Did you get blacklisted by Google? Of the thousands of clients whom we helped over the past decade, 90% of the blacklisted websites had malware. The existence of malware is a sign of a hacked website. To fix your hacked WordPress website, you’ll first need to clean your site and only then can you proceed to remove Google blacklist warning. Don’t worry, we’ll guide you through the entire process.
What is Google Blacklist Warning?
It’s no secret that Google is the world’s most trusted search engine. Naturally, it wants its users to have a safe browsing experience. It prevents users from accessing a WordPress site when it knows that the website is hacked and carrying out malicious activities (more on this later). The search engine giant shows a security warning (deceptive site ahead) in which it informs visitors that the website is unsafe and that they should return to safety. It’s interesting to note that users are not given a choice to bypass the Google warning to enter the website. It goes to show just how strict Google is about hacked websites. And for good reason.
Hacked websites try to manipulate visitors into doing malicious things like buying illegal drugs, or they redirect users to other sites which are designed to dupe them into sharing crucial information like credit card or bank account details. Since Google wants its users to have a safe browsing experience, it blocks users from visiting hacked websites. But that’s hard for a website owner whose site has been blacklisted due to malicious activities s/he’s completely unaware of. To learn more about malicious activities commonly found in the hacked website, read more on WordPress pharma hack, WordPress hacked redirect, and WordPress theme hacked.
Before proceeding to fix and remove Google Blacklist warning, let’s ensure that your website really is blacklisted.
Is Your Site Really Blacklisted by Google?
“Is my site blacklisted?” – There are various checks that’ll help you determine if your website is really blacklisted. You can check with Google’s Safe Browsing tool, or if you are so inclined, you can do the check manually. You can also use free tools online that let you enter your site’s name and check. Let’s explore them one by one –
→ Check for a sharp traffic decline
Getting blacklisted by Google has a domino effect. First, you experience a rapid decline in traffic, then your ranking falls and eventually, your revenue takes a hit. You can track your traffic from Google Analytics. On Analytics, navigate from Overview to Behaviour and look at the pageviews for the last 3 months. Notice any sharp decline? It could be due to the Google blacklist warning.
→ Check using Google Safe Browsing Tool
Google’s Safe Browsing is our go-to tool because it’s made by the search engine giant itself. This Google diagnostic tool is really easy to use. All you need to do is insert your sites URL and it’ll show you all sorts of issues that your site suffers including being marked as blacklisted. A domain is blacklisted by Google Safe Browsing when it detects malicious activities on the website.
→ Check manually
You can check the website on your own by typing out the following sentence on your browser –
(Replace westworldfansite with the name of your website.)
Our search returned 15 results. Google shows us all the web pages and posts published on our site. Had it been 0 search results, we’d know that our website is blacklisted by Google.
When you perform a similar search for your website, and Google returns 0 results, it’s a pretty good chance that your site is blacklisted. One major downside of this method is that, if your site is not indexed by the search engine, it would not appear on Google’s search. You can check if your website is indexed by Google with the help of this article – Index Coverage Status.
Note that while you are searching your site in the way we showed, you may find Google saying “site may be hacked,” if the search engine found malware on your website.
→ Check using a tool
A few free tools are really handy when it comes to learning for sure if your site has been blacklisted. Those are Is My Website Penalized and Is Banned. Both are very easy to use. All you need to do is type in your URL and it tells you the status of your website.
After making sure that your WordPress website has been blacklisted, you can proceed to fix the issue.
How to Remove Google Blacklist Warning?
In the next section, you will learn how to remove Google blacklist and malware using a plugin or to do it manually.
Malware Detection With a Plugin
Most security solutions look for known malware located in places where one typically finds malware. But given the complexity of hacks these days, security plugins need to look beyond known malware and familiar locations.
MalCare is a security plugin which offers a malware scanner that dives deep into your website to detect malware hidden in various locations. It checks the pattern and behavior of codes to find new malware which other security plugins fail to detect.
Scanning your site with MalCare is easy. Just create an account, install the plugin and let it scan your site for malware. After MalCare scans, you’ll proceed to clean the infected files detected on your site and remove Google blacklist.
Malware Removal With a Plugin
Unlike other website security plugins, MalCare’s malware removal enables you to clean your hacked site instantly. Just click on Auto Clean and and within a few minutes, your site is clean. Try it for yourself.
Manual Malware Detection & Removal
Finding malware using a plugin is quick and thorough, which is why we recommend site owners to use. But if you’d rather go for the manual method, these are the steps you need to take –
→ Check Plugin and Themes Folder:
If you are half as obsessed with websites as we are, you’ll know that a WordPress website is made up of files and database. Malware can be present in any of the hundreds of thousands of files of your website. If you are looking for the infected files manually, start with the common locations like plugin folder (/wp-content/plugins/) and theme folder (/wp-content/themes/). You can access them through your web host account or via FTP tools like Filezilla.
→ Look for keywords:
Besides locating malware, it’s important to learn how to recognize malware or malicious codes.
It’s common to find the following keywords in malicious codes – “shell_exec,” “base64_decode”, “eval”, and “gzuncompress.” One way of identifying bad codes is to look for those keywords. Any programmer can find them using commands like Find, Grep and Stat.
But the thing is, the keywords we mentioned above are not always part of malicious code. Some plugins utilize similar keywords and deleting them will cause the plugins to malfunction.
→ Check Upload folder:
Apart from the plugin and theme folder, the Upload folder is very popular with hackers. An Upload folder is meant to store media files. The existence of a .php file is unusual. You can run the following command to detect such files:
find uploads – name “*.php” -print
If you do end up finding a .php file in the Upload folder, it’s a likely part of a hack.
→ Compare WordPress Core Files:
Back in the good old days when websites weren’t this complicated, the core folder was a favorite spot to hide malware. But as technology evolved and websites became complex, hackers found new locations to hide malware. But to remove all possibilities, we’d suggest checking the core files. Comparing the original core files (which you can get from here) with the once present on your website. If there’s a mismatch, it’s a possible sign of a hack.
NOTE: When you download the core, ensure that you are downloading the version that’s running on your site.
→ Compare plugin & theme files:
Same as comparing core files!
Make a list of the plugins and themes installed on your website. Download a fresh install from the WordPress repository and compare them with the ones running on your website.
It’s a time-consuming process and not a very reliable one. Sometimes differences may arise between the files you are comparing because there are files on your site that you can’t find in the repository. That’s usual but it’s easy to mistake those files as malicious.
→ Look into recently modified files:
There’s a good chance that recently modified files are part of a hack unless someone from your team made a modification you are unaware of. Before flagging the file as suspicious, we’d suggest you consult with your teammates to ensure which files were modified by them.
→ Look for Unknown Files & Folders in the Root Folder:
Website owners don’t access the WordPress root directory (/public_html) often which makes it an ideal spot to hide malware. Hence, looking for unknown files and folders present in the root directory is the general rule of thumb. But, there are chances that you could end up identifying files as unfamiliar but they are actually safe. Deleting important files unwittingly can cause the website to misbehave.
But removing malware is only half the job.
You’ll need to remove the vulnerability that granted hackers a way into your website. You can see the most common WordPress vulnerabilities here. Sucuri, a popular security plugin reports that outdated plugins are the leading cause of compromised websites. It aligns with what we have observed as a security service over the past 7 years. We recommend you update all your plugins and themes immediately. You can see what happens when developers don’t update plugins and how it can harm your security.
The next step is to inform Google about what you did so far and ask them to whitelist your site. This will remove Google blacklist from your website.
Submitting Website For Google Review
Submitting your website to Google review is not as hard as you may think. We’ve built an easy step by step for you to follow. What you need to do is:
First, verify ownership of the site
Then, submit the website for review
Verify Site Ownership
Go over to Google Search Console, select Start Now and enter your URL. In this step, Google gives you two options – Domain and URL prefix.
Domain vs URL prefix
If you select Domain, Console allows you to manage your primary domain (yourdomain.com) as well as subdomains (like http://yourdomain.com, https://yourdomain.com, http://www.yourdomain.com, https://www.yourdomain.com, https://m.yourdomain.com, subdomain.yourdomain.com, etc). But if you want to manage only the primary domain (http://yourdomain.com), select URL prefix.
If you select Domain, you’ll only require DNS verification but selecting URL prefix allows multiple verification methods including DNS verification. We are selecting the URL prefix to show you the different verification methods.
Google offers you 5 options to verify your site ownership. If you already have Google Analytics or Google Tag Manager installed, verify your website using them. Alternatively, you can insert an HTML code on your homepage. Or upload an HTML file into the backend of your website. Or modify DNS configuration which you can access via your web host.
We’ll show you 3 methods so that when one does not work, you can try the other two. No matter which one you opt for, take a backup of your website and then proceed.
Verify website ownership with HTML file
This is Google’s very own recommended method and you can execute it through your web host or via an FTP tool like Filezilla.
