Ekim ayında saldırıya uğrayan nispeten küçük bir WordPress sitesini (~300-400 sayfa) yönetiyorum. Kısa hikaye, erişimin sağlandığı bir dizinde bizim olmayan birkaç bin sayfanın ortaya çıkmasıdır. Deliği kapattık, siteyi sağlamlaştırdık, sayfaları kaldırdık ve GSC’de indekslemeyi kaldırdık.
Tüm bunların ortasında, izlenimler yere çarptı, tekrar biraz yükseldi ve sonra tekrar yere çarptı. 2 haftadır orada.
Bu konularda uzman değilim ama bu saldırı iyi dizine eklenen sayfalarımızı, gösterimlerimizi vb. etkilemiş olabilir mi? Bütün bunlara neyin sebep olduğunu nasıl bilebilirim? Manuel bir işlem yoktur ve algoritma güncelleme zamanlaması boyunca bile işler bizim için tutarlı olmuştur.
Yes, and in a big way.
I had a WordPress site that got hacked a few years ago and it was generating random pages. 1000s of them and of course, it lost all its ranking and even two years after cleaning it up, it will not rank for anything and Google will no longer index its pages.
We had to move to another domain.
It can but you can also recover from it.
you need to do more than de-index – I highly recommend 301ing them to a sacrificial page, like Privacy Policy and fully terminating them.
>impressions
If they ranked in results, then that time frame will show those impression and maybe clicks
>but could this hack have impacted our good indexed page
Very unlikely
>There’s no manual action, and things have been consistent for us even through the algorithm update timing.
Yeah, it doesnt warrant a manual action and there shouldnt be any other impacts
There are no “trust” signals in SEO apart from Authority/Topical Authority.
If you’re ranking for what you used to rank for, then you should be good
It’s definitely possible, because a hack doesn’t just add pages, it disrupts trust signals. Even if you removed and deindexed the injected URLs, Google still has to re evaluate:
* crawl budget reallocation
* sudden content footprint change
* link graph noise
* site safety confidence
When impressions tank, rise, then tank again, it **usually** means Google is **retesting the site quality score** and deciding where you belong.
A few things worth checking:
✅ GSC “Security Issues” history (even if it’s cleared)
✅ Indexed pages vs. submitted pages gap
✅ Server response consistency after the hardening
✅ Any leftover soft 404s or orphaned URLs
✅ Sudden internal linking pattern shifts
✅ Crawl stats report spikes or drops
The algorithm won’t show a manual action, but the hack can still cause:
* reduced crawling priority
* temporary suppression
* volatile visibility while trust recalibrates
If consistency has returned and the footprint is clean, impressions usually stabilize but it can take **2 to 6 weeks** depending on crawl frequency.
If you share:
* sitemap indexation %
* crawl stats graph
* number of removed URLs
* when GSC deindexing was processed
…it’s easier to tell whether you’re recovering or stuck.