Once you are on Google’s blacklist of hacked websites, cleaning up and getting off this list is an arduous task. However, working according to a plan or a checklist until your site is clean, back online, and back in the Search Engine Results Pages is always helpful.
To begin with, after you have worked on your hacked WordPress website, cleaned it thoroughly, and ensured that all the necessary security measures are in place, you will need to request Google to review your site. Google will not restore your website until all the security issues are addressed. Once you have removed the malicious code and all malware, you can request a malicious software review of your site in Google Webmaster Tools. Then, your site will be examined thoroughly by Google and if the software type in question is not detected, Google will remove the warning label and your website will no more be tagged as hacked or harmful in the Google search results corresponding to your site.
You can do this by going to the ‘Security Issues’ report section in Google Search Console, and then, clicking on ‘Request a review’. You can also select the website on the Google Webmaster Tools home page, click on Malicious Software under Diagnostics, and then select Request a review. If your website was fully cleaned, you may have to wait for up to 24 hours before this warning gets removed, or in some cases, if the problem was not solved completely, it may take from a few days to weeks as well. It may take a long, but this is the best approach to get your WordPress site reinstated.
Submitting your website for this kind of reconsideration is essential as Google will not know whether you have taken any steps to deal with the hacking. Moreover, resubmitting your cleaned WordPress site for a review is also an effective way to make sure that it does not get on any such blacklist by Google for a considerable amount of time again.
Another extremely important task to be done is monitoring the Google Console Search Activity actively, as sometimes, there is the possibility of hackers becoming the verified users of your website in Google Search Console. You will need to consider the recommendations in their related post and keep checking it at regular intervals to prevent such mishaps in the future.
To conclude, as there is no guaranteed solution to prevent hacking, your job does not end here. It is best to keep a close watch for any similar instances in the future. You can maintain your WordPress site by availing paid security services for your website, using security plugins and firewalls, deleting older versions of themes and plugins, running updates frequently, changing your user credentials on a regular basis, and not using non-official sites to download plugins.