The deceptive website warning appears when some hacker gets into your website and uploads malware on it. Google doesn’t want any of its users to go to your site and spread the malware any further. So, Google Safe Browsing hits your site with a ‘deceptive site ahead’ notice
Now, the notice on Chrome seems to be the worst part about this entire ordeal, right
But the reality is that almost every web browser under the sun uses Google Safe Browsing as well. So, if you’re seeing the notice on Chrome, you’re going to see it on Safari, Firefox, Vivaldi, and even GNOME browsers
You can resolve the issue, but you need to act quickly in finding and removing the root cause of the notice, and then getting your pages reindexed on Google.
If this sounds technical or intimidating, don’t worry. We’re here to help
TL;DR
To remove the deceptive site notice, you’ll have to first remove the malware on your site. Then, submit a review request at Google Search Console to delete the notice. In 1-3 days, Google will update the status and remove the deceptive site warning
What Triggered the “Deceptive Site Ahead” Notice?Let’s talk a little bit about what that notice means and why Google has a “Deceptive Site Ahead” notice on your website in the Search Results.
The “Deceptive Site Ahead” notice is an extension of the Google blacklist. In other words, if your website is infected with malware, then Google puts up a deceptive website warning. Now, seeing as there are different types of malware attacks, Google also uses different notifications to deal with each situation.
Let’s simplify. The 2 main reasons why Google flagged your website as deceptive are:
Phishing scams
Malware infections
Over the course of this article, we’ll cover exactly how to handle each situation in the simplest possible way. We’ve also covered each of these in detail at the end of the article.
How to Confirm If Your Website Shows Google Deceptive Site Ahead?
It’s quite possible that you don’t see the Chrome warning for “Deceptive Site Ahead” when you search for your website.
In fact, many business owners are alerted by their regular customers about the warning.
So, let’s take 5 minutes to confirm if your website really has a Google deceptive site ahead notice. There are 5 ways to do that and they only take a minute or so of your time:
Visit your website from another computer
Use incognito mode to visit your website
Check your email for a security notification from Google Search Console
Check Google Safe Browsing for a warning
Check Google Search Console for security notifications
The first and second methods are usually enough to verify. The other three methods are due diligence. If you find the evidence that you’re looking for using the first two methods, you can simply skip ahead to the next segment on how to remove the Google warning.
Check Google Safe Browsing for a Deceptive Site Ahead Warning
If your website’s content has a deceptive website notice on it you will get a notification from Google Search Console.
But what if your Search Console is not set up?
Setting it up correctly, uploading the sitemap, and waiting for Google to analyze the links can take a while. So, the simpler solution is to head over to Google Safe Browsing and check for a deceptive website warning.
safe browsing site status
The only problem is that Google Safe Browsing doesn’t analyze the extent of the damage caused to your website or give you an insight on what to do next.
Check Google Search Console for security notifications
On your Google Search Console, head over to the Security tab:
google search console manual actions.
Go to the infected pages:
google search console malware
This will give you a list of all the affected pages and can help you narrow down the list of actions you’ll need to take next to assess the damage done to your website.
How to Remove Deceptive Site Ahead Warning?
By now you should know if your website has a Google deceptive site ahead notice or not and exactly why you’re seeing it on your website.
It’s time to remove that pesky deceptive website warning from your website once and for all.
And we’re going to do it in 4 steps:
Step 1: Assess the damage done to your website
Step 2: Remove the malware
Step 3: Submit A Review Request
Step 4: Prevent future attacks
That’s a lot of work, let’s get straight to it.
Step 1: Assess the Damage Done to Your Website
Go back to the Google Search Console and head to the Security tab and click on the infected pages section. If you followed along with the article so far, you should already know how to do it. If not, take a look at the previous section.
Click on ‘Learn More’ in the ‘Detected Issues’ section and understand where the infection is:
On a page? (Eg.: blog.example.com/pages/page1.php)
In a group of pages? (Eg.: blog.example.com/pages/)
In a post? (Eg.: blog.example.com/post1/)
In the entire blog? (Eg.: blog.example.com/)
In the whole domain or subdomain? (Eg.: example.com)
hacked content injection search console
Image credit: Google
In the screenshot above, you can see that the infection is in the ‘Photos’ subdirectory.
Assessing the damage will help you clean up the mess quickly and efficiently.
Next, check the date when Google discovered suspicious content. You can see the exact dates next to the URLs listed in the ‘Detected Issues’ section of the ‘Security’ tab.
google search console security issues
Image Credit: Search Engine Land
Google does not always provide a lot of information on how to remove the warning. Knowing when the warning was triggered will help you narrow down the actions you took right before that date. Did you install a new theme? Update a plugin? Install new plugins?
NOTE: This is not always an effective way to pinpoint the malware. There are instances where malware lies dormant for a while before it starts to show actual symptoms of a hack.
So, if this doesn’t help, then you can try to ‘Fetch as Google’ for those infected pages to understand what went wrong:
google search console url inspection tool test live button.
Image Credit: Search Engine Roundtable
This should tell you more than enough about the core problem. Next, you’ll need to remove the malware from your website.
Step 2: Remove the Malware
Removing malware from your website is not a simple task and should not be taken lightly. The wrong set of actions can completely wreck your website.
That said, you do need to remove the malware from your website if you want to remove the “Deceptive Site Ahead” notice from it.
Now, there are two ways to handle this:
Clean your website using a WordPress security plugin
Clean your website manually (NOT RECOMMENDED)
We can’t stress enough when we say this — don’t try to clean up your website manually unless you know exactly what you’re doing.
How to Clean Your Website with a WordPress Security Plugin
We highly encourage you to install a WordPress security plugin to remove malware from your website and here’s why:
Google Safe Browsing can flag what the malware is doing to your website and not where the malware is actually located. It doesn’t help you remove the malicious code either.
Do you know PHP, HTML, Javascript, and Database Management? If not, most of the malicious scripts will look exactly the same as regular code to you.
Let’s say you do understand coding and how websites work. How much time can you allocate to scouring all the files and database tables on your website for malicious code and removing it?
In simple words: Don’t try to remove malware on your own unless you’re a pro at it. It’s a bad idea and it can completely wreck your website.
We highly recommend that you signup for MalCare instead.
MalCare is a comprehensive suite of security tools that will scan, clean, and protect your WordPress website from malware. Unlike other WordPress security plugins, MalCare uses advanced learning algorithms to keep evolving in the face of new and unknown security threats.
malware auto clean
That’s not all. With MalCare, you also get:
One-click instant malware removal in 3 minutes or less;
Automatic malware detection;
Daily malware scans;
Powerful protective features;
You get all this for $99/year and with zero hidden costs.
Signup for MalCare and clean your WordPress hacked website today.
How to Clean Your Website Manually (NOT RECOMMENDED)
Again, cleaning your website manually is a very bad idea. We don’t recommend it under any circumstances.
But if you understand the risks and still want to remove the malware DIY-style, you need to understand that cleaning a hacked website has 4 primary steps:
Scanning files on the server for malicious code;
Scanning the database tables for malicious commands;
Finding backdoors and ghost admin accounts;
And finally, removing the malicious without breaking the website.
For every hacked website, there are indicators of a hack that you can look for. In this segment, we’re going to look at indications of a compromised website and try to remove the malicious code that comes with them.
But before you begin, take a full backup of your website. If you end up wrecking your website, this backup will help you get back on track.
#1 Scanning files on the server for malicious executable code
There are two places to insert malicious code — the files on the website and its database tables. Let’s start with the files because it’s more likely to contain malicious scripts.
To be perfectly clear, most modern malware is far more sophisticated than a single file with only malicious code on it. More often than not, you’ll see malicious code inserted into essential files on the website.
Start looking for files with suspicious names in these two folders.
wp-content
wp-includes
These are folders that should not contain any executable files. If there are any PHP files here, then that’s a bad thing.
You might see Google or other malware scanners flag Javascript files as the malicious code.
While this may be true, Javascript typically injects content into the frontend. In simple terms, Javascript can’t execute malicious activities by itself. The malware requires a PHP function or code snippet to execute Javascript.
So, a much more pressing concern is cleaning up the PHP code that initiates the malicious Javascript.
#2 Look for Malicious String Patterns in the WordPress Core Files
WordPress core files are made of essential code that helps the website function normally. This is a good place to hide malicious code. Hiding in plain sight, if you will.
These are PHP functions that are commonly used in malware and it’s a good place to start investigating.
Please remember that functions are not bad; quite the opposite in fact. Their purpose is to extend functionality in normal code.
If you can’t tell if the code is malicious or not, that’s a clear indication that you should not be deleting it. The wisest course of action would be to hire a WordPress security expert or install a WordPress security plugin.
#3 Clean Hacked Database Tables
Databases are a lot more uncomfortable to clean, but you can clean them up. Head over to the cPanel and open up phpMyAdmin to access your database tables.
We strongly suggest that you stick to this order of actions when cleaning your database:
Log in to phpMyAdmin.
Backup your entire database.
Search for spammy keywords and links that you might see on spam comments.
Open the table that contains suspicious content.
Manually remove any suspicious content.
Test to verify the website is still operational after changes.
We highly recommend that you only make one change at a time and test the effects of the change before you move on to changing anything else in your database.
If anything seems even slightly off on your website, restore your database from the backup you took right away.
#4 Remove Backdoors Embedded in Your Website
The worst part about a manual cleanup is having to look for backdoors. Backdoors are essentially small code snippets that allow a hacker to regain access to your website even after you’ve cleaned it.
Backdoors are tricky to find because they are usually hidden in regular code as well.
Search for the following PHP functions on all your files:
base64
str_rot13
gzuncompress
eval
exec
create_function
system
assert
stripslashes
preg_replace (with /e/)
move_uploaded_file
Again, these are not evil functions by default, and many plugins and themes use them legitimately as well.
If you feel that this is too difficult or too technical, you should stop now and install MalCare. It’s a quick, easy, and affordable way to clean your website in very little time.
Step 3: Submit A Review Request
Simply cleaning your website is not enough. You’ll have to remove all the malware from your website and then tell Google about it so that they can review your website and remove the warning.
This is a fairly simple process, but you won’t get many good tutorials on it. So, follow along with this article step by step.
Step A: Go to the Security Issues Tab. It’s time to request a review of your code from Google Search Console.
hacked content injection
Step B: Select “I have fixed these issues”.
google search console deceptive pages
Step C: Click on “Request a Review”.
google search console manual actions
Step D: Describe all the actions you took in the input field. The more descriptive and clear you are, the better it is for your application. Then click on ‘Submit Request’:
request review google search console
Step E: Finally, click the Manual Actions section.
search console manual actions
Step F: Repeat the first four steps to resolve all your security issues on Google.
NOTE: The warning won’t be removed immediately. Google takes up to 3 days to review the website and remove the “Deceptive Site Ahead” notice. But this is the best process you can follow. In 1-3 days, you should be able to get back to business as usual.
Step 4: Prevent Future Attacks
You can skip this step at your own risk. But to be honest, it’ll take a while before the notice is removed. You might as well use this time to beef up your security and protect your website against future attacks.
We recommend that you install MalCare.
Automatic daily malware scans will help you stay one step ahead of the hackers.
You can remove malware from your website with one click without any risk to your website.
WordPress hardening measures that work in a few quick clicks.
The WordPress firewall will help you filter out malicious traffic.
As a bonus, you get convenient blacklist monitoring and traffic monitoring as well.
Installing MalCare is the simplest way to ensure that you never get hit with a Google deceptive site ahead notice again.
Why Your Site Has a Deceptive Site Ahead Warning
We’ve already touched on these reasons upfront. By now, you already know what the basic triggers are for the warning.
This next segment explains what those reasons are in detail and why you should be frightened of these triggers. Afterward, there are a couple of FAQs that we’ll address as well.
Let’s dive in.
Phishing Scams
Phishing is one of the oldest hacking tricks in the book. The primary idea behind phishing is to present content that is highly appealing to a particular demographic and then get them to take some action that allows a hacker to spy on them.
