Last month google search console notified us that one of the site we manage got hacked
See how to receive hacked notification from google
The message we received via search console was very clear and 6 steps were instructed to get this issue fixed, you could see screenshot of the detail message here.
Hacked message being received we informed the specific team, thoroughly went through 6 instructions along with this article reconsideration requests
Our site is on WordPress and all necessary steps were taken to secure the site, we used google docs to elaborate the process and here is what we submitted to google to get the site restored
Our site is built on WordPress and the following plugins were not monitored/updated which caused the site got hacked
WP-db-ajax-made
Google Analytics by MonsterInsights
Google Analytics by MonsterInsights & WP-db-ajax-made both suspected plugins are uninstalled and removed
The following suspicious files are removed from the site’s root directory.
->cosonic [directory and zip]
->tpnhk9f [directory and zip]
->orvlt7v [directory and zip]
scanned the files with kaspersky virus removal tool and get the affected files removed.
->wp-comments-post.php at root [some scripts were added to these system file. it is replaced now ]
->replaced wp-admin and wp-includes with latest version
-> removed fd84844b53.php
The following infected files are removed and ultimately the full themes
are removed as they are unnecessary
*******************************************************
->wp-content\themes\contango\content-search.php.malware
->wp-content\themes\contango\footer.php.malware
->wp-content\themes\contango\loop-meta.php.malware
*********************************************************
->wp-content\themes\thememin\themify\class-themify-walker-nav-menu-edit.php.malware
->wp-content\themes\thememin\skins\black\menu.php.suspected
**********************************************************
->wp-content\plugins\contact-form-7\includes\lib.php.suspected
->wp-content\plugins\contact-form-7\modules\info.php.suspected
->wp-content\plugins\mobile-friendly-audit-tool\assets\cache.php.malware
->wptouch\themes\foundation\modules\google-fonts\alias.php.suspected
->wp-content\plugins\wptouch\resources\icons\elegant\dump.php.suspected
->wp-content\plugins\wptouch\themes\bauhaus\model.php.suspected
->wp-content\plugins\wp-piwik\css\template.php.suspected
->wp-content\plugins\wptouch\themes\foundation\modules\fontello\font
\themes.php.suspected
->wp-content\plugins\wptouch\themes\foundation\modules\cloud\view.php.suspected
*********************************************************
Following unnecessary plugins are removed
Mobile Friendly Audit
WPtouch Mobile Plugin
WP-Piwik
WP DB Ajax made
Irrelevant posts are deleted & recaptcha is added to prevent comment spam.
We’ve updated the WordPress version & plugins
Changed admin credentials
Added wordfence & iThemes security plugins
Verified non-www version of the site in google search console
Added google analytics tracking code manually ( see this post – More security notifications via Google Analytics )
Secured wp-config.php file
We will continuously monitor and keep the WordPress & plugins version up-to-date to prevent the site from being hacked