Website

A complete guide: removing the “Deceptive Site Ahead” warning

A complete guide: removing the “Deceptive Site Ahead” warning

We all encountered the “Deceptive site ahead” warning every now and then. But what to do if this happened to your website? Is it in danger? Will this warning impact your traffic? And how to fix this situation? In this article, you will find answers to all these questions.

First of all, you should know that this warning is not something to be neglectful of. Remember, what do you do when you face “Deceptive site ahead”? How often do you ignore the warning and proceed to the potentially harmful website? In most cases, you probably just close the page and go elsewhere to find whatever you were looking for on that dangerous site. Other users do the same. So if your website was flagged by Google as a potential threat, you definitely will see a significant decrease in the traffic.

Thus, it goes without saying — you need to do something about this issue.

But first, what does the “Deceptive site ahead” message mean?

It’s a warning Google shows to users as they’re trying to enter the website this search engine finds potentially harmful. It can happen for several reasons:

  • The website is infected
  • There are phishing pages on the site
  • Some code on the website leads to suspicious sites
  • The data of visitors is transferred to not secure servers through the site

How did your site get flagged?

We’ve taken a look at the reasons why this message appears. Now let’s dig deeper into this issue and see why Google could deem your site as dangerous.

Phishing

Phishing is a malicious technique that allows hackers to steal sensitive information from users. This approach requires a malefactor to create and place either a legitimately looking fake page or some virus or key logger on the website. Then hackers can gather the information they’re looking for. In most cases, they aim at bank card details or login information.

Malicious software

Your website might’ve gotten infected, and that could be the reason for Google to warn visitors before they enter the site. It’s, in fact, the most widely-spread reason why the message “Deceptive site ahead” shows up. Hackers can perform one of these cyber attacks to infect your website:

  • XSS attack — stands for Cross-Site Scripting attack. It's usually held through vulnerable plugins and themes. Using this approach, hackers place a malicious link that automatically downloads malware on the device of the user.
  • SQL injection attack — allows malefactors to add, modify, and remove records in the website’s database. Using this method, hackers can load malicious content to the site to achieve their goals.
  • Malicious ads — suspicious pop-ups, redirects, and malware that loads ads on your site. These advertisements can be the result of a hacker’s attack.

No SSL certificate

Even though Google has made the SSL certificate mandatory for all sites, a lot of website owners ignore this requirement. The search engine forces webmasters to get this certificate because it’s vital for keeping website visitors protected from data theft. So if your site is still not moved from HTTP to HTTPS, that’s most likely the reason why your visitors see a “Deceptive site ahead” warning.

How to remove the “Deceptive site ahead” warning?

Now, let’s see how to fix this situation. You will need to do quite an extensive job here because to remove this message you first need to remove the reason why it appeared. Here are the first steps to take:

  • Go to Google Search Console and add your site there
  • Go to the “Security Issues” — you’ll find this tab in the left sidebar. Here you will see some reasons why your site was flagged as deceptive. Also, you’ll find the list of malicious URLs.
  • Create a backup of your website
  • Scan your site for malware with an online malware scanner
  • Perform a server-side malware scan
  • Quarantine flagged files and remove all suspicious redirects and third-party scripts or ads
  • When your site is clean, get back to “Security Issues”
  • Click on the “Request Review” button

Things to know when requesting a review from Google

This action will let you remove your website from the blacklist if the search engine finds it not dangerous anymore. So before you request a review, you need to be sure that:

  • Your website is completely free from malware
  • There are no vulnerabilities
  • The site is running
  • The firewall and malware protection are up

It is very important that you fix all the issues before submitting a review request. If your website will fail the verification process over and over again, Google will consider it a repeat offender. Then your site will remain potentially dangerous, and you will need to wait for 30 days to apply for a review again.

Before applying for a review, check your site with a server-side malware scanner to make sure your site is completely clean. Also, update the content management system and all the plugins — outdated versions are full of vulnerabilities. And check if the theme you’re using is free from vulnerabilities, too. Finally, if there is no SSL certificate on your site — get one.

Once all these actions are done, you can place a request:

  • Go to “Security Issues” in the Google Search Console
  • Hit the “Request Review” button
  • Check the “I have fixed these issues” box
  • Once a new window appears, list the actions you’ve taken to make your website safe. Mentions the firewall you’re using and anti-malware tools to ensure Google you’ve protected the site from further issues.

Now you just need to wait — the reviewal can take from 24 to 72 hours.

Sometimes Google makes a mistake and flags clean sites as deceptive. If that’s your case, report the incorrect warning here.

Final steps: stay safe in the future

Here are some more things you can do to protect your website from the infection and attacks:

  • Keep the CMS, plugins, and themes updated to avoid vulnerabilities.
  • After you cleaned your website, change your passwords just in case. Do it for all user and admin accounts, website database, cPanel, and FTP. Create complex and unique combinations for each account.
  • Use a firewall to protect the website.
  • Use anti-DDOS protection. King Servers offers an automated system that will reliably protect your website.
  • Use anti-malware tools.
How to increase the uniqueness of a text in an anti-plagiarism program: 8 effective ways of 2021
Website

How to increase the uniqueness of a text in an anti-plagiarism program: 8 effective ways of 2021

The more popular the topic, the more difficult it is to write a unique text. Most written works should contain quotes

Guide: How to build an impressive freelance website
VPS

Guide: How to build an impressive freelance website

Freelancers often neglect the need for a personal professional website, and that’s a mistake. While one could be fine without it, a site will make lots of things

Plugins for an online store on WordPress to help you organize your sales successfully
Website

Plugins for an online store on WordPress to help you organize your sales successfully

WordPress is not intended exclusively for online stores. This engine can be used for websites of different directions