Remove the Google Blacklist Warning from Your Website

Posted by Hack Recovery Team 23 Min Read
google-blacklist-check

Are your customers complaining that Google is flagging your site as “not safe”?

Maybe as you look for your own webpages, you can see site alerts on the Google search engine results?

If so, for you, we’ve got some bad news:

  • Google Secure Search has placed the Google blacklist on your site;
  • Your page is likely to be hacked;
  • And the blacklist alerts can be used by the consumers in search results too.

The worst part of this news is the hacking of your site. The popular Google blacklist alerts such as, site ahead includes malware, site ahead is misleading, this site could be compromised is just a much larger disease symptom.

Consider of the amount of money you bring into your organization to drive traffic and revenue online.

All that can be ruined in a couple of days by some WordPress phishing scam if you do not act now.

Fortunately, the case can already be salvaged.

MalCare has its own Google Blacklisting tracking features. So, we get a lot of cases where there is no clue what to do next on the Google blacklist page and the website operators. This is why we have chosen to create this little guide.

Now, if you’re 100 percent positive your website has Google’s blacklist alert, skip to the section where we’re talking about deleting the blacklist.

If you’re still not sure if the concern is entirely the Google blacklist or any other security threat to the website, keep reading.

We’ll tell you all in this article about:

  • What’s the blacklist for Google?
  • How to measure the degree of the harm done to your web
  • How to get off the blacklist alert from Google?
  • How your lost reputation can be restored
  • How to avoid hacking and blacklisting on your site

Let’s just dive in.

What is Google Blacklist?

The Google blacklist or URL: blacklist is a list of websites that Google suspects users are being hacked or spreading malware. If a website is blacklisted, so Google or other search engines start branding the website as “unsafe” for users to attempt to discourage people from accessing the blacklisted website and anti-virus providers.

In order to avoid the malware virus from spreading, insecure websites or spam websites are excluded from Google’s search engine results.

This is, of course, not random de-indexing.

By delivering the best search interface that there is, Google makes money. They would naturally do something to discourage users from uploading and accessing unsafe websites with viruses or malicious software. A website’s blacklisting kills the organic traffic. But it still kills the intruder at the same time.

There are specific rules for what kind of coding constitutes a malicious website in Google Safe Quest.

But only malware contamination that expresses itself in the content or the “browser-visible” areas of the web can be identified by Google Safe Scan. It can’t describe the exact type of malware or its sources. Thus, the most rational thing that it would do is to avoid sending traffic to the malicious website.

The good news is that you can now restore your website and get off the Google alert blacklist.

The bad news is: A blacklisted website loses almost 95 percent of its organic traffic in our experience.

How to Get Off Google Blacklist?

Now that you understand what Google blacklist is, it’s time to deal with the problem.

In the next few sections, we’re going to help you:

  1. Confirm if your WordPress website is actually blacklisted
  2. Assess the extent of the damage done to your site
  3. Scan your website for malware and clean it
  4. Remove your website from Google Blacklist

Let’s dive in.

Confirm That Your Website Is Blacklisted

If your website displays the security warning “This site may harm your computer” in search results, your site is blacklisted by google or part of the URL blacklist.

Of course, that’s not the only kind of warning you can get.

You can also get the very ambiguous Google security warnings:

  • “The site ahead contains malware/harmful programs”
  • “Reported Attack Page!”
  • “Danger Malware Ahead”
  • “This website has been reported as unsafe”
  • “Phishing attack ahead”

It’s a total pain here.

Not only is the general message of Google blacklist alerts truly ambiguous, but almost every major search engine uses Google Safe Search to have protected user connections and protect them from accessing malicious domains.

But one thing is for certain: your WordPress platform is now seen by Google as spam and full of phishing content. On a search engine, the site will be lumped together with other malicious domains.

In other words, once the website gets blacklisted by the Google search engine, it has ripple effects on all browsers and not just Google Chrome users.

Just in case you don’t see the warning notifications, here are a couple more ways to search the blacklisting status of Google:

Check your Email

If your WordPress website has been struck by Google’s URL: blacklist, you can get a Google Search Console update (formerly Google Webmaster Tools).

Usually, you will be told loud and simple by this notice that your domain is blacklisted.

The whole platform is not on Google’s blacklist in most cases. Relevant URLs that are marked by Google as harmful or phishing are blacklisted instead. The email will specifically mention the list of all these URLs.

Assess the Extent of Damage Done to Your Site

We’ve also discussed how to check whether or not the website is affected by the Google blacklist so far. Now, it’s time to consider which sites are infected and how badly malware is affecting those pages.

Luckily, there is a very easy way to do it.

Test the Blacklist Warning Scan Console

Google Webmaster Tools is the best location for definitive replies.

Go ahead and check your property first if your Google Search Console is not set up yet:
Then go to the Protection Tab and click on security issues: Go to the infected sites: If the infection is limited to a specific number of pages, then you can attempt to ‘Monitor Live URL’ to verify the contamination for certain pages: Eventually, search for indexed pages-have the infected pages been deindexed as well?

Later on, this will be significant.

For Google Blacklist Search, use Google Secure Browsing

If the content on your website has a Google Protected Browsing blacklist alert that your website has been compromised, then you will get a Google Search Console update.

But what if there is no configuration for your Quest Console?

Sitemap indexing will take a lot of time. So, going to Google Secure Surfing and searching your website for URL blacklists is the easier option.

The only concern here is that this method is very manual. You need to know in advance that there are some URLs on the Google blacklist that might be.

Now, if you’re still not sure that your site could be compromised or that Google does not blacklist your WordPress website, then drop us a line. Our support staff is going to be more than willing to assist you.

But if you’ve confirmed that your website is blacklisted or that a particular URL is blacklisted, you can read the next section on how to clean up any malware on your website.

Scan and Clean the Malware On Your Website

Scan And Clean your Website using a Plugin

Finding and deleting the virus infecting the website is the first step to getting off the Google blacklist.

About 250,000 WordPress websites across multiple sectors are covered by MalCare and here’s what we’ve found:

A ransomware assault is the main explanation why your domain is blacklisted.

What does it imply?

Simple: some hacker has access to your website and steals your traffic, your records, and your money.

You need to pinpoint the virus and delete it from your site without wrecking it, now that you know your site is compromised. Before you have your company up and running again, you need to treat the issue at its source.

The thing is here:

  • The crawler from Google will mostly detect what the malware is doing and not where it is currently placed or how it can be prevented.
  • You must grasp PHP, HTML, Javascript, and Database Management to pinpoint the source of the attack.
  • It will take a long time to try to find out what’s going on on your website, even though you are an adept coder, because ransomware could actually be everywhere.

In other words, if you attempt to uninstall a malware infection on your own, there is a strong possibility that your website will be absolutely ruined. Instead, we strongly recommend you sign up for MalCare.

MalCare includes a full suite of security features to search, disinfect, and secure the WordPress account from security and malware attacks.

MalCare is by far the best security plugin out there that keeps getting smarter over time, with the most sophisticated learning algorithms to back it.

We recognize that this might seem a little skewed, but here are a few relevant MalCare figures to remember:

  • Instant malware clearance in 3 minutes or less, one-click;
  • 99% of malware is found and cleaned automatically without any manual cleanup.
  • In a network of 250,000+ domains, fewer than 0.1 percent of false positives is flagged;
  • No additional costs at all and no B.S.;
  • This for 99 dollars/year!

Install MalCare and clean up your compromised WordPress account today, if you haven’t already.

Here’s how it can be done:

STEP 1: Sign up for MalCare

STEP 2: Run the MalCare scanner.

STEP 3: Hit the ‘Clean’ Button to automatically clean your site.

STEP 4: Finally, head over to ‘Apply Hardening’ and secure your website against future threats.

That’s all you need to do.

You get all this for just $89/year!

Scan and Clean the Malware On Your Website Manually(Not Recommended)

We do not recommend cleaning the website manually, to be very honest.

But if you understand the risks and yet want to manually delete the malware, here’s what you need to know:

To delete the Google blacklist, cleaning a compromised site has 3 primary steps:

  • Server scanning for malicious file infections;
  • Malicious infection database scanning;
  • Backdoors and bogus admin accounts detection;

And then, remove your WordPress website’s malware.

It sounds simple, but really it isn’t.

But let’s only begin to find hack indicators:

Look for Malicious Code in WordPress Files and Folders

There are several old-school hackers who post malware-containing files or directories directly.

Just to be clear, this is an uncommon event. The bulk of new malware is much more complex.

Check for files whose names are suspect. Start with directories that do not contain core files for WordPress, such as:

  • Wp-content
  • Wp-includes

There are directories that should have no executable files in them. If there are any files in PHP or JavaScript, that’s a bad thing.

Look for WordPress Core Files with Malicious String Patterns

Malware is code only. These are commands that run as such events occur and provide a sequence widely known as ‘Loop Patterns’ for these instructions.

Currently, they are found in the main WordPress archives, such as:

  • wp-config.php;
  • .htaccess
  • wp-activate.php
  • wp-blog-header.php
  • wp-comments-post.php
  • wp-config-sample.php
  • wp-cron.php
  • wp-links-opml.php
  • wp-load.php
  • wp-login.php
  • wp-mail.php
  • wp-settings.php
  • wp-signup.php
  • wp-trackback.php
  • xmlrpc.php

Go over and check for malicious strings like favicon bdfk34.ico and several more in these WordPress files.

That said, look for snippets such as:

  • tmpcontentx
  • function wp_temp_setupx
  • wp-tmp.php
  • derna.top/code.php
  • stripos($tmpcontent, $wp_auth_key)

It’s difficult to say exactly what else you should be looking for here. Depending on the malware, you could have different types of malicious code in the file.

