If you're a site owner and you see one of these...

You might have been hacked

Every day, cybercriminals compromise thousands of websites. Hacks are often invisible to users, yet remain harmful to anyone viewing the page — including the site owner. For example, unbeknownst to the site owner, the hacker may have infected their site with harmful code which in turn can record keystrokes on visitors’ computers, stealing login credentials for online banking or financial transactions. If you’re not sure whether or not your site was hacked, start by reading our how do I know if my site is hacked? guide.

Learn about hacking

This video covers:

  • How and why sites are hacked
  • The process for recovering a site and removing any user-facing warnings
  • Approximate time to fix the site
  • Fixing it yourself or hiring a professional

Take action


1. Build a team

Contact your web host and build a support team.

2. Quarantine your site

Prevent the hacker from doing any more damage.

3. Use Search Console

Use Search Console to help identify the hacking type.

4A. Assess the damage (spam)

For spam hacks, figure out what needs to be fixed.

4B. Assess the damage (malware)

For malware hacks, figure out what needs to be fixed.

5. Identify the vulnerability

Figure out how the hacker got in.

6. Clean and maintain your site

Close the vulnerability that let the hacker in.

7. Request a review

Ask Google to reconsider your hacked labeling.