While the Google blacklist feature is meant to protect users from clicking on the URLs of infected sites, a website owner can feel overwhelmed by the pressure of removing the security warnings, diagnostic pages, and ‘hacked’ indicators. This is especially true since your visitors are actively discouraged by Google from visiting your website if they detect any signs of a hack or infection, degrading the quality of organic customer conversion and cutting down your website traffic.
The easiest method to follow for removing the Google blacklist warning is to recognize the issue, review it, and resolve the infection.
Reviewing The Warning Status
Since Google actively works towards providing its users a safe browsing experience, it frequently scans through all websites to detect harmful material and prevents these users from clicking the URLs of such sites – unfortunately in this case, yours. Websites being blacklisted for malicious behavior are limited to getting a review process only once in 30 days. More than 90% of the loss of website traffic on your site is when Google ensures that visitors do not enter your site through all steps possible (such as red page warnings and indicators next to your site).
To resolve the issue and gain details about the situation, utilize Google Webmaster Tools and the Google Safe Browsing page which allows you to determine if the website has malicious content.
Find out what is blacklisted with the help of Google Webmaster Tools under ‘Security Issues’ which will provide the URLs that are infected. Use the URL to understand if it’s just one page that is affected or the entire site; if it is a directory, each page included under it must be checked for malware. Once you highlight the issues found, try to figure out when and where the hack entered your site. Under Google Webmaster Tools, you can also request for a malware scan under ‘Request Review’. However, it is not always easy to gain these details and hackers are often clever enough to consistently change their URLs and link your site to these new sites.
Scan your website before following this steps: https://www.getastra.com/website-scanner
Fixing The Warning
- Your next step is to scan the site for malware using a professional team or a good quality security plug-in. This will provide details on malware locations, associated payloads, security issues, etc. If one server contains several websites, remember to scan each one of them since cross-site contamination is a leading issue. An ideal practice should be to isolate separate websites on different hosting accounts.
- If you wish to conduct the cleaning process manually, the first step should be removing the file infections by editing the files on the server (or getting professionals to do the same). Depending on the CMS you use (WordPress, Magento, Joomla, etc.), the hosting server provides options on rebuilding the site from scratch using fresh copies of core files and plug-ins from official resources. In the case of custom files, you can rely on the frequent back-ups you have conducted for replacement (as long as they are not infected).
- From the reviewing process before, if you were able to point out any malicious domains or payloads, find out these files on the server and manually remove these (not from the database, but from the website files). For this, log onto your site via SFTP/SSH, create an emergency backup, identify any suspicious or newly modified files, and restore them with clean copies or customized versions from the back-up.
- You can also manually search for the commonly infected files, or PHP functions, such as ‘eval’, ‘base64_decode’, etc. It isn’t always necessary that hackers should follow the same old routes of infection, so take note of any new modifications. Take care not to remove any configuration files while manually removing infections, and never proceed without a clean, functioning back-up.
- The next step is to clean any hacked database tables from your database admin panel (mostly, servers offer tools such as ‘phpMyAdmin’). After making back-ups, analyze the suspicious content like spammy keywords and sites and manually remove them, before checking if the site is still operational after the changes.
Preventing Reinfection
Most hackers leave a backdoor or two to re-enter the site for planting further malicious content – and it is our job to find these out and shut them down with a padlock.
- A couple of steps you can follow here is to go through the user accounts that have access to your site, confirm their validity, and change all of their login credentials and two-factor authentications if the latter is available.
- Backdoors can also include PHP functions or through file transfer applications, which is why a good antivirus program is important for further strengthening of security measures (check out Kaspersky, F-Secure, etc).
After this, you can go to Google Search Console to get your site verified and request a site review again to get back into the game.