How To Resolve A Hacked Website and Google Webspam Penalty
Back in December 2016 I met the website owner when his Joomla! website was being migrated over to WordPress using an offshore company. Within a few weeks the website files were corrupted and the database affected, malware and a hacking situation was upon us. The website was generating URL after URL and in Google there was the display “This website may have been hacked” and a Manual Spam Action penalty was flagged in Google Search Console. This was a bad hacking.
Over the New Year we cleaned out the website (The host charged for this, I’m 100% convinced they have done a sterling job as he found “Sleeper files” that were forward dated to deploy long after the overseas web development company had parted ways with the client) and then I applied for a reconsideration request, and we were approved and green lights all round a few days into January.
Case Study 2017 – Shenstone Dental Website Hacking and Migration
Note: This post was updated in February 2021 and the client and I still work together
It’s now 30th January 2017 and 25 days later … and searching for the brand name / company name did not bring up the website in SERPs, only the Facebook page / Twitter / Yell etc links are returned in search (and my Google+ posts) but no website URL.
I checked the robots.txt and the only thing that is there is the noodp.
I checked in GSC, the sitemaps are not being indexed, but the site is being indexed under >Google Index > Index Status fine.
There’s 1,000 crawl errors to all the old hacking URLs, now all returning a 404, I haven’t touched them, just let them be. They all follow the same vein:
Fetch As Google is fine, robots.txt Tester is also fine.
The website is WordPress and everything else looks fine and dandy. No security issues “Currently, we haven’t detected any security issues with your site’s content”
Google’s Webmaster Central Forum
So, I posted my predicament on the Google’s Webmaster Central forum and you can see the responses there by online experts.
At first it didnt appear that someone could definitely say what was wrong, or missing, but following one respondant’s advice I added the website URL into Google Search Console that was the naked domain (http:// without the ‘www’) and verified. This was around 2pm in the afternoon, and only an hour or 2 later the site was indexed and reappearing in SERPs as the top result on Google page 1 for the Company / Brand name.
As you can see Google’s vision of the site is still outdated (31st January 2017) The website was not mobile friendly in November 2016 as the site was on Joomla! so I expect a few more days would prove a vast difference in the appearance in SERPs and that the ‘mobile friendly’ warning will eventually disappear also.