Keep Getting Hacked After Ranking On Page 1 Of Google

Which CMS are you using ? If its wordpress, make sure you keep it up to date and patch any easily fixable security holes (proper permissions etc).

Also contact your host and ask them to take care of the server environment, if you keep getting hacked then it probably is because of a weak server security environment. They can also help with finding out how your site keeps getting breached and fix the breach that way.

If its a custom coded site make sure you take care of and sterilize all user-input that is received before processing and using it. That is how the hackers can gain access and deface the site.

You haven't told us if they simply deface the site (put up some message/replace the site with their message) or hack the whole server i.e gain access to FTP or delete files etc. If its the former then they are simply exploiting a hole in the CMS but if its the latter then things are more serious.

They have done all of the above on both my Wordpress and HTML pages

In most cases my hosting company removed my domain name without notice.

I just moved the domain to another hosting company.

I was ranking for a very competitive keyword (personal loans)

I think that there are a lot of people that will do anything to get you removed
from the high income generating words. (PPC cost is $15.00 or more)

I have over 50 domains that target high profit keywords

I just don't have the time to keep up with each page that has been hacked

Most of the security wordpress plugins caused more problems by changing files and plugin conflicts

If it keeps happening in the same niche, I would stop using Wordpress sites in that niche or figure out how to secure it better. I like iThemes Security (used to be Better WP Security).

If you use just HTML sites, you will probably be far less of a target.

Op already said that both Wordpress & HTML pages are being hacked which leaves the host as the backdoor problem.

The personal loan niche might as well be the Viagra niche so I'm not even sure why OP is complaining here about being hacked.

Seriously, did you expect a warm welcome to a known cut throat niche (personal loans)?

Hi,

If you go for HTML sites it helps you a lot and its very secure and you will be less targeted.

I can only go on my personal experience and digging out my notes...

Some time back one of my sites experienced a DOS attack and once over after a few days, I moved it over to a more expensive host...

As it was a WP site I added some security plugins - one being limit login attempts - which can be setup for alerts when a failed login/lockout occurs.... Sometime later I got the alert and began to investigate and found over 30 IP addresses listed for failed login.. Obviously all proxies...

From there I then added these IP's to cpanel's IP deny manager.... Noting that quite a few where coming in from China and Ukraine when doing IP look ups...

This got me thinking to look more deeper into Cpanel's log files... In particular I looked at the AWstats which gives a great overview with charts and graphs etc.... and somewhat shocked at the number of hits... I checked through the viewed list and noted that xmlrpc.php had a huge number of hits... Unable to match IPs from within AWstats view - I then switched over to the visitor logs and was able to sort through that and collate the IPs... What I noted was that these IPs where the same as the ones listed from WP limit logon plus a whole lot more (I think around 50)... From there I also added these to cpanels IP block...

After that I kept an eye on the visitor logs and noted that some of my url pages where being called (I think the hacker realized something was up with quite a few ip proxies failing due to cpanel ip block) ... Therefore I proceeded to add these to the IP block (noting the country of origin lol)....

After that it became a bit of a game of cat and mouse I guess... There where a few more attempts to access xmlrpc.php and wp-logon.php all with ip proxies (but perhaps maybe one of them was the real IP - who knows as my efforts may of caused some frustration with blocking IPs?)... Suffice to say everything calmed down pretty quickly after that....

So what to take from that.... I would check your log files, see which files are system/platform related and note the IPs... Also check 404 error files for the same thing as this shows the other methods of attack... From that you can perhaps deduce how they are attacking and find solutions online... So in my case this involves looking at how best to protect xmlrpc.php - for this case I found a solution relating to .htaccess.

Its a pain to do all of this.... but once you can figure out how the attack is happening, you're almost there with finding a solution....

Really hope that helps! Good luck...

What you need is some decent security advice. A Pen Tester to find the the opening, and work with you to repair it. Not all of these attempts are professional, most are just brute force scripts running against footprinted lists. Just the same as an SEO would footprint a platform.

If it's a targeted attack by a professional with an exploit already in place. You may contact a coder and have them migrate the entire site away from WP. Maybe on a small dedi with ASL Atomic Security

It's a profitable market like you have pointed out, so if your making money you can afford to step it up a bit.

I made the same mistakes, ended up hacked, rooted, all sorts. Luckily I managed to plug the hole. And eventually moved over to a more secure platform.