The ssl was disabled by hackers for 4 days..

This board is geared towards helping like-minded SEOs, Google Ads Specialists and Search Marketers find solutions!
Guest

Post by Guest »

Hello guys.. We have a website on WordPress, the ssl was disabled by hackers for 4 days and we had 40k pages added in those few days by whoever hacked the website, i took back control of the website and now i have too many 404 errors and many are indexed

I re-submited a sitemap to google search console to try to make google index the pages that i want to be indexted

For the other pages most of them are 404 by this time...

I'm thinking of putting a no index tag on all the pages left since redirecting them to the main pages is gonna create too much 301

My question is: How much time does it take to delete all those indexed pages from the serp? And what else can I do?

Thanks in advance for your advice.
Paul

Post by Paul »

Use the Removal tool in GSC. Look for a pattern in the URLs and remove everything with the same prefix.
Pranesh

Post by Pranesh »

First thing to me is to identify source of the leak. Maybe plugins? Also implement CDN, security plugins (core code errors, login masking, etc). You'll likely need a proper devto do this..
Simon

Post by Simon »

Change database user and pass too, as this is probably how the pages were added. If you change server login to an ssh key and disable password, even better.
Edward

Post by Edward »

What type of server is this on? WordPress security is no joke. It is easy by to keep people out of the admin area. But bad plugins, weak shared hosting is all it takes to destroy a website.

I would look into a few things. One, if your hosting an .htaccess file use a script that blocks by ip and redirect all other traffic to something fun like Disneyland or something. Only approved IPS get in.

Regardless of hosting I would consider getting blogvault. Even now it could help find and fix the hacked files without the need for a developer or high cost security team.

Use rankmaths instant index plugin. It can also send the 401 content deleted requests to google search for almost instant removal through the api. Otherwise, it’s a manual input through search console one at a time.
Darren

Post by Darren »

We had a client a few weeks ago whose site had been hacked. They paid someone to clean it but still had problems. It had not been cleaned properly at all so came to me, there were php pages all over the place, giving shell access and database edits.

It's important to make sure the core website is clean, the best way is to backup, install on a local dev and then remove all plugins, then re-install each one and also compare to a stock WordPress install for core files and changes. It's a manual process, but one that will be 100% right.

Change the database username/password, and make sure the MySQL is not accessible from outside of localhost.

You can then upload it again, 404 or 410 won't make any difference, 410's can be a little faster to drop, but it's days, not weeks generally.

Make sure that the user accounts are correct and reset all passwords.

Once you have it up you want to add

Sucuri Security

Wordfence

NinjaFirewall

Make sure the BruteForce is enabled for all logins and enable Captcha. Keep an eye on these

We then use RankMath Pro, to make sure all the pages are as solid as they can be, fix any errors, and make sure the schema is correct. Generally, give it a good tidy-up (it all helps in re-ranking)

Once we have cleaned a client site, we typically provide hosting and a monthly maintenance package, we use TimeCapsule and S3 cloud storage for ongoing backups as well as downloaded full site backups when there are major edits. It does depend, if a client has WooCommerce, then it needs a different backup strategy than a static site.

If you don't go down a managed route it's important to ensure that plugins are updated along with core updates. Also, run a backup site locally where you can test and always have a full site that can be uploaded.

Good luck
Abdul

Post by Abdul »

For Hacked clearance, you need to clean the website. If you are using wordpress, I suggest you to take backup with a plugin and use xampp or ampp to create localhost and then restore backup there. Clean website in that section and use WordFence for scanning.

Note: Don't use same hosting account again, because these malware are spread in your whole filemanager folders, no matter how many times you clean it on that hosting account it will come back.

Restore this cleaned backup to new hosting, it will surely work. I have secured websites like these. Most of time websites were hacked on HostGator and GoDaddy hosting, no matter what injected files were restoring themselves even I delete whole data of website. These hosting supports never agreed that their server were spreading malware.

I used Namecheap to host these websites after cleaning websites.

If you have other CMS then cleaning method is little bit complicated but can be done by taking some precautions.

As for removal of 404 pages, First way is to submit those pages for removal, it will be troublesome to do it manually. I suggest using SEO Power Suite's Website auditor to get all URLs available on website and indexed in Google. Check those URLs and submit them for removal.

Check your list of 404 URLs from Website Auditor and use Indexnow API and Google Index API to send removal requests. It will lessen your work.

Also, check structure of those URLs and put them in robots.txt as disallow.

Leaving them as 404 will take time to get de-indexed.

You can put 410 on those pages to get them de-indexed.
Post Reply
  • Similar Topics

    Replies
    Views
    Last post