Google’s flagging that websites are hacked (“This site may be hacked.”) is a good thing and from what we have seen their claims are highly accurate. A reoccurring problem we found in cleaning up hacked websites, though, is that after the websites have been cleaned is that Google will claim in the Security Issues section of their Search Console that the issue has been detected days after it has been resolved.
As an example of that we had someone whose websites we cleaned up on March 1, but as of March 4th, Google was claiming that the issue was detected the day before:
Using the Fetch as Google tool in the Search Console showed that the URL they claimed the issue had been detected on didn’t exist (since the code that generated it was no longer on the website):
No change had been made to the website on either of those days, so the result would have been the same the day before.
By later on March 4 that claim had disappeared despite a continued lack of change of anything on the website:
Since we deal with hacked websites all the time we are aware of this issue, but for clients or others who might be trying to deal with a situation on their own it is easy to think that this could cause unnecessary distress and wasted time spent trying to deal with an issue that has already been dealt with.
Hopefully Google will work on correcting this.