Google blacklists more than 10,000 websites every day. When a website is added to Google’s blacklist, it means that Google and other search engines mark the website as unsafe and unsafe. Google’s Safe Browsing security team will identify unsafe websites on the entire network and notify users and webmasters of potential harm.

Are you one of them?

Blacklist notifications often make website owners feel incredible, denied, and confused. To remove your website from Google’s blacklist, a certain level of technical proficiency and prudence is required. Once your website is infected with malware (including ransomware, spyware, viruses, worms, and Trojan horses), removing your website from Google’s blacklist can be a daunting task.

The meaning of Google’s blacklist

Hundreds of service providers use Google’s blacklist or Google Transparency Report to determine whether a website is safe for users. Popular browsers such as Firefox also use it to ensure the protection of Firefox users. If your website is on Google’s blacklist, it is likely that it will also be flagged by many other service providers. The sooner you remove your website from Google’s blacklist, the sooner you can reclaim your user base and brand value.

1. Decoding blacklist warning

Decoding Google blacklist warning

Often referred to as “malware” or “phishing” sites, Google has very specific messages for each situation:

  1. The previous site contains malware: Generally, these types of websites will try to trigger the download or installation of malware. This will cause infection of your computer system.
  2. Deceptive website ahead: This is a warning to “phishing” sites (sometimes called “spoofing” sites). These types of sites entice users to believe that the site is legitimate and let them submit usernames, passwords and even payment details for malicious purposes.
  3. The previous site contains unwanted programs: Although this looks a lot like the first one, there are semantic differences. This specific warning is triggered when a known website distributes adware (such as changing the browser homepage or installing browser add-ons that may trigger advertisements or malicious redirects). Specifically, the main target is your browser.
  4. This page is trying to load a script from an unauthenticated source: This warning is only issued on websites that claim to be secure (have a valid SSL certificate and run on the HTTPS protocol), but include scripts and resources, such as images from non-SSL websites. The related warning “Your connection is not private” is the result of an invalid SSL certificate. SSL-related warnings are not caused by Google’s blacklist, but by Google promotes HTTPS.
  5. continue [site name]? : Sometimes, when you enter the wrong website URL, Google will issue such a warning to ensure that the website you are trying to visit is indeed the website you want to visit.

In this article, we will introduce the specific circumstances under which your website was legally infected, namely scenarios 1, 2 and 3.

2. Find Google Safe Browsing Site Status

Safe Browsing is a service built by Google’s security team to identify unsafe websites on the web and notify users and webmasters of potential hazards.

They check billions of URLs every day, looking for unsafe websites. When Google detects an unsafe website, it displays a warning in Google search and web browsers.You can check the status of the safe browsing site here.

If an infection occurs, it will display something similar to the following:

Find Google Safe Browsing Site Status

Small suggestion: In addition, perform a Google site search on your website. Just type “site:mysite.com” in the Google search box and press Enter (replace mysite.com with the URL of your website). The result will show the title and description of the page on your website as it appears on Google. Page titles of hacked websites are usually hijacked.

3. Scan your website for malware

Scan your website for malware

The first thing to do is to determine the infection. This will help you continue to remove and clean up the malware before submitting a review to Google. You can scan your website for malware in several ways:

  1. Ask your web host to scan your website for malware: Any good web host will scan your website for free and provide a file that lists all files infected by malware. In fact, some of them will even proactively notify you before Google detects the infection. However, once they find an infection, they may block your website for the safety of customers, try to perform destructive cleanup (delete the affected file or database), etc.
  2. Use external malware scanners to find infections: An external scanner will scan your website URL to determine if your website pages are infected with malware. Although external scanners can be used to detect infections on websites, they are not as powerful as internal scanners. Sometimes they may miss some URLs, and at most they will report URLs that contain malware instead of being able to pinpoint the location of the infection as precisely as a specific file is infected.Some good ones are Safe site inspection with Malicious network scanning. This is a complete list of free tools used to scan websites for vulnerabilities.
  3. Use plugins to internally scan website files and databases: An internal malware scanner is your best choice. It will perform in-depth scans, report exact findings such as infected files and database records, and give you the opportunity to clean up the site in the way that suits you best. If needed, you can even back up the site, discard it and start over. Alternatively, you can check for each infection and remove specific infections to protect your website without (or at least) losing data. Below are the best internal malware scanners for your WordPress website.

