⚙️ TECH-HELP · SAN DIEGO · HACKED WEBSITE

Your business website got hacked. Here's the calm way out.

Spam pages you didn't write, a defaced homepage, or Google now says "this site may be hacked" next to your North County San Diego business. It's fixable — and it's not the end of your site. Work the triage below before you panic.

↓ Start the 60-second triage Text PJ instead

Operator-honest tech-help · no jargon · no upsell to something you don't need.

The hacked-site triage

Work these in order · do not skip step 1 · most San Diego small-site hacks clean up the same day

Change your passwords first — before you touch anything else. The hack got in through a credential. Change the password on your website host/cPanel, your CMS admin (WordPress, Squarespace, Wix, Shopify), your domain registrar, and any FTP/SFTP accounts. Turn on two-factor authentication everywhere it's offered. If you skip this, anything you clean gets re-infected within hours.
Confirm what you're actually seeing. Open your site in a private/incognito window and on your phone on cell data, not wifi. Hacks often only show to outside visitors or to Google — not to you when you're logged in. Note exactly what's wrong: injected spam pages, redirects to another site, a defaced homepage, or pop-ups. That tells you the scope.
Take the site offline or put up a maintenance page. While a hacked site is live it can spread malware to your customers and dig your Google penalty deeper. Switch on maintenance mode in your CMS, or ask your host to temporarily suspend public access. A clean "back shortly" page protects your customers and your reputation while you work.
Check Google Search Console for the Security Issues report. Log into Search Console for your domain and open Security & Manual Actions → Security Issues. It lists exactly what Google found — injected content, malware, or harmful redirects — and often sample URLs. If you've never set up Search Console, that's step one of getting the warning removed; you can't request a review without it.
Restore from a clean backup, or clean the infection. The fastest fix is to restore the whole site from a backup dated before the hack — most hosts keep daily backups (ask support). If there's no clean backup, the infection has to be removed file by file: scan for malware, delete injected pages and unknown admin users, and update every plugin, theme, and the CMS core. This is the step where San Diego business owners usually get stuck — and it's fine to get help here.
Request a review from Google to lift the warning. Once the site is verifiably clean, go back to Search Console → Security Issues and click Request Review. Describe what you cleaned. Google typically re-checks within a few days; the "this site may be hacked" label drops once they confirm it's clean. Don't request the review until the site is actually clean — a failed review slows everything down.

⚙️ Either I help now, or we make it not break again

Get it clean today — or get the system so it can't happen

Text PJ and you've got two operator-honest modes. Mode one: it's a live emergency — I help you clean it, get it back online, and request the Google review now. Mode two: it's calm and you want it to stay that way — we build the backup-and-monitoring system: real backups you own, update routine, two-factor, and a watcher so you hear about trouble before Google does.

Either way, you've got a SideGuy — a parallel layer running quietly behind your website. The first hour is free. Operator-honest: if it's a quick self-fix, I'll just tell you how. SideGuy is based in Solana Beach — North County San Diego, same time zone, real person.

📲 Text PJ — my San Diego site got hacked

Common questions (answered honestly)

How do I know if my website is actually hacked?

Common signs: pages you didn't create (often spam in another language), your homepage redirecting somewhere else, pop-up ads, a "this site may be hacked" or "deceptive site ahead" warning in Google results or the browser, or your host emailing you about malware. Check in a private/incognito window — hacks often hide from the logged-in owner and only show to outside visitors.

Will Google remove the "this site may be hacked" warning automatically?

No. You have to clean the site completely, then log into Google Search Console, open Security Issues, and click Request Review. Google re-checks within a few days and drops the label once they confirm the site is clean. The warning stays until you both fix it and ask for the review.

Do I need to take my website down while I fix it?

Yes, at least put up a maintenance page. A live hacked site can spread malware to your customers, harm your reputation, and make the Google penalty worse the longer it stays up. A simple "back shortly" page protects everyone while you clean things.

How do I stop it from getting hacked again?

The hack almost always got in through an outdated plugin/theme, a weak or reused password, or an unmonitored host. The lasting fix is real backups you own, a routine for updates, two-factor authentication, and something that watches the site so you hear about trouble early. Text PJ and we'll scope it for your setup.

🏝️ More from NC SD

Encinitas· Cardiff-by-the-Sea· Solana Beach· Del Mar· Carlsbad· La Jolla· Compliance hub· AI Marketing Help