This example might help:
google phishing scam
Image Credit: WP Hacked Help
Once you participate in the quiz, it will ask for your personal information to qualify for the “prize”.
This is a minor example of phishing. Most phishing hacks are much more refined and have more serious consequences.
For instance, a phishing hack could be to set up a fake website that looks just like your bank’s website and then sending you an alarming email that gets you to login to your bank account.
bank of America scam
Image Credit: BroadbandSearch
The fake website captures your login information and sends it to the hacker and redirects you to the real website so that you don’t suspect a thing.
bank of America phishing scam
Image Credit: Hoax-Slayer
And now, your bank account is empty because you basically gave the hacker your login credentials.
If Google suspects that your website is running a phishing scam, then you will get a deceptive website warning.
Now, if you’re reading this article, then you’re most likely a legitimate business and a hacker already has access to your website and is running malware on it.
Take a minute to think:
Have you been seeing some weird pop-ups on your website that you didn’t authorize?
Has the website been redirecting to other websites for no reason at all?
Has your website been running a little slow lately?
If you recognized any of these symptoms, it’s quite possible that the hacker is running phishing scams on your customers using your website.
Malware Infections
We’ve been in the WordPress security business for a long time now and the most likely reason why your website has a “Deceptive Site Ahead” warning is because of a malware infection.
The common response to a problem like this is usually, “But, wait… Why does Google care about that? I mean, malware on my website is bad for sure. But that’s bad for me, right?”
Short answer: no.
Malware infected websites can be used to spread viruses, keyloggers, and trojans to other devices. But that’s not all. Malware can also be used to facilitate other hacks and malicious attacks.
Cross-site scripting attacks can exploit vulnerable themes and plugins to infect a website. It then plants malicious links that automatically download on a user’s device when visited.
SQL injection attacks can be used to infiltrate, modify, and destroy a website’s database. It can also be used to send a copy of the entire database to the hacker.
Spam and malicious advertising can promote malicious links and illicit business. But they can also redirect your users to a malicious phishing website.
The worst part? None of these attacks require the user to do anything at all.
Google’s search engine thrives because it provides relevant, helpful results to search queries. If those results started spreading viruses and malware across the internet, then that would cripple their business. That’s exactly why Google Safe Browsing flags your website if you have malware on it.
FAQs
Can I clean the website myself?
Sure. But don’t recommend that under any circumstances. Unless you’re an expert at PHP, Javascript, SQL, HTML, and Apache, there’s a huge risk of permanently damaging your website on a fundamental level.
How to prevent this in the future?
We recommend that you harden your website security and install a firewall. Also, install a malware detection and removal tool just in case.
What is deceptive site ahead?
If your website is infected with malware, Google can put up a “Deceptive Site Ahead” notice that your web visitor will see every time they try to access one of your links. This is one of 8 warnings issued by Google when your website is flagged by Google Safe Browsing.
How do I stop deceptive site ahead?
Short answer: don’t get hacked. If your website already shows that notice, you will need to remove any and all malware on your website and submit a request on Google Search Console to remove the warning.
How do I fix the website ahead contains malware?
Find and remove the malware on your website. Then submit a review request on Google Search Console to remove the warning from your website’s search results.
What is an unsafe website?
Typically, an unsafe website is one that contains malware. This may not always be the case and your website may simply be harmful to its visitors in some way or form.
What’s Next?
Usually, a deceptive website warning comes with other concerns as well. We’ve seen with many of our customers that a Chrome warning can also lead to your web host suspending your hosting account and Google Ads suspending your Ad Account.
We recommend that you check them out next.
Your life can be a lot easier if you just install MalCare. You get so many amazing features that you can simply connect your website one time and let the plugin handle your entire website security.
We highly recommend that you read all the segments in this article. If you simply skimmed the headlines, there’s a good chance that you may have missed something.
And that’s all, folks!
Drop any questions or queries that you may have and our highly-acclaimed support team will help you work out your issues day or night.
Until next time.
No comments:
Post a Comment