How do I know if my site was hacked?

Follow these steps if:

  • You've been alerted by Google that your site is hacked.
  • You see a warning in search that your site is hacked or compromised.
  • You're not sure if your site is actually hacked.

If you're unsure if your site is actually hacked, or if you think your site was incorrectly flagged, start by registering your site in Search Console. Go to the Security Issues sections of Search Console and look for example URLs where Google detected that your site has been hacked. The following video provides an overview of how Search Console can help you.

If you're unable to see hacked content on the URLs provided in Search Console, the hacked content might be using a technique known as cloaking. Cloaking makes cleaning a site more difficult by showing different content to different types of users. For example, when you go to a page on your site like www.example.com/cheap-drugs, you might see a page without any content. This might lead you to believe that the hacked content on your site doesn't exist. However, when a search engine like Google accesses www.example.com/cheap-drugs, it will see spammy words and links.

To check for cloaking, we recommend opening a Google Search window and typing site:_your site url_, with the root level URL of your site. This shows you all the pages on your site, including pages a hacker might have added. You can also use our Inspect URL tool.

After you've double checked your pages, if you still think think your site was incorrectly flagged, post in the Webmaster Help Forums. Otherwise, start building your support team.