First off, download the HTML file from the Console page.
Then, login into your web host account, open File Manager and navigate to the public_html folder. In this folder Upload the HTML file you just downloaded.
If it worked, Google will inform that the site verification is complete.
Verify Website Ownership with Domain Name Provider
In this method, you’ll add a text (called TXT Record) to into your DNS configuration. We recommend the DNS configuration method over the next two because you don’t need to add codes to your website which is often risky. The tiniest of mistakes can break your website.
To add the TXT Record to your DNS configuration, you need to first access the DNS editor, often called the DNS Zone Editor. Location of the Zone Editor changes from host to host.
In BlueHost, we found the DNS Zone Editor under Domains. If you are using a different hosting, then do a simple Google search to look for the Editor.
In the DNS Zone Editor, find a section called TXT (Text) and paste the verification code Google provided. The verification may take up to 24 hours to complete.
Verify website ownership with HTML Tag
In this method, you need to add a simple code to your home page’s header section. You can do this by placing the code in the theme’s header file. To achieve, that you need to edit the active theme. But if that sounds a little too daunting, then you can opt for plugins that’ll help you insert the code.
Our recommendation would be to insert code in the child theme because if you don’t, every time you update your theme, you’ll lose your site verification.
To insert the tag into your theme, log into your website dashboard and navigate to Appearance > Themes > Editor. From the Editor select the header.php file.
Then copy the meta tag from Search Console and then paste it between the <head> section and <body> section. We did the same on our website.
Next, click on Verify to see if the verification succeeded.
Making modifications on a website is scary. We can totally understand if you’d rather use a plugin to insert the HTML tag.
Head and Footer Scripts Inserter or Head & Footer Code are two very useful plugins when it comes to code insertion. We tried out the first plugin and it’s fairly easy to use. All we had to do was activate the plugin, navigate from Settings to Scripts Inserter. Then place the HTML tag in Head Section and Save changes.
After verifying that the website is your property, it’s time to Request a Review from Google.
Submit Website for Google Review
- In the Google Search Console, navigate to Security Issues and then select Request a Review.
- A popup will immediately appear. And in that pop-up, write down the steps you’ve taken to remove site from Google blacklist. Mention how you have cleaned your site and updated the core and all your themes and plugins.
- Only when you are satisfied with your answer, hit the submit button. Mission accomplished!
Now the wait begins!
Typically, it takes Google 72 hours to remove Google blacklist.
Before you close the browser, there’s one last thing, we’d like to leave you with.Getting blacklisted by Google is a lesson - one that you should learn from and prevent at all costs. Take precautions 🛡️ Click To Tweet
Prevent Google Blacklist in Future
The problem at hand is solved. But your website is not out of danger. It’s not uncommon for websites to be hacked more than once. The next time it happens, Google won’t hesitate to blacklist your site again. If you want to protect your website and prevent future hacks attempts, we’d recommend taking the following measures:
→ Keep Your Website Updates
Earlier, we spoke of how outdated themes and plugins make a website vulnerable which is then exploited by hackers. Make it a rule of life to never skip a single update. Set aside a day in the week when you devote your time to updating all your plugins, themes and the core. If there are too many websites to manage then investing in a reliable management service is an alternative. To learn more about the importance of updates, read on WordPress updates.
→ Stop Using Illegal Software
It’s tempting to use free software but no one considers the security pitfalls. There are websites giving away premium plugins and themes for free. It’s best to avoid using tools from such untrusted websites because the themes and plugins they offer are often infected with backdoor. Hackers use backdoor to access websites and exploit its resources. If you are using a premium tool which you downloaded for free from untrusted marketplace, remove it.
→ Use Strong Credentials
The login page is the most vulnerable page on your website. It’s constantly under threat where hackers are trying to force their way in using common usernames (like admin) and passwords (like p@ssw0rd). Using a strong password and a unique username could be a life savior.
→ Choose Secure WordPress Hosting
Hosting services are sometimes compromised. In 2018, hosting providers Hetzner and Daniel’s Hosting were hacked leaving hundreds of thousands of websites exposed to exploitation. If you want to host a site, it’s best to host it on any of the popular WordPress hosting providers. They are not hack-proof but they are as secure as any hosting provider can get.
These are the basic security measures that you must take.
For more advanced security measures, refer to our guide on WordPress Security.
We hope you found our Google blacklist removal guide easy to follow and it helped you to remove Google blacklist warning and get your website whitelisted. Any comments, suggestions, and doubts are very welcome. Feel free to send us an email and we’ll get back to you.