examples of redirect hacks where WordPress WordPress redirects to another site without permission and how to deal with them.
    Recently, there have been an increasing number of cases where sites have been tampered with, redirecting users to a fake Windows virus removal page or PC repair page only when accessing the site via Google. In this issue, we will deliver an explanation of this case and countermeasures....
  4. What many people misunderstand about WordPress security.
    We have summarized some of the security measures taken by WordPress, which are often misunderstood by many people and often result in tampering and malware embedding!...
  5. WordPress site defacement hacking for SEO purposes. what is SEO spam?
    The most common type of WordPress tampering these days is the hacking of WordPress sites for SEO purposes. We will explain this SEO spam....
  6. WordPress Rarely, a redirect hack that sends the site to another site only from Google search results.
    This section describes a redirect hack that forces WordPress to go to a different rogue site only in rare cases (some patterns say only on smartphones) when jumping from search engine results, and explains how to deal with it....