How To Remove The “This Website Has Been Reported As Unsafe” Warning

The “This website has been reported as unsafe” warning is a major setback for website owners. This ominous screen kills traffic instantly. Users flee the moment they see it. Revenue dries up overnight. It’s not good but it’s fixable. 

This warning typically signals a security breach or malware infection on your site. Your first move is to scan your WordPress site. Remove the malware and you can begin removing this warning. You will soon be able to rebuild your traffic. We’ll walk you through every step needed to get through it. 

TL;DR: Scan and clean your website of all malware using a security plugin. Then submit a review request to Microsoft to remove the unsafe warning.

What Does the “This Website Has Been Reported as Unsafe” Warning Mean?

The “This website has been reported as unsafe” warning appears when browsers or security software detect potential threats on your site. You’ll typically see this message in Microsoft Edge, Internet Explorer, or through security tools powered by Microsoft Defender SmartScreen and similar protection systems.

This warning signals that your website has been flagged for one or more serious security issues:

• Phishing Risk: A phishing risk means that your site is suspected of impersonating a trusted website to steal sensitive information. This includes attempts to harvest passwords, credit card numbers, or login credentials from unsuspecting visitors.
• Malware or Viruses: Your website contains or distributes malicious code that could damage visitors’ computers or steal their personal data. This includes malware or viruses. 
• Compromised Website: Your site has been hacked or infected with malicious content. Cybercriminals may have injected harmful code into your pages without your knowledge. This often happens through outdated plugins, weak passwords, or security vulnerabilities.
• Low Reputation or Suspicious Behavior: Sometimes newly registered sites or those with unusual behavior trigger warnings even without active malware. Automatic downloads, strange redirects, or odd URLs can raise red flags with security systems.

Every minute your site remains flagged costs you visitors, revenue, and reputation. This isn’t a problem you can postpone or handle casually. But, we’ve got your back. We’ll show you how to remove the warning. 

Step 1: Identify the problem:

The first step is to run a malware scanner. We looked for WordPress malware scanners that examine your database and files. We also wanted a plugin that could detect backdoors, and obfuscated code. In our testing, MalCare came out at the top. 

It’s a really simple set up too. Install and activate the plugin. Sign up and add your site to the dashboard. The plugin will automatically scan your site for malware. Within minutes, you’ll find out if your website is hacked.  

Expert Advice: You can technically scan your site manually by examining your files through FTP or cPanel File Manager. You’ll need to look for recently modified files, suspicious PHP code, unfamiliar scripts, or files with random names in your root directory. However, manual scanning is extremely unreliable and time-consuming. So, I would not recommend it. 

Step 2: Remove the Malicious Code

Once you’ve identified the threats, you need to eliminate the malicious code from your site. You have three options for cleaning your infected website, but they’re not all equally effective.

Method 1: Automated Removal with MalCare (Recommended)

MalCare’s automated cleaning is your fastest and most reliable option. The free scan identifies threats, but you’ll need to upgrade to a paid plan to access the removal features. The investment pays for itself quickly when you consider the revenue you’re losing while your site remains flagged.

MalCare’s one-click malware cleaner system surgically removes malicious code while preserving your legitimate content. Just head to the dashboard and click Clean All Malware. It handles complex infections, cleans your database, removes backdoors, and eliminates hidden admin accounts. The entire process takes minutes, not hours.

Method 2: Hire a Security Expert

Hiring a cybersecurity professional seems safe, but it comes with significant drawbacks. Experts charge a lot of money per cleanup, and the process can take days or weeks depending on their availability. You’re also putting your site’s sensitive data in someone else’s hands. While experts can handle complex infections, you’re still dependent on their schedule while your traffic continues to hemorrhage.

Method 3: Manual Removal

Manual cleanup is the riskiest approach for website owners. You’ll need to identify every infected file, carefully remove malicious code without breaking legitimate functionality, clean your database, and patch security vulnerabilities. One wrong move can crash your entire site. Even if you successfully remove visible infections, you might miss hidden backdoors that allow reinfection. Manual cleanup often takes days of painstaking work, and there’s no guarantee you’ll catch everything.

