Google Search Console on Previous Hacked Site

JasonSc

BuSo Pro
Joined
Mar 30, 2016
Messages
109
Likes
144
Degree
1
I took over a site that was hacked about 18 months ago. I cleaned up about 9 months ago. A new site was built on a new server using none of the previous assets. I’m 99.9999% certain the site is secure.

Looking in Google Search Console, there are over 10,000 pages that don’t exist.

The site is for a local business which has 20 total pages/posts.

I typically don’t give this to much attention; however, this site is not ranking well. These are easy local keywords, so easy I can get a Soundcloud page to rank with a good title tag.

So my question is, how do I stop WordPress from redirecting these pages and forcing them to return a 410 response?
 
Were you fortunate enough to have all the hacked in pages all subsiding in a single sub-folder that nothing else you need is in?

And also, is this on an Apache server or Nginx or what?
 
In my experience it take time with hacked domains. Like several years, and certainly say 6 months to start getting basic impressions in Google. If the domain is powerful enough tho (backlinks to hacked content excluded) then it can be worth persisting. There is nothing special you should do except 404 the hacked content/URLs.
 
Were you fortunate enough to have all the hacked in pages all subsiding in a single sub-folder that nothing else you need is in?

And also, is this on an Apache server or Nginx or what?
No, its kind of across the board.

Rank Math's 404 monitor shows most of the request as files ending in /RANDOMNAME.xml or /RANDOMNAME.htm

cPanel Visitors log shows a lot of traffic to /RANDOMANME.xml or /themes/RANDOMETHEM/db.php?u

GSC shows a couple of things:

Alternate page with proper canonical tag:
https://domain.com/?formingb7/be2967510_htm
https://domain.com/?opengl59532/acc2377927_htm
Page with redirect
https://domain.com/index.php?hoodsbf/afdc816392.htm
https://domain.com/index.php?thesis1ae64/fddce1645989.htm

Its a VPS from Knowhost, running WHM and cPanel. So I believe Apache

I'm wondering if I could do a wildcard with "/index.php?" or does WordPress use the "?" at the end?

In my experience it take time with hacked domains. Like several years, and certainly say 6 months to start getting basic impressions in Google. If the domain is powerful enough tho (backlinks to hacked content excluded) then it can be worth persisting. There is nothing special you should do except 404 the hacked content/URLs.
The backlink profile is about average for a local business, mainly citations and a couple of local directory links.

I'm not too concerned about the 404 errors in GSC. I'm mainly concerned about the "Page with redirect" and "Alternate page with proper canonical tag". These 2 together make up over 4000 urls and the number has been increasing.
 
If those pages 404 now, they will drop out of GSC, might take months for it to reflect that.
 
Back