Introduction to Manual Actions in Google

Most people have been victims of hacking, whether they know it or not. Any website owner will have suffered attempts to compromise their website. Sometimes these don’t work – good news. Other times, the hackers get what they want so you then have to deal with manual actions in Google Search Console.

As we have built and managed hundreds of websites, we can offer an insight into the type of activity currently going on by hackers and spammers. We can also help you fix those issues if you contact us. Before that, here is some information and advice, particularly concerning something known as manual actions in Google Search Console.

Manual Actions in Google Search Console

What is a Manual Action in Google?

A manual action is given when Google Search Console detects malicious activity on a website which is listed in Google Search index. Malicious activity can be anything from spam to malware, which are activities performed by ‘hackers’ or ‘bots’. If Google detects that your website has been compromised by a hacker, it alerts you via Google Search Console.

If you are given a manual action, you need to act fast because Google will mark your website as insecure by displaying a line of text under your search results. It will say something like “This site may be hacked.” This isn’t great, as it will put people off visiting your website and could have devastating results for your visitors and ultimately your revenue.

If you are given a manual action, you will receive an email via your Google Search Console account, which will say something like this…

“Google has detected that your site has been hacked by a third party who created malicious content on some of your pages. This critical issue utilizes your site’s reputation to show potential visitors unexpected or harmful content on your site or in search results. It also lowers the quality of results for Google Search users. Therefore, we have applied a manual action to your site that will warn users of hacked content when your site appears in search results. To remove this warning, clean up the hacked content, and file a reconsideration request. After we determine that your site no longer has hacked content, we will remove this manual action.”

Manual Actions in Google Search Console

What is Google Search Console?

Anyone who manages a website should be using Google Search Console. It is a free tool, provided by Google to help you manage the health, performance and security of your website.

If you are not using Google Search Console, you should be. If you need help or advice on how to set it up and use it, please get in touch. In brief, the setup requires you to create a Google account (if you haven’t already). You will then need to register for Google Search Console and add your website(s) as a ‘property’.

Finally you will then need to verify your property, which is the part you might need the most help with. Verifying a property can involve having to add a snippet of code to your website in the background. This can be tricky for a layperson, so please don’t do this without help.


How Do I Deal With a Manual Action in Google Search Console?

This is the tricky part. There are many different things that Google can award a manual action for. The most common example, however, is when a hacker inserts their own content into your website. Most of the time, this will be a result of ‘bots’ (automated programmes, as opposed to real people). Bots will try to find vulnerabilities in a website in order to access it through a back door. It will then add content, usually in order to divert traffic to another website.

When Google Search Console alerts you to a manual action, it will tell you why it has been issued and you then need to follow the advice it gives you. For example, if some malicious files have been added to your site, Google will tell you what they are and will ask you to delete them.

Deleting Malicious Files from a Website

Deleting these files should be done with care. I would always recommend speaking to an experience Web Developer such as Go Web. We can help locate the malicious files and fix the problem for you.

Assuming you have deleted the files in question, the next step would be to secure your site from future attacks. There are many ways to do this, such as using a firewall, a security plugin for platforms such as WordPress, changing passwords, and so on.

Once you have deleted the files in question and secured your site, you need to then submit a reconsideration request. When you do this, Google will ask you what steps you have taken to secure your website.

Our Step by Step Guide to Dealing With Manual Actions in Google Search Console

Google Search Console is THE most important tool for any website owner who relies on ranking in Google Search results.

  1. To get started, visit the Google Search Console website.
  2. You will be asked to log in using your Google account. If you don’t have one of these, you need to create one.
  3. Next, you will need to create a property.
  4. Input all of the information you are asked for, including your website URL (domain).
  5. You will then need to verify your site, which is where you might need our help.
  6. That’s it, the basic setup of Google Search Console is done.

If you are hit with a manual action, you will receive an email to whichever email address you used to set up your Google account and Search Console. Within this email will be details of the malicious files that Google has found on your site.

This part is a bit trickier. For this stage I would recommend speaking to a Web Developer. However if you feel confident, here’s what to do.

  1. Backup your website and database! If you don’t know how to do this, don’t go any further. Instead get in touch with us.
  2. Ensure you’ve got an FTP connection, which will allow you to view all of the files and folders which make up your website. To do this, you’ll need to log in to your hosting control panel, Plesk or cPanel and create an FTP connection. FTP stands for File Transfer Protocol.
  3. Once you’ve set up an FTP connection, you can use a programme such as FileZilla or Cyberduck to connect to your website via FTP.
  4. Once you’re connected via FTP, you should see a list of all your website files and folders. You now need to check in Google Search Console for the locations of the infected files, then delete them.
  5. After you’ve deleted all the bad files, you should run a scan of your website to make sure there’s nothing else. If you use WordPress, there are lots of free security plugins available. We recommend WordFence. This type of plugin will allow you to run a scan and WordFence in particular has tools to help you delete malicious files without a separate FTP connection.

This might not be necessary, however sometimes hackers gain access to your website by something called SQL injection. This means they have compromised your database.

If this is the case, as an extra precaution you could go back to a clean version of your database from before the malicious files were detected. This is assuming you have one. If not, it’s good practise to ensure your website and database are being backed up regularly.

We would now recommend changing all of our passwords, including your CMS access (WordPress, for example), your database (by logging in to PHPMyAdmin), your cPanel/Plesk password, your hosting account and so on. For this part, I would strongly recommend speaking to us or another reputable Web Development company.

There are many ways to protect against future attacks:

  • Use a security plugin such as WordFence
  • Enable regular scanning
  • Set up automatic backups of your web files and database
  • Use a firewall
  • Change passwords
  • Delete any unwanted users from WordPress or Magento (or pretty much any other CMS)
  • Set up security alerts

Once you’ve done everything you need to, you should let Google know. Within Google Search Console you will be able to submit a reconsideration request. Tell Google all the steps you’ve taken and it will re-crawl your site. If Google is happy that you’ve fixed the issues, it will remove the manual action and your Google Search results will be back to normal.