Site Hacked

Google Releases New Case Study On Hacked Sites

Site HackedRecently Google released a case study it performed on 2 hacked sites, giving webmasters a deeper look into where to look for weaknesses and helpful information on fixes. While some of the information is commonly known – or at least it should be given the recent attention given to worpress plugins such as Revolution Slider, it also offers a variety of other places to look should your site be labeled as “hacked” by Google.

Among the suggestions of where to look for vulnerabilities:

  • Updating your CMS (WordPress, Joomla, Drupal, etc.) up to date.
  • Updating Plugins and themes.
  • Unique Usernames and Passwords.
  • Enabling 2 step verification for login.
  • Verifying non www. Versions of the site through Google Webmaster Tools.
  • Check the .htaccess file for new rules that you have not implemented.
  • Avoid using FTP as it is unencrypted and instead use the SFTP which enables encryption and protects against eavesdropping.
  • Check the permissions on files like the .htaccess file.
  • Check for unknown users in your administration panel.

Google has stated that these case studies are meant to improve resources available to webmasters when dealing with hacked sites. While Google does its best to provide webmasters with reliable resources to fix the problem, if you’ve followed all their advice and have secured and updated your CMS and plugins, most webhosts will be able to help if you’re at a loss – but you may have to pay.

Barry Schwartz over at Search Engine Roundtable who’s a regular on the Google Help Forums has recently reported some webmasters now seeing a “This site may be hacked” label being applied to some sites in search results (although admittedly, a small majority being reported are sites with adult content.)


  1. jashon says:

    i had my site hacked and someone had uploaded html files to my wp-content folder its cleared now but i am afraid it will happen again and how to enable 2 step verification process?

  2. jashon – If they’re uploading files then my first concern would be that they’ve got their hands on your FTP info. I’d change your password ASAP.

    On top of that you’ll obviously want to install some kinds of security plugin like Wordfence, make sure all your plugins are up to date and check the plugins you are using for vulnerabilities or see which one allow for file injection (if any).

    As for two-step authentication, there’s some info on setting that up on the WordPress site at Also a good idea.

    I’m sorry for the scenario you faced. I think we’ve all been there in one way or another and I wish you luck on never having it happen again. :s