Closed. This question is off-topic. It is not currently accepting answers.

---

Questions that are too localized (such as syntax errors, code with restricted access, hacked sites, hosting or support issues) are not in scope. See how do I ask a good question?

Closed 5 years ago.

Improve this question

A few days ago I noticed a few blog posts on my site that were spam and I knew I had been hacked. I did a few things in an attempt to clean the hack (Wordfence deleting unknown files, securing the site's backend, changing passwords, etc.), but there are still tons of pages on Google Search Console that redirect to sales pages and I'm not sure what to do.

Does anyone have experience with this or any resources that'd show me how to get rid of this? Alternatively, do you have any experience with sites that offer "hack cleanup" services?

Any help is extremely appreciated.

Closed. This question is off-topic. It is not currently accepting answers.

---

Questions that are too localized (such as syntax errors, code with restricted access, hacked sites, hosting or support issues) are not in scope. See how do I ask a good question?

Closed 5 years ago.

Improve this question

A few days ago I noticed a few blog posts on my site that were spam and I knew I had been hacked. I did a few things in an attempt to clean the hack (Wordfence deleting unknown files, securing the site's backend, changing passwords, etc.), but there are still tons of pages on Google Search Console that redirect to sales pages and I'm not sure what to do.

Does anyone have experience with this or any resources that'd show me how to get rid of this? Alternatively, do you have any experience with sites that offer "hack cleanup" services?

Any help is extremely appreciated.

• hacked

Share Improve this question asked Jun 19, 2019 at 1:17 Aaron MarsdenAaron Marsden 10111 bronze badge

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 1

Although hacked sites aren't a topic that is within the scope of this site, this question always gets asked. And there are many googles/bings/ducks on how to de-hack a site. The basics:

• change credentials on everything (hosting, FTP, admin level users). Create a new admin-level user with a strong password. Log in with it to ensure it works, then demote the old admin user. I never have a user called 'admin'.
• update everything. Even if they have been updated before. Update from known good files (via FTP). WP (you can use the admin/updates thing for that), themes, plugins.
• look at all folders for files that don't belong. If you sort by date, they will stand out (because you updated everything else). Don't forget hidden files like htaccess.
• look at generated pages for further evidence hints.

I've developed a procedure that has worked for the sites that I have de-hacked. See it here. Hard work, will take some time, but can be done.