I'm not sure it is the right section to post this. But I need it. Please someone answer this question and how can I recover from this problem. My all content is OK but why google telling it?
My site -
http://www.dietatkins.com (I buy this domain from expired domain)
![[Image: dog.png]](http://s9.postimg.org/r49xzlvtb/dog.png)
Click on the Request a review in Security Issues link and tell them your site is clean. Tell them you just re-did the complete site and there are no issues with it.
But how this hacking system work?
No, your site is clearly not ok. Just looking at the sample url that's in the notice is indication of that. That particular html file is in Japanese and advertising jewelry. Your site has been injected with some spam files. You need to go into your hosting and manually clean out any strange looking folders/files that are not part of the Wordpress installation.
Also, make sure that wordpress and its plugins are updated properly.
your site have a good citation flow but not so good trust ! :)
Many of the themes and plugins shared in the general freebies area can have hidden exploits and malware code hidden within them which allows attackers to hack into your site.
I agree with @kirstie
NEVER INSTALL themes and plugins shared on forums because they contain malware that infects files and control your website using ads, stealing your traffic and rerouting to other sites. Why do you think some scammers are so eager to share premium themes and plugins? Buy must-have themes and plugins yourself. If you can't afford them, use some nice free themes like Vantage in WP Repository (or via your Dashboard).
btw, images like .png files are infected too
After you reinstall Wordpress, install Wordfence, Bruteprotect, WPSpamshield. Akismet is already installed. Also, install WPStats or Jetpack which has stats and you can track whether your stats make sense. For example, Stats showed my "visits" was 1800 but yet the "visits" chart showed only 600 so that tells me there was a brute force attack or that someone (who I'd given access to my dashboard) was stealing my traffic using a plugin called php executioner.
+1 to what the previous posters said. i've seen many "nulled" themes and plugins with backdoors on customer systems (i do security research and audits). when you are on linux just do "grep -iR base64_decode" in /wp-content/ for a simple check to find the more obvious ones.
go clean up your links by scanning your website all tips are given above so try those it will work.