WP Site Hacked, Serp Google Spam [closed]

Question

Closed. This question is off-topic. It is not currently accepting answers.

---

Want to improve this question? Update the question so it's on-topic for WordPress Development Stack Exchange.

Closed 2 years ago.

Improve this question

It all began when Google Ads suspended my ads because they found a malware in my WP site. I tried to do scan with some free plugins: Wordefence, anti-malware and Securi, or online tool like: sitecheck.sucuri.net and transparencyreport.google.com, but I didn't find any malware though the SERP has been compromised!!there are about 100 fake url like these:

• https://www.example.com/?lang=en&s=%2525E5%2525A4%2525A7%2525E5%2525A5%252596%2525E8%252580%252581%2525E8%252599%25258E%2525E6%25259C%2525BA%2525E7%2525BA%2525BF%2525E8%2525B7%2525AF%2525E6%2525A3%252580%2525E6%2525B5%25258B%252BQ82019309.com.com

• https://www.example.com/search/%e5%a4%a7%e5%a5%96%e8%80%81%e8%99%8e%e6%9c%ba%e8%af%9a%e4%bf%a1%e5%93%81%e7%89%8c+Q82019309.com.com/?lang=en/feed/rss2/

I'm at my wit's end!! Is there someone that can help me?

Thanks

Answer 1

I've cleaned up a few hacked sites, and have developed my own personal procedure here.

But there are many googles on how to clean up. The basics are change the passwords of everything (hosting, database, FTP, users), reinstall WP and all themes/plugins from a known good source (WP repository), and manual inspection for bad files.

It's a bit of work, but I've been successful. The link in the comments is also a good place to start.