Skip to content
About Blog Learn Explore Patterns Case studies
On this page
  • Why did my site get hacked?
  • How do I know I’ve been hacked?
  • How did I get hacked?
  • Where can I go if I have additional questions?
  • How can I reproduce the warnings displayed to the users of my site?

FAQ for hacked sites

Jan 1, 2015 — Updated Mar 4, 2022
Appears in: Safe and secure
On this page
  • Why did my site get hacked?
  • How do I know I’ve been hacked?
  • How did I get hacked?
  • Where can I go if I have additional questions?
  • How can I reproduce the warnings displayed to the users of my site?

This article brings together answers to the questions about hacking we at Google hear most often.

Why did my site get hacked? #

Hackers have different motives for compromising a website. Examples include:

  • Financial gain through web spam: Placing spam links on your website or redirecting your website's traffic to external parties.
  • Stealing sensitive information: Copying files containing customer data like credit card numbers, personally identifiable information, or login credentials.
  • Communicating a political or social message: Defacing a website as a form of hacktivism to emphasize a point of view and cause change.
  • Malware: Injecting malicious code through scripts or iFrames that pull content from another website that tries to attack any computer that views the page.
  • Thrill-seeking or vandalism: For no particular reason other than the thrill of invading and vandalizing your site.

How do I know I’ve been hacked? #

Examples of common signs that your website has been attacked include unusual traffic spikes (especially from unrelated search terms), visitors reporting malware, newly created account(s) with administrator privileges, or suspicious new pages added to your site.

How did I get hacked? #

There are many possibilities such as software vulnerabilities, leaked or guessed password, unauthenticated administrator pages, unsanitized database queries, unnecessary open ports, or exploiting a human weaknesses through social engineering like phishing or impersonation of a trusted authority. Eliminating or mitigating these vulnerabilities is extremely important.

Where can I go if I have additional questions? #

The Webmaster Help Forums has an active group of Googlers and technical contributors that can help you with additional feedback. Also, most major Content Management System (CMS) providers have detailed documentation on how to resolve hacked cases. You can also seek help from a trusted security professional.

How can I reproduce the warnings displayed to the users of my site? #

Safe Browsing displays warnings based on the user's browsing context. As a webmaster, you may not be able to easily reproduce the warnings in your own browsing. The Search Console Security Issues report will tell you whether the issues Safe Browsing has seen with your website have been addressed.

Security
Last updated: Mar 4, 2022 — Improve article
Return to all articles
Share
subscribe

Contribute

  • File a bug
  • View source

Related content

  • developer.chrome.com
  • Chrome updates
  • Case studies
  • Podcasts
  • Shows

Connect

  • Twitter
  • YouTube
  • Google Developers
  • Chrome
  • Firebase
  • Google Cloud Platform
  • All products
  • Terms & Privacy
  • Community Guidelines

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies.