Is Google showing a warning on your site that it’s “not safe” for visitors?
Google puts user experience (UX) above all else. And if it detects anything suspicious on your site such as malware, it blacklists it immediately to protect its users.
If your site has been flagged, there’s no need to panic, but you need to act promptly to fix it and reduce the damage done.
In this guide, we’ll show you the step-by-step process you need to follow to get your site removed from Google’s blacklist.
Understanding the Blacklist Warning
Google regularly crawls your site to check for new or refreshed content. It then indexes it in its database and your website shows up in relevant search results pages.
While it’s crawling your site, if it finds that it’s deceptive or unsafe for visitors, it blacklists it. For instance, Google flags software that switches the homepage or other browser settings to ones the visitor doesn’t want or apps that leak private and personal information without informing the user.
There are different kinds of blacklist warnings it displays. And Google may warn users and allow them to proceed anyway or completely block users from visiting your site.
These messages can help you understand what Google has detected on your site. Here are the specific messages you may see on your site:
- The site ahead contains malware: Your site has malware such as a virus or adware that could infect a visitor’s device.
- Deceptive site ahead: Your site most likely has a script that tries to steal information from visitors. These sites are tagged as phishing or spoofed sites where the visitor is tricked into disclosing their information such as usernames, passwords, and even payment details.
- The site ahead contains harmful programs: The malware on your site is targeting a visitor’s browser. It could be redirecting visitors to malicious sites, installing harmful browser add-ons, or forcefully changing the default browser to a malicious one.
- This page is trying to load scripts from unauthenticated sources: This warning is displayed as a result of invalid SSL certificate. It means your site claims to be secured by SSL but is loading content from a non-SSL website.
- This site may harm your computer. Continue to example.com?: Google may have detected an error or suspicious scripts on your site, but gives the user the option to proceed anyway.
These are the main warnings that appear from Google. That said, you may see different wording for the descriptions.
But they all indicate that your site contains malware or some kind of hack that puts visitors in potential danger.
Now that you know why your website was flagged, you’ll need to take steps to fix it.
Fixing Your Blacklisted Website
Based on the warning you see on your site, the measures you need to take might differ. For instance, if your site has SSL issues, you’ll need to verify that your SSL certificate is valid.
And if you have third-party images loading from a non-SSL website, you’ll want to use different images.
Or if you’re sharing software that doesn’t meet Google’s standards, you’ll want to check out Google’s Unwanted Software Policy.
Google doesn’t allow software that’s deceptive, such as promising something that it doesn’t deliver.
It also doesn’t let you trick users into installing it or let it piggyback on the installation of another program. You need to make it easy for users to install and remove.
You also need to be transparent if you collect or transmit private information without the user’s knowledge.
However, the most common reason for being blacklisted is malware. This means your site has been hacked and has become deceptive. To fix it, you’ll need to scan and clean it before you can get it removed from Google’s blacklist.
Let’s dive into how you can do that step-by-step.
1. Scan Your Website for Malware
There are different ways in which you can check if your site has been infected.
First, we recommend checking Google’s safe browsing status. You simply need to enter your site’s URL and it will tell you if it has found any unsafe content.
This is a good indicator from Google if your site is unsafe. You could use our free security scanner. And there are also a few free malware scanners available in the WordPress repository. However, these tools only run surface checks on your site.
So you may see that your website is clean when it’s actually hacked.
When Google blacklists your website, they’re serious about it.
We strongly recommend using a robust security scanner like Sucuri to detect any malware hiding inside your website.
Sucuri’s scanner will also check for blacklist statuses and tell you if your site has been blocked on search engines other than Google.
To get started, you’ll need to sign up with Sucuri. Plans start at $199.99 per year and proves to be a worthwhile investment.
If your site is hacked, Sucuri will clean it for you and restore it to normal. It will also monitor and protect your site against future attacks.
