Google Malware Checker

Search Engine Optimization

Google Malware Checker

Enter a URL

About Google Malware Checker

Google Malware Checker
  • Cloaked URLs. Hackers who place pages on your site will often cloak the URL to hide it from Google, so Google won’t see it. Google can still see it but won’t add it to their index; however, they can add it to their list of compromised sites.
  • HTTP Status Codes. Checking these codes can show if there are malicious redirects or compromised pages that should otherwise resolve fine.
  • Spam Links. The tool will scan your pages looking for spammy links that might have been embedded by a hacker. Some hackers will add links to their PBN domains or to their tiered link building sites, and hope they go unnoticed; such links can flag your site as part of a PBN and tank your SEO.
  • Usage of iFrames. The old iFrame system was a way of displaying content within content, but is also often used as an invisible way to serve display ads or malicious code without actually putting that code on your page. Such iFrames are generally detrimental for any site today, so don’t use them, and make sure there aren’t any embedded on your page without your knowing.
  • Blacklists. IsItHacked maintains a list of blacklists from around the web, including the Google Safe Browse blacklist. They will check your URL against these blacklists to see if it appears, which can tell you if you’ve been compromised.

There are other site scanners as well. Sucuri has one, as do services like Siteguarding. Run your URL through one or more of these services to see if any of them come up with a worrisome result.

Cleaning a Compromised Site
I already linked to our primary article on how to recover from a site hacking, but I’ll go over some tips here.

The first thing you should do is determine the extent of the hack. If your admin account is compromised, it could access more than one page. If it’s a hack of your CMS, they might not have had access to your back-end data. It’s also possible that the hack came through your advertising rather than your site itself, and so recovery is as simple as reporting and removing that specific malicious ad from rotation.

If your account has been compromised, look into other potential accounts that might have been compromised as well. Too many people share passwords and account names, and if a hacker compromises one, they might be able to compromise another. Check your email accounts for unauthorized access, as well as other important accounts.

One critical thing to check is recovery information. I’ve personally had a Microsoft account hacked where the hacker added their own information to the recovery list; if I tried to change my password, they would get the password reset email too and could change it back. If I hadn’t noticed, they could have then locked me out of the account entirely. Always look for changed or unusual contact information and remove it before you change your account information.

If any third party service, be it your web host, your email, or your bank is compromised, look for any specific hacking recovery information from that service. Some services, like PayPal, have specific processes you can follow to make sure you recover and re-secure your account.

As for your site itself, figure out how much of your site has been compromised, in what ways, and for how long. Ideally, it’s not a widespread hack, and it hasn’t been hacked for long. Look for any backups of your site you have taken, and examine them to see if they were compromised as well. Ideally, you can simply restore your site from a previous backup, recover any lost content, and re-secure your site. If you have no backups, well, now’s the time to start them. Well, “now” as in after your site has been cleaned; you don’t want a compromised backup.

Remove any compromised files and replace them with clean files. Update any and all plugins, themes, and CMS platforms as necessary. If any plugins are older than six months or so without an update, consider replacing them with an actively maintained plugin.

Finally, consider implementing as many layers of security as possible. Two-factor authentication is generally a good idea to prevent unauthorized access to your accounts. You should also install a plugin or monitoring service like Sucuri to help monitor and prevent future attempts to hack your page.

Oh, and make sure you follow any laws regarding compromised user information. In America, for example, if a data breach includes personally identifiable information, you must notify your users within a certain period of time, as determined by state or regional law. Failure to disclose a breach can leave you liable for extreme damages.