There are a few relatively new tools available to minimize the chances of your site being hacked. When Google thinks your site has been hacked, you’ll get that horrible message “This site may be hacked.” I don’t profess to be a hacker expert but there are a few things we can do before bring in the pros.
If you know WordPress really well, log into your cPanel and remove any files that don’t belong to WordPress family or to the operation of your website. I would also get the host provider’s help to ensure core files aren’t infected.
Make sure your WordPress site is up to date. Are you running the most recent version of WordPress? Are all your themes and plugins up to date? Are you using all the installed plugins? Delete the ones that are not in use. Recently a client got the ‘hacked’ message and I believe it was due to a plugin that at one time was dependable but developed a weakness over time that allowed hackers entry.
Change your password to something that is alphanumeric and contains at least one special character.
Next, add the website to Google’s Search Console. This is a free service with tools that allow you to submit a sitemap and tell Google which pages of your site to crawl.
Verify your site with Google and in the future Google will let you know by email if there are any issues.
Ask Google to re-crawl all your URLs with its Fetch as Google tool. Unfortunately, you’ll have to wait a few days for Google to revisit your site, so you’re stuck with the message until then.