Google’s John Mueller shares SEO best practices to follow when cleaning up, and recovering from, site hacks.
Mueller provided this advice on Reddit in response to a thread from a site owner dealing with thousands of hacker-injected web pages.
The site owner begins by asking whether it’s best to 404 or 410 the hacked pages, to which Mueller replies: “It doesn’t matter. The different is mostly theoretical.”
In a follow-up comment the site owner asks if there’s anything else they should do. They say they’re dealing with a small business website with less than 20 pages.
Thousands of pages were added to the site by a hacker, which have since been 410’d. The site’s rankings have not rebounded since removing the hacked pages.
Here’s what Mueller advises.
Mueller on Recovering From a Site Hack
As a first step to recovering from hacker-injected pages, Mueller recommends using the URL removal tool as it will immediately hide the pages in search results.
The pages will drop out of Google’s index when the site is crawled again, and Mueller says search results should go back to normal quickly.
Depending on the damage done during the hack, and how long the site was hacked for, it could take several months to recover.
“The URL removal tools will hide them in the search results, which is a good first step. They’ll be recrawled over time and drop out of the index (404 or 410 doesn’t really matter), and usually the search results for the rest of the site go back to normal fairly quickly (though it certainly can take a few months for things to really settle back down, depending on how & how long the site was hacked).”
Mueller adds that if any existing pages were hacked then they should be dealt with first. These can get refreshed quickly by manually submitting the URLs.
Site hacks can sometimes exacerbate existing issues on a site, Mueller says, which can cause Google to reconsider how the site should be shown in search.
Those issues could be holding the site back from making a full recovery in search results. While cleaning up a site hack it’s worth making an effort to improve the quality of the site at the same time.
“… if a site has tricky issues already, then sometimes getting hacked essentially causes our systems to have to reconsider how the site should be shown in search. If you suspect it might be in that direction, then by all means still clean up the issue with the hack, but focus most of your time on significantly improving the site overall, rather than trying to remove all miniscule traces of the hack.”
Lastly, Mueller says traces of a hack will get cleaned out over time as improvements are made to the site.