My site was hack malware attack

  • Resolved MAli Op

    (@alib1236)


    11 months, 2 weeks ago

    My site was hacked on June 14, 2025. The sitemap was changed, and my website started redirecting or showing spammy and irrelevant URLs in Google search results. Over 1,000 suspicious URLs are now indexed in Google. Someone submitted a fake sitemap in Google Search Console.

    I was very worried, so I restored a backup from May 28, 2025. I also changed all passwords, updated the sitemap, activated the Wordfence plugin, and created a list of spammy URLs in a file named spam-url.txt, which I uploaded to the file manager. I also added this file as a sitemap: https://oldmoneystyl.com/spam-url.txt.

    Additionally, I blocked these spammy URLs using the robots.txt file. However, these URLs are still appearing in Google search results.

    Can you please guide me on what steps I should take next?

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    11 months, 2 weeks ago

    Hi @alib1236, thanks for getting in touch.

    If you use Google Analytics or Search Console, you may be able to contact Google support to get clarity on whether they’re able to remove links added during a hack, or how long they may take to no longer be indexed. We don’t normally get any insights on this from Google themselves, but it does usually take time for their bots to decide the links are no longer useful to crawl (or no longer exist).

    We do have some helpful resources that may assist you in making sure your site has definitely been cleaned along with possible attack vectors being closed. You should try the following checklist:
    https://www.wordfence.com/docs/how-to-clean-a-hacked-wordpress-site-using-wordfence/

    Before attempting a site cleaning, we always recommend that you make a full backup of the site beforehand.

    Make sure all of your plugins and themes are up-to-date and that WordPress core is on the latest suitable version. As a rule, any time someone thinks their site has been compromized, they should update their passwords for hosting control panel, FTP, WordPress admin users, and database in order to cover the key access points where somebody could change or upload things on the site. Make sure to do this as Wordfence is an endpoint firewall that runs after PHP runs but (when in “Extended Protection” mode) before the site content is hosted to visitors of your site’s URL in their browser. This means other access points for databases, control panels, FTP etc. may never load Wordfence.

    Additionally you might find the WordPress Malware Removal section in our free Learning Center helpful.

    Many thanks,
    Peter.

Viewing 1 replies (of 1 total)

The topic ‘My site was hack malware attack’ is closed to new replies.