Removing Google Blacklisting Warning
from your Website
Warning of Google blacklist on your website? Don’t panic. There are thousand of websites that Google blacklist daily. Let’s see how to fix it.
If you have been blacklisted the first thing to know is the type of warning. Then Review the Diagnostic page and scan for Malware.
How to fix the problem removing file infections from your website, cleaning the database and prevent reinfection with specific actions
Step 1: IDENTIFY WARNINGS
If you see security warnings when trying to reach your website, the first thing to do is identify the type of warning. This warning message on your site is the key to understand what Google is telling you about the type the security issues on your site. The specific message depends on the virus or browser you are using. The right column lists all the types of warning messages that can appear on your site.
Review Diagnostic Pages
Every warning message on your browser will link to another page that describes why the website has been blacklisted by Google. The main button on the page is for user visitors with messages like Get me out of here, but usually there is a link for the website, blog or e-commerce owner.
So, what you must do is:
- Visit the Google Transparency Report
- Enter your website URL
- Review the Site Safety Details and Testing Details
You find important info in the report, as malicious content is being detected on your site. And you will need these URLs when you remove the malware from your site.
In addition, some malicious domains that are on your site could be a hidden iframe, external script, or unauthorized redirect. Note these domain names to scan for them in the following section. The important things to look for are:
- Scan date: how recently Google scanned your site
- Discovery date: when the suspicious content was originally detected
Scan your site or sites
Now is time to find any malicious payloads, security issues, malware locations, and blacklist status with major authorities. If you have more than website on your server, scan them all.
Type of Warning Messages
- The website ahead contains malware
- Danger malware ahead
- Reported attack page
- Suspected malware site
- The site ahead contains malware
- This website has been reported as unsafe
- Deceptive site ahead
- Suspected phishing site
- Website request forgery
- This site may be hacked
- This site may harm your computer
Remove File Infections
To remove malware from your site you should be edit files on your server. If you are not comfortable with this, ask for professional help. First of all, you must backup your website.
You can replace infected files if you use a CMS such as WordPress or Joomla. You can use copies of your core files and extensions directly from the official repositories. And with fresh non infected backup copies, you can replace custom files.
If the Diagnostic Page indicates any malicious domain or payload, then you can start looking for those files on your server.
Hackers change malicious sites to avoid detection. So, maybe you can not found on your site as they have already been replaced with other domains.
How to Remove a Malware Infection from your Website files
- Log into your server via SFTP or SSH.
- Create a backup of the site.
- Search your files for any reference to malicious domains or payloads.
- Identify suspicious or recently changed files.
- Restore infected files with copies from the official repository or a clean backup.
- Replicate any customizations made to your files.
- Test to verify the site is still operational after changes.
Clean Hacked Database
Usually hosting providers offer PHPMyAdmin to manage your database. If you do not have any tool, you can use Adminer or MySQL Workbench.
How to remove a malware infection from your database tables
- Log into your database admin panel
- Make a backup of the database
- Search for suspicious content ( as suspicious links)
- Open the table that contains suspicious content
- Manually remove any suspicious content
- Test to verify the site is still operational after changes
Hackers always leave a way to get back into your site. More often than not, we find multiple backdoors, malicious admin users, and overlooked vulnerabilities.
Start with your computer
We always recommend you to manage your site from a secure terminal. So be sure to have an antivirus program installed. All the people that access to your website, blog or e-commerce must be secure.
Another important step is to change and clean up your user accounts. To do so:
- Confirm all website user accounts are valid:
- CMS users
- FTP/SFTP/SSH users
- Database administration panels (PHPMyAdmin, etc.)
- cPanel accounts
- Hosting company logins
- Change all passwords for all users.
- Enable two-factor-authentication if it is available.
It is crucial to update all the elements of your website. We know it takes time, but worth it. So, make sure to update:
- CMS files
- Themes and extensions
- Server Software
- And finally, check the Google guide to identify vulnerabilties
This can be one of the main reasons for reinfection. If you don’t close all backdoors your site will be reinfected. So, look for files named similar to CMS core files but located in the wrong directory.
Usually backdoors include this PHP functions: base64, str_rot13, gzuncompress, eval, exec, create_function, system, assert, stripslashes, preg_replace (with /e/), move_uploaded_file
Step 3: GOOGLE REVIEW
Get Google Search Console
You must have a Google Search Console account to review the warnings on the messages section.
To be noted, if you have any WeSecur plan you have seen that there are more blacklist authorities. It is important to check them all. Other popular blacklist authorities are McAfee SiteAdvisor, ESET, Bing Blacklist, Norton SafeWeb, PhishTank, SpamHaus, BitDefender. If you have any WeSecur plan we explain you the process of removing from a blacklist for most of these authorities.
Request Security Review
Once you have finished your clean up it’s important to request a Google review to scan your site. If you do not do so, Google doesn’t know that you have finished your site cleanup. Be sure to have your site ready when requesting as Google is limiting the times you ask for a review monthly.
To request a security issue review from Google
- Go to the Security Issues tab in Search Console.
- Review the issues and check the box to confirm I have fixed these issues.
- Click Request a Review.
- Fill in the information about what was cleaned.
To request a spam review from Google
- Navigate to the Search Traffic tab in Search Console.
- Click the Manual Actions section and review the issues to confirm all have been cleaned.
- Click Request a Review.
- Fill in the information about what was cleaned.
The process will be similar for other blacklists such as McAfee or Norton.
Wait and Protect your Brand
Once you have submitted the blacklist removal request it can take a few days for Google to review your site.
Google Recrawling Your Site
Furthermore, if you want Google to crawl some of the pages of your clean site asap, you could force it.
- Navigate to the Crawl tab in Search Console.
- Click the Fetch as Google section.
- Enter your homepage or leave the field blank.
- Click the Fetch button.
- Click the Submit to Index button below confirming I am not a robot.
- Choose the option to Crawl this URL and its direct links.
- Click Go.
Remove Spam URLs
If spam pages were removed from your site, you must remove them as they have been indexed by Google already. This option below helps after you have removed spam pages so that Google knows they are not actually part of your site. To remove spam URLs causing 404 errors:
- Go to the Google Index tab in Search Console.
- Click the Remove URLs section.
- Click the Temporarily Hide button.
- Enter the URLs of spam pages that have been removed.
- Click Continue.