Everyday thousands of websites are blacklisted by Google’s automated system to make Internet a better place. This practice is indeed copied over to other search engines and web browsers to keep visitors away from possible malwares and phishing attacks. However, what you do when your own website is marked unsafe and blocked by Google and other tech tools? Well, here is how to resolve the issue.
This is about our own story, one good noon when the visitor count plummeted on our system we suddenly discovered that Google had blacklisted the site – so far it was only on a single article page. We had to fix it before Google marked entire website from being blacklisted. However, there are no hints from Google that whether this single’s warning message is copied over to the entire website – possibly yes.
Mantras of Good Website Management Practices
First of all, let’s dig into what makes practices are best optimized for a perfect website management. Simply, follow these five mantras (which as practice) whatever your WordPress or any system based website is about, and you will have the best practices on hand to stop badware from your website.
Five mantras of good website management practices are clean, update, check, review and prevent. Always ensure you have a clean website which is sanitized regularly if discovered some obliterated stuffs, update the CMS being used or even chunk of script files in use and check with Google regularly whether your website is blacklisted or not following proper webmaster guidelines.
Finally, review and confirm that your website is clean. Repeat this process to prevent future black listing from Google and loosing your loyal visitors. These five mantras will definitely help you address website blacklisted by Google by fixing and stopping badwares and other glitches on your website.
How to clean infected website!
There are practically numerous ways to clean your infected or possibly marked “phishing” websites. Based using these 5 mantras of keeping website well organized, follow the steps below – more often steps go parallel as you are rocketing to find a fix – to get rid of and fix badware from further taking our website’s reputation down.
1. Enable maintenance mode
Take your website offline so as to protect your visitors or users. The maintenance mode (usually via third party plugins) in WordPress will lock down the front-end to all visitors except logged in users with super admin privileges. Locking your site down to general visitors can be useful as it buys you sometime to investigate issues and security concerns. Specially finding where the badwares are hurting your website.
2. Malware or badware scan
This is the most important and first task to perform as soon as you think your website has been compromised. Malicious software aka malware like trojan horses, adware, worms, spyware and other undesirable code which hackers try to inject into your website need to be scanned.
The bots and spiders from search engines such as Google have the capability to detect malware when they are indexing the pages on your site, and consequently they can blacklist your website which will in turn affect your search rankings. This is what we are going to focus on this article – the Google blacklisting was because of this.
3. Disable & delete WordPress plugins
This is the first and safest way. You must disable and delete all mistrusted and never needed plugins. Check for the plugins that were not updated in few months time. Ensure you have installed only the popular, free/open source and purchased plugins. Often times, scripts are injected from nulled WordPress plugins and themes. It is your responsibility to be wise than panic.
4. Implement file change detection:
If given an opportunity hackers can insert their code or files into your system which they can then use to carry out malicious acts on your site. Being informed of any changes in your files can be a good way to quickly prevent a hacker from causing damage to your website. (Taken from AIOWPSEC WP Security Plugin)
In general, WordPress core and plugin files and file types such as “.php” or “.js” should not change often and when they do, it is important that you are made aware when a change occurs and which file was affected. The “File Change Detection Feature” will notify you of any file change which occurs on your system, including the addition and deletion of files by performing a regular automated or manual scan of your system’s files. This feature also allows you to exclude certain files or folders from the scan in cases where you know that they change often as part of their normal operation. (For example log files and certain caching plugin files may change often and hence you may choose to exclude such files from the file change detection scan.)
5. Bad adwares & link to illegal contents
Recently, Google had been marking various adware – software that automatically render advertisements whether or not users permit – linking them or links to illegal contents including but not limited to notorious file sharing websites and even other phishing and “marked unsafe” websites.
Hence, website authors and webmasters should keep in view that linking to bad websites can take down their own websites. Often time links and advertisements with malicious intention to install or hack your system cause websites to be marked unsafe or blacklisted by Google and web browsers.
6. Use only trusted scripts
Using only trusted scripts and serving them from trusted CDN providers not only serve your website faster and optimize to the visitors but also keep it auto-updated with the providers. So, only use trusted scripts hosted by big tech giants and the service providers which continuously monitor their hosted files.
0. Request a review from Google Search Console: Google Search Console, previously Google Webmaster, is the most important one-stop center to resolve your website flagged for security issue for malware and unwanted software. Since console is the place where Google reports the detected harmful code on site’s pages, you can study the suggestions to remove those malicious codes within the pages specified by Google itself.
Before you request a review, please make sure your entire site is clean and secure. If no malicious content is found, Google will remove the warning from your site. This process will take up to 72 hours.
1. Report Incorrect Forgery Alert to Google: If you believe the Phishing Protection feature is warning users of misleading activity on what is actually a safe page, please complete the form provided to report the error to Google. You as a website owner will receive the result of review from Google.
2. Request a review at stopbadware.org for an independent website review: StopBadware currently has three main data providers: Google, GFI, and NSFocus. These companies provide StopBadware with regularly updated lists of URLs that they have detected as bad. If your site is listed as bad by Google or another of the companies that provides data to StopBadware, you can request an independent review.
Always follow, the final mantras of keeping your website on the green zone, namely Clean. Update. Check. Review. and Prevent. Let us know if these practices and steps helped you to take actions to stop and fix badware on your website marking it “safe” again by Google.
External read about protecting your website:
- Request a malware review or unwanted software review (Google Search Console help)
- How do I know if my site’s been infected? (Google Search Console help)
- How does built-in Phishing and Malware Protech work? (From Mozilla Firefox support)
- Google Webmasters help for hacked sites. For site owner, serious 7-steps of resolution.