Once you’ve created an account, you can access Sucuri’s dashboard. Then, you’ll need to add your website using the ‘Add Site’ button.
It will display a popup where you need to enter your FTP details to connect to your site. If you don’t know these details, you can ask your web host and they’ll give it to you.
Then Sucuri will automatically scan your website thoroughly and display the status of your site.
You can check this status under the ‘My Sites’ tab. If your site is infected, you’ll see a warning message.
By clicking on the ‘Details’ button next to the warning, the Monitoring page will open up where you can see details of the infection.
3. Clean Your Website
Sucuri will list what kind of malware it’s found and how serious the risk is. You can also see if your site has any outdated software that could be the source of infection.
Now that you know your site is infected, you can go ahead with cleaning up the hack. You’ll need to click on the ‘Clean Up My Site’ button. This will open a page where you can create a malware removal request.
When you click on the ‘New Malware Removal Request”‘ button, you’ll see a form popup where you can enter your site’s details.
If you don’t know your site’s details, you can simply contact your web host and ask them for it.
Once you submit the form, Sucuri will take up your request and clean your website.
The time taken to clean your site depends on which plan you purchased. For the Business plan, Sucuri prioritizes your request and cleans your site within 6 hours. For other plans, the time taken is based on how complex your site’s infection is and the volume of requests they have in queue.
5. Submit a Google Review Request
Once your website is clean and back to normal, you’ll need to tell Google that your site is clean.
Before you do this, we recommend running a few malware scans again just to be sure your site is completely clean.
To submit your site to Google, you’ll need to have a Google Search Console account.
You can access your Google Search Console dashboard and navigate to ‘Security Issues’ tab from the menu on the left.
You’ll see if Google has flagged security issues on your site. Simply click on the ‘Request Review’ button.
Google will ask you for details about what measures you’ve taken to clean your site. You’ll want to give them as much detail as you can.
You can tell them that you used Sucuri to clean your site and upload a screenshot of the latest malware scan of your website that shows your website is clean.
When you’ve completed the form, submit your request to Google and sit back because it can take a few days for it to be verified.
Once they see that your site is safe, they’ll whitelist it and remove the warning displayed on your site.
6. How To Prevent Being Blacklisted in the Future
Cleaning up a hacked website and getting blacklists removed can be stressful, not to mention expensive.
And hackers tend to target the same site again because they know it’s vulnerable.
If your site is hacked repeatedly, it will seem like you don’t take security seriously. And search engines like Google will make the review request process harder. Plus, your web host can suspend your account to protect its servers.
It’s important to take security measures so that this doesn’t happen again.
If you’ve signed up for Sucuri’s security solution, your site will be scanned regularly. Plus, you can turn on the firewall to block hackers and any user with malicious intent from accessing your site.
On the Sucuri dashboard, navigate to Firewall » Settings and follow the instructions given to enable the firewall on your site.
Aside from having a security scanner and firewall active on your site at all times, here are a few more measures we recommend for every website owner:
- Keep a backup copy of your website so in case something goes wrong, you can restore your site. You can use UpdraftPlus or BlogVault to schedule automatic backups.
- Use secure forms on your site as many hackers use them as an entry point. We recommend using WPForms as it comes with built-in spam protection. This detects and blocks fraudulent and malicious entries.
- Consider switching over to a secure hosting provider like Bluehost. Many times, if your web host doesn’t secure its servers properly, hackers can find a way in. It’s best to use a reliable host that takes security seriously.
With these measures in place, you’ll have a robust security and backup system for your website.
We hope you found this article helpful in removing Google’s blacklist on your site. For better site security, we encourage you to use these resources:
- How to Perform a WordPress Security Audit (Step by Step)
- The Complete WordPress Security Guide (Beginner Friendly)
- The Best Dedicated Hosting Companies of 2021 (Pros & Cons)
These posts are packed with all the info you need to keep your site and its visitors safe, and more importantly, stay off any blacklists.