It’s the worst case scenario, you get a note from Google saying it looks like you’ve been hacked. Your website now has a tag on Google that says “this site has been hacked”, your traffic has plummeted and sales are way off. Why you!
Not all hacking is about stealing credit card information. Sometimes a hack is about stealing your traffic and your SEO juice. Only sites that are well-placed and popular are targeted for this type of hack.
The hackers know that you are doing something right and have Google’s attention and they want a piece of that action for their own benefit. What hackers will typically do in this case is to sneak in via WordPress and then move directly into your website, installing snippets of code that create folders on your server and a brand new XML site map full of spammy links pointing to websites that they are wanting to improve the placement on with Google.
Try to just delete the folder and you’re fine, think again. These scripts are propagating. Delete a folder and it will be back tomorrow in a new location with a new name. Plus the hackers will be logging in to add more junk and update their benefiting site list. It is all done to bleed off your traffic and steal the SEO juice you have.
The only way to solve this type of problem is by brute force. You’ll need to take everything down, wipe it clean and then reload only clean files plus a full new fresh update of all WordPress files. You may even have to clean your WordPress database and manually review each and every website page you put back.
When you do, make sure you are hardening your security, updating passwords and deleting files you don’t need where code may be hiding. These are smart, tricky, and unscrupulous people. They are not targeting you but for any other reason that your website is well-placed and popular.