While surfing the Internet, you may have observed a Google warning message “There is a deceptive website ahead.” Whenever Google identifies a website that exposes personal user information, it will mark the site as “deceptive.”

Fraudulent website warnings can have a lot of negative effects on the website. It may even cause a sudden loss of user traffic, negative search engine optimization, and so on.

So-let’s see why this happens, and of course there is a house to repair it.

Reasons for deceptive website warning messages appearing on your website

Usually, this warning is displayed due to unauthorized user (hacker) intervention, malware infection in the website, or security configuration error. In addition, there are many other reasons that can cause Google warning messages. Some of these reasons may include:

  • Host a phishing page on your website, intentionally or unintentionally.
  • The front end of the website was infected with malware, which led to a redirect to a spam website.
  • A website with some hidden backdoor code or script written on it was misinterpreted by Google.
  • Websites may be prone to malicious backlinks and even steal sensitive user information.
  • It is possible for a credit card to steal malware that resides on the website (e.g. On the payment checkout page). These are designed to steal credit card data and send it to malicious intruders.

Fix the deceptive website warning message issued by Google in advance

Google's deceptive website warns in advance

Early warning of deceptive sites simply means that the attacker has compromised your site and is likely to use it for phishing. This means that visitors will receive fake pages that trick them into revealing their credentials, credit card information, and other important information. Then send it to the attacker on its shady server.

Step1: Find out the cause of the infection

The first and most important step in repairing fraudulent site warnings is to locate the infection. It can exist in a single page, file, folder, or entire website.

To identify a hacker, you can take some steps to find it, as described below:

1.1. Use manual search

Although manual search is not an ideal way to detect malware because it requires expertise and prior knowledge to discover malware, if you have a deep understanding of your website, this can be a good start.


  • Visit your website from another device by ignoring the warning.
  • Now, by right-clicking outside any element and selecting View page source code Options. This will open the source code of the page in a new tab.
  • Find any suspicious third-party javascript files, iFrames, HTML tags, or other suspicious elements loaded on the page here. Write them down.
  • Now open the file manager of the server and view the source code of the malicious code file.

During a manual search, some other resources you need to check to fix fraudulent site warnings are:

  • Any new themes or plugins you have recently installed.
  • Unknown network administrator in the dashboard.
  • The new administrator or user in the database.
  • A new file with a unique name or base64-encoded characters.

To check the recently modified files, say 30 days ago, log in to your server via SSH and run the following command:

find . -type f -mtime 30

Here, change the value from 30 to according to the number of days you selected. It’s important to note here that the system will automatically modify some files, so please be sure to carefully verify the presence of malware in these files before deleting such files.

1.2. Use a malware scanner

Astra Security Free Scanner

You can use many free online tools and malware scanner plug-ins to find infected pages on your website all at once. This is also the fastest way to detect all infected pages and files on your website. Astra Security’s malware scanner is one of the best scanners on the market.

Astra Security-Example

It can detect the smallest changes in files, and even allows you to view them in its “View File Differences” interface.

Astra Security-View file differences

These malware scanners detect malware infections by scanning your public files and source code. Compared with paid scanners, the results of this scanner are somewhat limited. However, it can still help you determine if you have been hacked.

Just enter your website in the widget and scan your website for more than 140 security tests.It can even detect Google blacklist In addition to detecting that your page is infected with malware, SEO spam, etc.

1.3. Using Google Search Console

Google Search Console: Security issues

The Google Search Console is very helpful in locating infected pages on your website. In the “Security Issues” section of Google Search Console, Google lists the security issues it found on your website.

To do this, you need to declare ownership of your website. This basically means that you need to prove to Google that you own the website. This can be done in a variety of ways, namely HTML tags, meta tags, etc.

Please note that in the event of a hacker attack, the attacker may also have occupied the search console of your website.Therefore, to check and delete such unauthorized users, please visit Owner Management Page In your Google search console dashboard.

Finally, make sure to back up your website before proceeding with cleaning, as it will restore your website if something goes wrong.

Step 2: Clean up the site

Now that you have identified the infected files or hacked resources, the next step to fix the fraudulent site warning is:

  • Delete the malicious code in the infected file. If you are not sure what the code does, please comment it out and ask an expert for help.
  • For code obfuscated with base64 encoding, please use Online resource decoding It, see what it does.
  • Remove suspicious users from the database and dashboard, and change the password of each user to a secure random string.
  • Delete any errors or empty plugins, themes, etc., and make sure to delete their files as well. If plugins/themes add important features to your website, there are many alternatives for them to choose from today.
  • If any suspicious users are found Owner Management Page Google search console dashboards, delete them. In addition, delete all meta tags and HTML files used by unauthorized users to verify ownership.
  • Finally, remind users to reset their credentials, as the phishing page will send them to the attacker.

Step 3: Submit the site for review

The final step in fixing the deceptive website’s advance warning message is to submit the website to Google for review. However, before doing so, make sure you have double-checked your website for backdoors or malware.

If all goes well, please use the following steps to submit your site for review:

  1. Log in to your Google Search Console.
  2. Click and open Security Question Report section and select I have solved these problems.
  3. After that, click Request review. Here, detail the steps you took to fix the warning.You can also use Provide custom templates Through some websites.
  4. Finally, click Submit request If there are multiple questions, repeat the process for each question.
  5. Once you’ve done everything, please sit back and wait, as it may take several hours for Google to review your request.

If everything is in order for your website, Google will remove the blacklist and index of your pages. It may take a few days for your page to be re-indexed to fully restore its ranking.

Fix deceptive website warnings in advance Depending on the type of infection, messaging may prove to be a cumbersome process. Therefore, the best option to protect yourself in this situation is to take proactive measures to protect your website. Using firewalls and other security development and maintenance practices will do wonders for your website security.