Step 3: Bolster Your Security

Cleaning the malware is only half the battle. Hackers likely gained access through security weaknesses that still exist on your site. If you don’t patch these vulnerabilities, you’ll face another infection within weeks. This post-hack checklist ensures your site stays clean after removal.

• Update every password connected to your website. This includes your hosting account, WordPress admin, FTP credentials, database passwords, and any third-party service logins. Use strong, unique passwords for each account. Don’t reuse passwords from other sites. Consider using a password manager to generate and store complex passwords securely.
• Audit all user accounts on your website. Remove any suspicious admin accounts that hackers may have created. Check for users with unfamiliar email addresses or usernames you don’t recognize. Downgrade WordPress user permissions to the minimum level needed for their role. Limit the number of admin accounts to reduce your attack surface.
• Check that your SSL certificate is properly installed and functioning. An expired or misconfigured SSL certificate can trigger security warnings and make your site appear unsafe. Test your certificate using online SSL checker tools. Renew expired certificates immediately. Consider upgrading to a higher-level SSL certificate for additional trust signals.

• Install all available updates for your WordPress core, plugins and themes. Outdated software is the most common entry point for hackers. Enable automatic updates where possible to prevent future vulnerabilities. Remove any plugins or themes you’re not actively using—inactive software still creates security risks.
• Install ongoing security monitoring to catch future threats early. Set up real-time malware scanning, file integrity monitoring, and login attempt alerts. Consider implementing a web application firewall (WAF) to block malicious traffic before it reaches your site.

Step 4: Submit Your Review Request

Your site is officially safe and it’s time to ask for a review. Navigate to Microsoft’s SmartScreen feedback portal. Go to the official Microsoft SmartScreen website reporting page. You’ll need to provide your website URL and select the appropriate category for your request.

Choose “I believe this site was incorrectly blocked.” This option tells Microsoft you’ve addressed the security issues and want them to reassess your site’s safety status.

In the comments section, briefly explain that you’ve conducted a comprehensive malware scan, removed all threats, and implemented additional security measures. Keep your explanation professional and factual—don’t make excuses or blame others.

Microsoft’s automated systems will re-scan your website. This process typically takes 24-72 hours, though it can take longer during busy periods. The review checks for active malware, phishing content, and suspicious behavior patterns.

You’ll receive an email notification once the review is complete. If approved, the warning will disappear for new visitors within hours. If rejected, you’ll need to investigate further and resubmit after addressing any remaining issues.

Important:
What to do if your review gets rejected?
Don’t panic—rejections are common. Run another malware scan to ensure you didn’t miss anything. Check for lingering infections, suspicious redirects, or compromised files. Fix any remaining issues and submit a new review request.

What to do if your review takes longer than 72 hours?
Be patient. Their system may be bogged down by a lot of reviews. So, wait a few more days and then resubmit a review. 

What’s Next?

Removing Microsoft’s warning is just the beginning. Your site remains vulnerable unless you implement comprehensive security measures. These steps protect against future infections and maintain your clean reputation.

• Check Other Blacklists Too: Microsoft isn’t the only organization that flags unsafe websites. Check your site’s status with Google blacklist, Norton Safe Web, and other major security providers. Each system operates independently, so you might be flagged elsewhere even after Microsoft clears you. Use online blacklist checkers to scan multiple databases simultaneously.
• Secure Your Site with SSL/HTTPS: Ensure your SSL certificate is properly configured and up-to-date. Force all traffic to use HTTPS by redirecting HTTP requests. An expired or missing SSL certificate makes your site appear untrustworthy and can trigger security warnings. Modern browsers flag non-HTTPS sites as “not secure,” which damages visitor confidence.
• Keep Software Updated: Outdated software is the primary entry point for hackers. Set up email notifications for available updates and install them immediately. Create a maintenance schedule to check for WordPress updates weekly.
• Clean Up Your Plugin and Theme Library: Delete unused plugins and themes completely—don’t just deactivate them. Inactive software still creates security vulnerabilities that hackers can exploit. Only install plugins from reputable sources like official repositories. Avoid nulled or pirated themes that often contain hidden malware.
• Install Security Plugin: Implement a comprehensive security plugin or web application firewall. These tools block malicious traffic, monitor file changes, and alert you to suspicious activity. Popular options include Wordfence, Sucuri, and Cloudflare. Configure real-time scanning and automatic threat blocking.
• Strengthen Login Security: Use strong, unique passwords and enable two-factor authentication. Limit login attempts to prevent brute force attacks. Consider changing your default admin username and hiding your login page from unauthorized users. Regularly audit user accounts and remove inactive users.

• Protect Your Online Reputation: Avoid hosting suspicious content that could trigger security flags. This includes user-generated content, file downloads, and external links. Moderate comments and uploads carefully. Set up abuse and contact email addresses so security researchers can report issues directly to you.

Wrapping up

The “This website has been reported as unsafe” warning is more than just an inconvenience—it’s a business-killing crisis that can destroy years of hard work overnight. Every hour your site remains flagged costs you visitors, revenue, and the trust that took years to build. The damage extends beyond immediate traffic loss, affecting your search rankings, brand reputation, and customer confidence for months to come.

A quality security plugin like MalCare can save you from this nightmare entirely. For the cost of a few cups of coffee per month, you get automated malware scanning, instant threat removal, and real-time protection that prevents infections before they trigger security warnings. When you consider the revenue lost during a security crisis, the time spent on cleanup, and the stress of watching your business crumble, investing in proactive security isn’t just smart—it’s essential for any serious website owner.

FAQs

How do I get rid of an unsafe website warning?

To remove an unsafe website warning, you need to identify and fix the underlying security issue first. Start by scanning your website with security tools like Google Search Console, Sucuri SiteCheck, or VirusTotal to identify specific threats. Common fixes include removing malware, updating vulnerable software, securing compromised accounts, and cleaning infected files. Once you’ve addressed the security issues, submit a review request through Google Search Console (for Google warnings) or contact the relevant security service that flagged your site. The review process can take several days to weeks, depending on the severity of the issue and the reviewing organization.

Why is my site marked as unsafe?

Websites get marked as unsafe for various reasons, including malware infections, phishing attempts, suspicious redirects, hosting malicious downloads, or displaying deceptive content. Your site might also be flagged if it’s been compromised and is unknowingly distributing harmful content, if it contains too many outbound links to suspicious sites, or if it’s been reported by users for hosting inappropriate material. Sometimes legitimate sites get caught in overly broad security filters, particularly if they share hosting with compromised sites or have unusual traffic patterns that trigger automated security systems.

How to fix blocked as unsafe by Microsoft Edge?

If Microsoft Edge is blocking your website as unsafe, first verify the issue by checking your site through Microsoft’s safety tools and Windows Defender SmartScreen. Clean any identified security threats on your website, then submit a review request through Microsoft’s SmartScreen feedback system. You can access this by visiting the Microsoft Security Intelligence website and submitting a URL analysis request. Additionally, ensure your website has proper SSL certificates, remove any suspicious content, and verify that your site isn’t inadvertently hosting malware or redirecting users to dangerous sites. Microsoft typically reviews submissions within a few business days.

How to open an unsafe website in Edge?

While it’s not recommended to visit truly unsafe websites, you can bypass Edge’s safety warnings if you’re certain the site is legitimate. Click “More details” on the warning page, then select “Go to this webpage (not recommended).” Alternatively, you can temporarily disable SmartScreen protection in Edge settings under Privacy, search, and services, though this leaves you vulnerable to actual threats. For websites you trust that are incorrectly flagged, consider using the “Report this site as safe” option to help improve Microsoft’s filtering accuracy. Always ensure your antivirus software is active when bypassing these warnings, and avoid entering sensitive information on flagged sites.