Hacked content is any content placed on your site without your permission as a result of vulnerabilities in your site's security. In order to protect our users and to maintain the integrity of our search results, Google tries its best to keep hacked content out of our search results. Hacked content gives poor search results to our users and can potentially install malicious content on their machines. We recommend that you keep your site secure, and clean up hacked content when you find it.
Some examples of hacking include:
- Injected content
- Added content
Sometimes, due to security flaws, hackers are able to add new pages to your site that contain spammy or malicious content. These pages are often meant to manipulate search engines. Your existing pages might not show signs of hacking, but these newly-created pages could harm your site's visitors or your performance in search results.
- Hidden content
Hackers might also try to subtly manipulate existing pages on your site. Their goal is to add content to your site that search engines can see but which may be harder for you and your users to spot. This can involve adding hidden links or hidden text to a page by using CSS or HTML, or it can involve more complex changes like cloaking.
Hackers might inject malicious code to your website that redirects some users to harmful or spammy pages. The kind of redirect sometimes depends on referrer, user agent, or device. For example, clicking a URL in Google search results could redirect you to a suspicious page, but there is no redirect when you visit the same URL directly from a browser.
Fixing hacked sites
Here are our tips on fixing hacked sites and avoiding being hacked.
If you're a Search Console user and are having trouble with persistent or unfixable security issues on your site, you can let us know.