How To Remove Google Blacklist Warnings

Google blacklists thousands of websites every day. For most website owners, the various warnings Google can show about your website and dealing with them can seem like a challenging task.

This knowledgebase article will help you understand what the various cautionary messages mean and how to resolve these security warnings.

Common Signs Your Site May Be Blacklisted

Some big signs your site may be infected with something include:

• Google Search Engine Result Pages say “This site may be hacked or infected with malware”.
• You see a lot of spam links and redirects in your Google Search Console.
• Website files and images seem to have changed, and you haven’t made the changes.
• Your web host has notified you of malware infecting your website.
• Your anti-virus or anti-malware software prevents you from visiting the site in your browser.

What Do These “Blocks” Look Like When They Happen?

Typically when Google has blacklisted a site and you try to access it using Chrome, or another browser that utilizes the Google SafeSearch API, you’ll see a screen that looks similar to the one below:

These warnings can also appear in a number of different ways in search results:

“This site may be hacked”

You and those searching for your site may see This site may be hacked in their search results. This message is used to inform them that Google suspects a bad actor or “hacker” has made changes to the code on the website or has added a bunch of new pages full of spam text or links.

What Does This Mean & How Can I Resolve It?

Google’s official explanation for this warning is: “You’ll see the message “This site may be hacked” when we believe a hacker might have changed some of the existing pages on the site or added new spam pages. If you visit the site, you could be redirected to spam or malware.”

Google has excellent documentation on resolving this particular warning here.

“This site may harm your computer”

What Does This Mean & How Can I Resolve It?

This message informs users and visitors to your site that Google believes the website has been compromised by bad actors or “hackers” and the changes they’ve made to the site distribute and install malware on the computer visiting the site. Proceeding to visit the site may cause damage to the integrity of the device accessing the site, which can include all sorts of attacks or tricks to get the user to install software that could be ransomware.

It’s good to know Google’s accuracy rating on sites they suspect of being harmful is pretty spot-on. Also, this classification in the SERP gives visitors a big red image, like the examples above, when visiting the site in any browser that uses the Google Safe Browsing API (Chrome, Firefox, among others).

Google has excellent documentation on resolving this particular warning here.

Other Examples Of Blacklist Warning Messages

The major browsers, Chrome and Firefox, use the Google Safe Browsing API to help people steer clear of websites they suspect to be infected or compromised. Other browsers, however, may not display the warnings in the same way as Chrome or Firefox, and they may not be using the Google Safe Browsing API. Here are some examples of the various ways other browsers may warn you about a potentially compromised website:

• This website may harm your computer.
• This site may be hacked.
• Deceptive site ahead.
• This website has been reported as unsafe.
• The site you are trying to access contains malware or harmful programs.
• Phishing attack or site detected.
• The page you are trying to access is attempting to load scripts from unauthenticated or insecure sources.
• Warning: Potential Security Risk Ahead.

How To Request a Removal from Google Blacklist

Websites lose 95% of their traffic (if not more) when Google blacklists a site. They (Google) aren’t out to get you personally. Google has a responsibility to protect users of it’s software (such as Chrome, or the Google Safe Browsing API) from dangerous websites that show up in Google’s Search Results.

You should also know that websites which are repeatedly blacklisted are only eligible for a review from Google to be removed from their blacklist once every 30 days. This can be detrimental to the viewership of a website, so be sure if you’re blacklisted once not to let it happen again.

Checking The Safe Browsing Status Of Any Website

Google has a method to check the Safe Browsing status of any website here. You should be aware of this tool as it’s quite useful in checking on sites you maintain periodically, rather than being informed by the users after it happens.

Get Google Search Console

Google Search Console, formerly known as Google Webmaster Tools, is an absolute must for managing how Google interacts and indexes content on your website. Google Search Console is the first step in getting Google’s attention, i.e. getting your business or website in their search results and other Google platforms, such as Maps.

If your site is blacklisted, you’ll need to use the Google Search Console to inform Google that you’ve taken the appropriate steps to remove whatever “infection” or “compromise” your site had and are ready to review your site for removal from their blacklist.

To remove the blacklist warning, you need to let Google know that you have completely cleared the infection. To do this, you must have a Google Search Console account (formerly Webmaster Tools).

Verify ownership of your website in the Google Search Console

• Open Google Search Console.
• Click Search Console and sign in with your Google account.
• Click add a site and enter your website’s URL, then click continue.
• Verify your site using their recommended method or alternate methods options.
• Click add a site, then verify.
• Review the Security & Manual Actions section to review any warnings, and resolve as necessary.
• If you have warnings to resolve, you will be given steps to resolve them and notify Google you have fixed the problem and are requesting a review of your website for removal from their blacklist.

