Recently I set up my WordPress site as a “property” in Google Search Console. It was fun (and informative!) to watch the “position” feature in search analytics, listing what search terms found my page and what position each hit was in the search results (for a few results, the position of one of my posts was 10 or lower – first page of results, woohoo!).
But one day when I logged in to Google Search Console, none of my search statistics would display. Instead, there was this error message at the top of the analytics screen:
Verification failed for https://curiousprog.com/ using the HTML file method (8 days ago). Website verification has failed in a way that indicates that your site might have been hacked. You should examine and repair your site and then reverify it.
I have been keeping a close eye on web hits logged on my site since I first started it three months ago, watching for possible hacks. I chronicled some of the exploits hackers tried on my site in recent posts here and here. I saw a lot of attempts, but no clear indication that anyone had succeeded in compromising the security of the site.
So what problem did the Google web crawler or its associated tools identify as being a possible hack? By outward appearance, the site was in good shape, no spam in any of the posts, no extraneous text inserted or links to malware-laden sites. The Google Search Console didn’t give any more detail about what exactly was wrong, just some generic advice on how to search for malware and other possible issues.
History in the Search Console showed that verification problems started occurring about 10 days before I discovered them. But I had been in the Search Console 3 days earlier and saw no issues – I could still see the search analytics data with the position information.
So I started looking for issues on my site. I did a general security audit of the site with GravityScan (from Wordfence) and also Sucuri – nothing found.
I ran some quick MySQL queries to look for “<script>” or “<img>” tags (things that hackers might insert into content in order to spread malware) – nothing was found, no rows returned.
I browsed to some of the blog posts on my site in both the Google Chrome and Firefox browsers. Either of these should have flagged a page as a security risk if there was any issue – nothing, the pages displayed without problems.
In the end, I really didn’t find any issues with the site. So I decided to start over, removing the properties in Search Console and recreating them. I then set up a UA (“Unique Account”) number in Google Analytics and used this to verify each of the properties rather than relying on the default uploaded HTML file method. After I finished this, Google Search Console indicated that the properties were verified again, and I even got back the click and position data from the last two weeks that I thought would be lost when I removed the old properties.
Not sure what caused this issue in the first place. The hosting company did regenerate a new SSL certificate for my site – the old one expired the same day that Google started complaining about verification problems. Perhaps Google found the change in certificate to be suspicious?
A mysterious “verification failed” error in the Google Search Console prevented viewing search analytics there. The error message suggested that the site might have been hacked, but no sign of a hack was found. Removing and recreating the properties for the site made the data viewable again.
Seeing search position: log in to Google Webmasters tools and browse to the Google Search Console. Click on a property; Search Traffic > Search Analytics. By default “Clicks” is checked; check “Position” to see a list of queries and their page position (scroll down below the chart to see the table). Click on the “Position” column heading sort the entries by position values (lowest positions on top).
MySQL queries to find posts with “<script>” or “<img>” tags:
SELECT id, post_name, post_title
FROM wp_posts WHERE post_type='post' AND post_content LIKE '%<script %'
ORDER BY id;
SELECT id, post_name, post_title
FROM wp_posts WHERE post_type='post' AND post_content LIKE '%<img %'
ORDER BY id;
I also searched for tags using HTML entity variants of the angle brackets (like ‘%<script %’ or ‘%\%3cscript %’).
Using Google Search Console to Diagnose Hacks
WordPress Version 4.8.3
Google Chrome Version 62.0.3202.94
Firefox Version 57.0