4. Remove malware from your website

A complete and in-depth malware removal guide is beyond the scope of this article. Although once you are sure that your website actually has malware and you need to continue cleaning up, you can do it in one of two ways.

DIY malware removal

If you are tech-savvy or willing to learn and work harder, then you can try to remove the malware yourself. However, the disadvantage is that you need to be able to identify the source of the infection and plug the security hole, otherwise the infection will only happen repeatedly. You need to be familiar with the use of FTP clients, such as FileZilla, phpMyAdmin, ssh/shell, WP CLI, etc. If you are familiar with these, then you probably know what you are doing.

Here are some DIY malware removal resources for you to get started:

  • My website was hacked
  • My 5 steps to recover my WordPress blog from a hacker
  • How to clean up and restore a hacked WordPress website

Hire professional cyber security experts

If you don’t, the best way is to hire a trusted malware and blacklist removal service provider to remove the infection on your website. However, this involves spending money, so you want to make sure to hire someone with expertise in the field of network security, not just network designers or developers.This is a useful guide Choose the right malware removal service.

Professional security experts clean up websites every day, so they know everything, understand trading tools, are experts in using advanced tools, can manually identify infected files and know how to communicate with Google (and other blacklists) on how to remove websites from Deleted from the blacklist.

To hire a cybersecurity expert, you have many options. The best way is to cooperate with reputable institutions, because they have complete processes and quality control.

5. Request for review

After completing the malware removal, you need to make sure to clear the website cache. Sometimes missing this small step can cause a lot of frustration and waste time and energy. The stale cache will continue to provide malware to visitors, and Google will continue to mark the site as malicious.

Please recheck your website before you request a reconsideration. Use multiple internal scanners to ensure that malware is detected in case one of them fails. You can also try an external scanner. Sometimes, you may have outgoing links to malicious websites. Internal scanners ignore these links, but some external scanners can detect it.

Once you are sure that your website is clean, you can submit a reconsideration request.

Google needs to understand the specific steps you take to ensure a clean website. They will verify that you did the right thing to remove the malware they detected. They also want to make sure that you are in a leading position and, as the owner, know that your website is safe for users.

Please make sure your website has been verified in Google Search Console.This is Google’s guidelines on how to apply for review. Please follow the steps below:

Request Google review

  1. Navigate to Google Search Console and select the affected attribute (website)
  2. Navigate to Safety and Manual Operations> Safety Questions
  3. Go ahead and “request a review”. Once Google has verified that your site is clean and no longer infected, they will delete the “This site may be hacked” message.

After submitting the site for review, it usually takes about a day for Google to recover. Although Google shared their own schedule, based on our experience, they are faster. Please be patient and wait for them to recover.

If they still find that the site is malicious, you need to seek the help of a network security expert to ensure that the site is clean. Professional security experts will also help you submit a review request to Google to ensure that the site is clean, perform root cause analysis, and will continue to follow up with Google until the case is resolved to your satisfaction.

6. Final steps

Once you take back control of the website, hackers are usually annoyed. In the days to come, you may see a lot of URL requests and even a lot of robot traffic (because legitimate search robots will try to reindex your website). It is important to take strong security measures to protect your website from future attacks, because once you are in the eyes of hackers, they will continue to try to find a way back inside before giving up.

Also after going through this experience and spending time, energy and money, you must make sure that it will not repeat itself and bring you back to the original point. Take the following steps to proactively protect your website:

  1. Set up and/or automate WordPress backup
  2. Strengthen the security of your website
  3. Add website monitoring
  4. Protect your website with a web application firewall
  5. Stay vigilant and update WordPress (core, plugins and themes)

At the end of the day…

Finding your website on Google’s blacklist has never been a pleasant experience. In fact, if you run paid advertising, most infections will result in traffic, search engine rankings, brand value (trust), and a lot of wasted advertising spending. The sooner you learn about the infection, the faster you can act and recover.

Key things to remember:

  • Don’t panic.
  • Don’t disbelieve or deny.
  • Act in time.
  • Ensure thorough cleaning.
  • Don’t forget to clear the cache.
  • Be patient and professional in communicating with Google.
  • Practice active safety.

Finally, treat this experience as a rich learning opportunity, in any case, it will benefit you in all situations.