Fix Hacked Search Results & SEO Attacks

Last updated: May 22 2021

If you’re getting warnings from Google Search console, and suspicious pages are being indexed, your website may be affected by hacked search results.

Here what you should do:

Need help? Let us clean your site.

Step 1
Register with Google Search console
1. Search Console will offer insights over site recent activity and changes: https://search.google.com/search-console/
2. Verify your site ownership.

Step 2
Backup
1. To prevent data loss, backup database using phpMyAdmin.
2. Archive plugins and themes folders.

Step 3
Apply site changes
1. Find search.php file, inside your theme folder, and disable h1 tags and delete title tag.
2. Add robots.txt in your site’s root folder. The following content should do.

Both changes are safe to apply, if your website doesn’t get traffic from search results. Most WordPress sites don’t get their search results indexed. SEO wise search result pages are mostly considered as low quality.

Note: For this type of hack, we haven’t applied noindex meta tags inside search.php.
That’s because header section is displayed via get_header(); function.

How to look for malicious search results? Type any of these lines on google.com ( replace domain.com with your own domain name ):

site:domain.com "/?s"
site:domain.com "/search/?q=" 

What you shouldn’t do:

  • Don’t solely use the “Temporary removals” tool.
    First, you should address the root causes of problem. Preventing SEO hacks from happening again should be a priority.
  • Avoid using security plugins or any cleanup tools.
    Site is probably malware free, so don’t panic.

Need help? Try our Free security analysis.

Malicious domains: cheaperpill.store, dating4me.site, lemonaidhealth.shop, trust4me.site, cheaperpill.com, weke.xyz, datego.xyz, datesol.xyz.