Home » Blog » How to remove spam URLs from Google index for hacked websites?

How to remove spam URLs from Google index for hacked websites?

You are reading this probably because your website was recently hacked and hundreds or thousands of spammy urls were added to your website without your knowledge. You have taken all measures to clean your website, removed all malicious content and closed the loop holes that caused the hacking. But your URLs are still on Google and your site’s ranking is lost. You are losing business because you are no longer receiving leads from your website.

You are not alone. A lot of webmasters face this problem often. Once a website is hacked, the webmaster has sleepless nights until the site is restored and made fully functional. A lot of testing is required to ensure all pages and features work as expected and no traces of hacking remains.

Being a leading digital marketing agency with more than 15 years of serving clients across the globe, SpiderWorks has helped several organisations to recover their websites from hacking and restore their Google ranking. 

Once the website is fully restored, the next big thing starts – clean up your website on Google and remove all those spammy URLs.

We recently supported a website in UAE to recover it from hacking. After the site recovery, we found that nearly 10,000 URLs were added to Google index for that website. We went through an extensive process of removing those spammy URLs containing Chinese headings, titles and content. We have shared our experience in removing spammy URls from Google index while restoring the site from hacking. Read further to know how we restored the ranking of the website after the hacking recovery.

Clean up spammy URLs from Google Index

How do you cleanup all those spammy URLs on Google’s index and make sure your website doesn’t lose the search engine ranking because of the presence of spammy pages on Google (unless it has happened already)? Let us see various options.

Here are few tips to speed up removal of spam urls from the Google index after your website is hacked:

1. Make a complete backup of your hacked website so that you can continue inspecting the hacker approach even after you recover your hacked website.

2. Manually inspect your hosting website and make sure all files that are added by hacker are removed promptly. The earlier you do it, the better.

3. Check every file on your website and remove any unknown software programs, code, folders and pluggins. Remove them promptly.

4. Modify your website code so that all non-existing pages return a 404-error code. This is often misunderstood by many websites. Just redirecting a non-existing page to another page that shows “404 Page Not Found” is not enough. When someone visits a page that doesn’t exist, make sure every such URLs return a 404 Error Code instead of the usual “200 OK” return code. This is a technical implementation and you my need help from technical experts. If you need to a site audit to ensure all pages return appropriate return codes, you may take a website audit service from SpiderWorks. Contact us for more information on this.

5. Identify the most important pages that were getting traffic to your website. Resubmit those pages, including your homepage, to Google Search Console and request reindexing. This will help in getting Google to reindex your important pages and replace the cached spam copy with your original content.

6. Go to URL removal tool on Search Console on Google Search Console and manually submit the spam URLs that you want to be removed from Google. Remember not to do this for your valid URLs. If all of your spam urls are under a single folder, you can request to remove an entire folder and that will make the process easy and quick. Be aware that this process will only temporarily hide the pages and not permanently remove from Google. So, this can be used as a quick solution and as a permanent solution, you must implement 404 return code for all those pages.

7. Create a temporary sitemap file that lists all spammy URLs found in Google’s index. All those URLs listed on those pages should return appropriate return codes (In case of removed pages, 404 or 410 error code should be returned. In case of good pages, valid success code should be returned.)  By submitting such a sitemap file, Google can quickly find those URLs and try to reindex. When the sitemap file is processed, if Google finds pages with 404 or 410 error codes, such pages will be marked for removal. This temporary sitemap can be removed once all the unwanted pages from your site are removed from Google’s index.

8. Check the Robots.txt file and make sure the folders where the spam URLs appear are not blocked for the Google bots. If those files or folders are blocked, then the bots will not be able to access the URLs and so they won’t notice the 404 response codes. This may delay in removing the URls from the index.

Recover from Hacking

Typically, when a website is hacked, the hackers will replace your existing pages with their content or inject a lot of malicious pages on the website. Many times we have seen hundreds of pages were added to the site with Japanese or Chinese (not sure since I don’t know both the languages!) looking text. Sometimes it could be just a few pages to insult or demand money from the website owner. In many other cases, they insert thousands of malicious pages into the website with the goal of promoting their own content or business. Google may index such pages and you may be shocked to see on Google index that your website is now full of unknown pages. Presence of such URLs on Google index can quickly harm the reputation and ranking of your website, causing serious long term traffic lose.

If your website is hacked and if you notice a lot of strange looking pages appearing on Google index from your website, it is time to cleanup before Google penalises your website for hosting spam pages.

In the most recent case we helped with hacking recovery, the hackers planted nearly 10,000 pages to the website. We followed all the best practices and replaced the site with fresh files to ensure no traces of the malicious script remains on the site. After careful examination and closing all possible loop holes, we followed the instructions mentioned earlier in this article. It took several days for us to clean up the site and remove all unwanted URLs from Google’s index.

Even though our website was hacked only for 1 day, Google somehow indexed thousands of unwanted pages. We were very quick on action but it still took nearly 10 days to fully get rid of all Chinese looking pages from Google index.

Need help with hacking recovery or to cleanup your URLs on Google index? Contact us today to explore how we can help you.

Latest company updates and industry news

Engage With Us.