Struggling with malware issues? ChemiCloud is the hosting solution designed with reliability and security in mind! 🔐 Check out our web hosting plans!

You should determine what exactly is blacklisted by Google. On the Google Search Console page for your website, click on Security Issues and you will find the URLs that are being detected. If the URL is a directory, each folder and page below it must be checked for malware.

Determine When And Why This Happened

Common causes of infected / compromised websites which are blacklisted include:

• Outdated Plugins
• Outdated App Installation, i.e. you are running an old version of Drupal, Joomla, or WordPress.
• Not using CAPTCHAS on areas where there is user input, such as form fields, login fields, comment & review fields.

You can use the Google Search Console to determine when Google first noticed the compromise. In the Google Search Console by clicking the Security tab, you will be able to filter thru the warnings to determine when Google picked up the first instance of your website being compromised or infected.

Using the date Google first picked up the “infection”, you can do a couple of things:

You can ask your Web Host to restore your website to a date prior to this date. Following the restore, you would want to login to your website’s admin area and immediately update your app and plugins to the latest versions to prevent the hack from retaking place, if it was caused by an outdated website app, like WordPress or Drupal version, or an outdated plugin.

Preventing This From Happening Again

Preventing your website from being hacked or compromised isn’t a task that requires your attention 100% of the day/night. However, you should definitely be mindful of some basics when it comes to website security:

Invest in Rock-solid Web Hosting

Every web host out there should take security very seriously. The reason why it is essential that you choose a web host you can rely on for your business.

Here at ChemiCloud, we use CloudLinux on our servers, which allows us to use a virtualized file system for each account and completely isolating it. A significant advantage is that if one user account becomes compromised, the malware infection does not spread to the other accounts hosted on the same server. What’s more, we’ve partnered with Imunify360 to provide with a secure and reliable web hosting platform. It’s multi-layered defense architecture ensures precision targeting and eradicating malware and viruses.

This way, we add an extra layer of protection compared to our competitors.

Perform regular backups

Make backups. Backing up your site is about creating a copy of all the site’s data, and storing it somewhere safe. That way, you can restore the site from that backup copy if anything bad happens.

Most hosting providers now provide backups. ChemiCloud’s web hosting plans have free automated backups stored offsite, allowing them to be quickly restored so that you can rest easy knowing your data is safe!

Always keep your web application version and plugins up to date

Keep plugins and integrations you have enabled on your website updated. If you use any specific plugins that are developed by 3rd parties or small developers, it might be wise to follow their social media and note if they post anything about an update being pushed out for the plugin/app.

If you are using WordPress, enable auto-updates for your plugins and themes. This is a super helpful feature that was recently released in WordPress that will save you a lot of time.

Use CAPTCHAs

We recently published a blog on what CAPTCHAS are, why they are important, and how to setup WordPress CAPTCHA. CAPTCHAS keep robots from sending code with nefarious purposes through your contact forms, review forms, login / password reset forms, and comment fields.

Use Smart Usernames and Strong Passwords

Be wise when it comes to your username and password for your administration dashboard. Avoid using a username as “admin” and always choose a complex password. Don’t use “admin” as your username but instead use a unique username for the administrator that is not related to your domain name.

Make sure to choose a complex password. Alternatively, you can use an online tool like 1Password Password Generator.
If you manage multiple sites, it is prudent to use different passwords. The best way is to use an online password manager such as 1 Password, which offers a free subscription.

Disable directory listing

By default, when your web server does not find an index file (index.php or index.html), it automatically displays an index page showing the files and folders in that web directory.

This could make your site vulnerable to attacks by revealing the critical information needed by hackers to take advantage of a vulnerability in a WordPress plugin, theme, or your server in general.

Just add the following line in the site’s .htaccess file located in the root directory of your website.

Options -Indexes

If you are a ChemiCloud customer, we have you covered. By default, the directory listing is disabled on our servers.

Use HTTPS for Encrypted Connections (SSL Certificate)

One of the most neglected ways to harden your WordPress website is to install an SSL certificate and run your site’s URL’s over HTTPS.

Many Web Hosting providers, including ChemiCloud, offer free SSL certificates with Let’s Encrypt.

Summary

The security and integrity of your website should be your top concern as a website administrator. If you are running an online store, having your website blacklisted will scare off existing and new customers alike and cause your website to fall to the bottom of Google Search Engine Result Pages, or *gasp* to page 2 of the results.

By taking simple steps to keep your website up to date and secure, such as updating plugins, using secure passwords, and making good use of CAPTCHAs, you can ensure your website won’t end up on a Google Blacklist. But, if it does, this article will help you get off that list and get back on track!

If you know any other security tips that may help, please feel free to let us know in the comments area.