1Introduction: The Nightmare Scenario of a Hacked Website

It's a feeling every website owner dreads: the slow realization that your site has been compromised. For us at SEOblogy, this nightmare became a reality when we discovered our WordPress site had been injected with over 8,000 spam pages, mostly related to casino and gambling keywords. It was a classic, malicious attack designed to hijack our site's authority. Instead of panicking, we saw an opportunity to document our recovery and create a blueprint for others. This case study details the methodical, technical approach we took, showcasing the power of an expert technical SEO cleanup to achieve a full recovery.

2Part 1: Assessing the Damage in Google Search Console

The first signs of trouble appeared in Google Search Console (GSC). The "Pages" report, specifically the "Not found (404)" section, showed a terrifying spike. Where there were once a handful of legitimate 404s, there were now thousands. A quick site:seoblogy.com search on Google confirmed our fears, revealing page titles in foreign languages and littered with spammy keywords. This initial assessment was crucial; it gave us the scale of the problem and a baseline from which to measure our cleanup progress.

3Part 2: Immediate Damage Control

Our response had to be swift and decisive. The first steps were focused on containment and security:

1. Delete All Spam Posts: We immediately went into our WordPress database and bulk-deleted all posts created by the hack. This stopped the bleeding and was the first step in cleanup.
2. Change All Passwords: Every single password—from WordPress admin accounts to FTP and database credentials—was changed to something long, unique, and complex.
3. Migrate the Server: To ensure no backdoors remained, we made the critical decision to migrate the entire website to a new, secure cloud environment. This fresh start was essential for long-term peace of mind.

4Part 3: Sending the Right Signal with 410 Errors

Just deleting the posts wasn't enough. It created over 8,000 URLs that now returned a `404 Not Found` error. While a 404 tells Google the page isn't there, it's an ambiguous signal; the page might come back. For content that is permanently gone, a `410 Gone` status is far more powerful. A 410 tells Google, "This page is gone, it's never coming back, and you should remove it from your index immediately." This was the core of our removal strategy.

5Part 4: How We Identified the Spam Keywords

We couldn't manually create 8,000 redirect rules. We needed a scalable solution. The key was in the URLs themselves. We exported the full list of spam URLs from GSC and analyzed them in a spreadsheet. Patterns emerged quickly. The hackers used a limited set of keywords in the URL slugs, such as "casino," "slot," "bonus," and others. This analysis allowed us to build a targeted blocklist of recurring spam keywords.

6Part 5: The .htaccess Code That Saved Us

With our list of spam keywords, we could now craft a rule in our `.htaccess` file. This powerful server configuration file allowed us to automatically serve a `410 Gone` status to any URL request containing one of our identified spam keywords. This single block of code effectively dealt with all 8,000+ URLs without needing to list them individually.

# Block Spam URLs and return a 410 Gone status
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} casino [NC,OR]
RewriteCond %{REQUEST_URI} slot [NC,OR]
RewriteCond %{REQUEST_URI} bonus [NC]
RewriteRule .* - [G]
</IfModule>

Disclaimer: Modifying your `.htaccess` file can break your site if done incorrectly. Always back it up before making changes and consult a professional if you are unsure.

7Part 6: Giving Google a Clean Map for the Future

After telling Google which pages to forget, we needed to remind it which pages to remember. We generated a fresh, clean sitemap_index.xml file that contained only our legitimate, valuable pages. We immediately submitted this new sitemap via Google Search Console. This action helps Google prioritize crawling the pages you actually want indexed and accelerates the discovery that the spam pages are gone.

8Part 7: The Final Polish - Using the Removals Tool

The 410 rule is a permanent, long-term solution, but it still relies on Google re-crawling the URLs. For a few high-visibility spam URLs that were still appearing in search results, we used GSC's Removals Tool. This tool provides a quick, temporary (6-month) fix by hiding the URLs from search results. It's a great cosmetic step to clean up your appearance while the permanent fix takes effect.

9Part 8: The Final Phase - Patience and Monitoring

SEO is a marathon, not a sprint—and hack recovery is no exception. After implementing all the fixes, the final step was to wait and monitor. We watched the "Not found (404)" report in GSC (which also reports 410s) for the expected downward trend. It wasn't instantaneous, but over the next few weeks and months, we saw the number of indexed spam URLs steadily decrease until they were all gone.

Conclusion: Key Lessons from Our Hack Recovery

This WordPress hack was a stressful experience, but it reinforced several key principles. First, swift action and a multi-layered security response are critical. Second, for permanent content removal, a `410 Gone` is the clearest and most effective signal you can send to search engines. Finally, a methodical, patient, and data-driven approach can overcome even a large-scale crisis. By understanding how to communicate with Google, you can achieve a full recovery and protect your site's hard-earned authority. If you're facing a similar issue and need guidance, please contact our team at SEOblogy for professional assistance.