But if none of these worked, try and clean your database next.

Clean Hacked Database Tables

To link to the WordPress website, use the database admin screen. Many hosting providers deliver phpMyAdmin on cPanel.

Then, attempt to delete any malware that can trigger the Google blacklist in the database:

  • Sign into your phpMyAdmin account.
  • Your complete archive backup.
  • Check for spammy keywords and connections to spam comments that you may see.
  • Please open a table with questionable material.
  • Eliminate any suspicious material manually.
  • The site testing test is still operational despite modifications.

If your site has been ruined by the updates to the database, recover your site from the backup you took immediately and then add a security plugin to clean your site instead.

Remove Backdoors Embedded in Your Website

Backdoors are entry points to your website that, however they please, allow hackers to enter your site. It is important to delete these backdoors. If you don’t do this, so it’s very possible that pretty soon your website will get compromised again and you’ll get hit with another blacklist from Google.

Backdoors are commonly named as official files and directories, but are deliberately put to inflict further harm in the wrong directory. In actual WordPress core archives, you can even have backdoors inserted.

Look for these PHP features as follows:

  • base64
  • str rot13
  • gzuncompress
  • eval
  • exec
  • create function
  • system
  • assert
  • stripslashes
  • preg replace (with /e/)
  • move uploaded file

Once your site is free of malware, it’s time to get your deindexed pages out of the Google blacklist and back into the SERPs.

Remove Google Blacklist Warning by Submitting a Review Request

You will have to tell Google that you have cleaned your website after you have finished cleaning your website and would like to get your Blacklist Notice deleted. You need to access your Google Search Console account or Google Webmaster tool for this, and follow the step-by-step procedure below:

Step 1: Go to the Tab for Security Problems. This is to study the problems that Google has uncovered.

Step 2: Select “I have fixed these issues”.

Step 3: Click on “Request a Review”.

Step 4: Type the steps taken by you to remove malware from your site and the blacklist warning. This is subject to manual review. So, be as descriptive and specific as possible.

Step 5: Finally, click the Manual Actions section.

Step 6: Repeat steps 1-4 if there are several problems, until all security problems have been overcome.

It normally takes 1-3 days for Google to respond and update their index to the submission.

And that is that!

If you have taken these moves, your site will be out of the Google blacklist in 1-3 days and back to where it belongs in the search engine rankings.

Stick around if you want to hear more about prevention steps and damage control. And we’re glad to get some questions from you as well, just drop a note below.

How to Recover Your Damaged Reputation

It’s time to restore your lost image now that your website is cleaned up and your site up for a check.

Most people don’t pay any heed to this, but before it’s business as usual, you really need to win back the favor of the crowd. Chances are that the blacklist from Google chased some pretty serious consumers off the website.

Also, do these three things as a rule of thumb:

  • Publicly accept and resolve the issue: It is not a sign of failure to inform people about how you fucked up. Just be able to educate people about the magnitude of the destruction, what you’re doing to clean it up, and how in the future you’re going to avoid it.
  • Send out a win-back initiative via text: Send out an email blast from your email list to EVERYONE. Tell them about the incident and make sure you tell them that their love and encouragement are valued and how soon the site will be up and running again.
  • Publish that before you fix the dilemma, you will not welcome new business: this is a fairly audacious step and most people love bold. You will rally a lot of support for your cause if you convince the public that your clients matter more than making profits.

As they are preemptive, constructive, and intimate, we encourage all to take these steps. After the URL blacklist is eliminated, anything less would continue to keep the current consumer base happy with repeat transactions.

How to Prevent Your Site From Getting Hacked and Blacklisted

The last move is this: to stay off Google’s blacklist for good.

We’re all finished after this chapter. You will return to making more money and we will return to helping more users cope with a blacklist of URLs.

We do hope you have been supported so far by this message.

The only thing left to do now is ensure that you never go through the same scenario again as a website user. Sure, you should employ a reputation marketing firm, a repair agency for WordPress, and a security researcher.

One way to go is that.

But if you find it’s extremely complicated to handle (which it’s definitely going to be) and really pricey (which it’s going to be), maybe you need a smarter solution.

We request that MalCare be installed.

  • You will still be a step ahead of the pirates with a built-in malware scanner.
  • Get the one-click elimination of malware automatically for also suspected malware.
  • In order to protect your site from Japanese keyword attacks, CSS attacks or other WordPress hacks, set up WordPress hardening steps with a few taps.
  • Defend your site with a strong WordPress firewall against unwanted traffic from your country or laptop.
  • Get blacklist tracking from Google as a free bonus.

The full suite of WordPress security features from MalCare will periodically safeguard, search, and clean your website so that your site is safe from Google’s blacklist alert.

This is everything, folks!

Drop any questions or queries you may have and our critically acclaimed support staff will assist you day or night to sort out your problems.

Before the next one.

Tags: