How to fix “Deceptive site ahead” and other warnings on your website

What does “deceptive site ahead” mean?

Finding out that your website has a warning is a shock. Your first reaction might be to assume that there is nothing wrong with your site. After all, you know that he didn’t put anything dangerous in it.

But someone else could have done it.

We have all read about cyber attacks on large corporations in the news, but it can happen to small ones as well. In fact, 46% of data breaches happen to small businesses.

Common types of website hacking include URL injection, which is when a hacker creates spam pages on a site, and content injection, such as adding keywords and gibberish text.

If you receive one of Google’s warnings, it may indicate that you have been hacked. It’s also possible that you’ve set up your site in a way that Google doesn’t like.

Reasons for the warnings include:

To remove the warning, you’ll need to resubmit your website to Google and request that it not be flagged as dangerous or misleading. Fortunately, this is a fairly simple process.

Do not submit your site to Google until you are sure that the problem with your website has been resolved (more on this later).

Website warning messages and what they mean

“Deceptive site ahead” isn’t the only warning Google attaches to websites. While the solution, resubmitting your site to Google, is the same for all of them, the meaning of each is slightly different.

Understanding what the warning means is the first step in fixing it. So let’s take a look at some of the most common ones.

“Misleading Site Ahead”

This warning specifically refers to websites that could be phishing sites. For example, it could be a page designed to look like it belongs on your website, but used to steal users’ personal information.

“Site Ahead contains malware”

This indicates that the website may be attempting to install harmful software on a site visitor’s computer. Malware could be embedded on your site in places like images, third-party components, or ads.

“suspicious site”

This is a general warning that Google has deemed a site suspicious and potentially unsafe.

“Site Ahead contains harmful programs”

The harmful programs error warns that your website might try to trick visitors into installing programs that cause problems when they browse online.

“This page is trying to load scripts from unauthenticated sources”

Good news: if this is the warning that Google has attached to your site, it probably hasn’t been hacked. It usually means that your website is HTTPS, but you are trying to load scripts from HTTP sources.

“Who dare say? [Site Name]?”

Google displays this message to site visitors when it thinks they might be looking for a different site with a similar name. Hackers sometimes create sites that are just a letter or dash away from a secure site to entice visitors to give up their personal information.

The process for asking Google to review this issue is a bit different from the other warnings. If you or your site visitors are getting a “Did you mean [site name]?” warning, Google asks you to contact them about it using this form.

“Fraudulent Website Warning” (Safari)

With 77.03% of the global desktop market share, Google Chrome may be the undisputed king among browsers, but it’s not the only game in town. Safari (8.87% market share) also displays warnings on the website, albeit with slightly different wording.

“Potential security risk ahead” (Firefox)

Firefox, the third most popular browser with a market share of 7.69%, has its own set of warnings.

Although Safari and Firefox may express your website warnings differently than Google, the causes, and the solutions, are the same.

How to Fix Website Warning Messages

Before you resubmit your site to Google for review, make sure you’ve fixed any security issues.

Google Search Console (formerly known as Webmaster Tools) is your best friend in this process. Through Search Console, Google makes it easy for you to find out what’s going on with your site, even if you don’t have much technical experience.

If you haven’t set up Google Search Console for your site yet, now is a good time. It’s completely free and will help you monitor, manage, and improve your site long after the security warning is cleared.

View the security issue report in Google Search Console

Sign in to Google Search Console. If Google has found security issues, a link to your Security Issues Report will appear on the overview page.

You can also access the report by going to Security and Manual Actions and then Security Issues in the sidebar.

There are several potential security issues that you can see in the report. Google classifies problems into three groups: pirated content, social engineering, and malware or unwanted software. Let’s take a quick look at each one.

hacked content

Hacked content is any content added to your website without your permission due to security vulnerabilities on the site. For example, a hacker could add spammy links to your web pages.

If you’ve been hacked, your Security Issues Report will show issues like:

• Hacked: Malware
• Hacked: Code Injection
• Hacked: Content Injection
• Hacked: URL injection

Social engineering

Social engineering means that the content on your site is trying to trick people into doing something dangerous. For example, the site may have deceptive forms to convince users to reveal sensitive information.

Social engineering content issues in your report could include:

• misleading pages
• Misleading Embedded Resources

Malware and unwanted software

This problem means that you have applications or downloadable software on your website that can harm the user. The site owner or a hacker could have installed them.

Expect to see problems like:

• harmful downloads
• Links to harmful downloads

No matter what issue you see on your report, you can click on it to get more information.

Google advises on how to solve the problem, but it can be quite technical. For many of the issues, there are simpler, WordPress-friendly ways to fix your website and remove the warning.

Find and remove malicious code on your website

At Phluit, we have a security guarantee. That means if your website is hosted here, please contact us and:

Perform a deep scan of your site files to identify malware
Repair WordPress core by installing a clean copy of the core files
Identify and remove infected plugins and themes

However, if your WordPress site is hosted elsewhere, you can try restoring an older, clean version of your site from a recent backup. Just remember that you will lose any changes you have made since you backed up the website.

If you don’t have a backup or don’t want to lose your new content, there are several plugins and services that can help.

Make sure the SSL certificate is installed correctly

SSL stands for Secure Sockets Layer. It is a web security protocol that encrypts and authenticates data as it is sent between two applications, such as a browser and a web server.

Sometimes an incorrect SSL certificate installation can cause a browser warning message. You can check your installation with tools like SSL Checker.

If your website is hosted on Phluit, it’s automatically protected by our Cloudflare integration, including free SSL certificates with wildcard support.

4. Redirect website from HTTP to HTTPS

Your SSL certificate enables HTTPS. Everyone should use HTTPS – it’s more secure, better for SEO, and provides more accurate referral data.

Unfortunately, the migration process from HTTP to HTTPS can cause problems.

It is important to redirect all your HTT P traffic to HTTPS permanently. If you have an HTTPS site, but some content loads over a less secure HTTP connection, Google might attach a warning message to your site.

Phluit customers can use our Force HTTPS tool to redirect HTTP traffic to HTTPS with just a few clicks. For other hosts, the solution will depend on the server software being used.

There is a simple solution that uses a WordPress plugin to configure your website to run over HTTPS. After you have installed SSL, get the Really Simple SSL plugin.

That said, we do not recommend that you use the plugin method permanently.

While they may be tempting as a quick fix, third-party plugins introduce an additional layer of risk. You can always use it as a workaround while you work on solving the problem in another way.

How to resubmit your site to Google

You have found the security problem of your website and have cleaned the site. And now that?

To resubmit your site to Google, you’re going to use, you guessed it, Google Search Console. Here’s how:

Step 1: Prepare your site for submission

Check that you have removed harmful content from your website. If you used a security scanner to find the malware, run it again.

Submitting your site without fixing the problem will cause additional delays.

To review your website, Google has to be able to crawl it. Make sure you haven’t blocked Googlebot through noindex tags or any other method.

Finally, this may seem like a no-brainer, but it’s a mistake made before: If you took your site offline to deal with the hack, make sure it’s live again so Google can verify it.

Step 2: Request a review

Go back to Google Search Console. In the Security Issues Report, click the Request Review button.

This will take you to a form that asks you to describe what you did to fix the problem. Write a sentence for each of the security problems detected.

For example, if you received the errors “Hacked: Content Injection” and “Harmful Downloads”, you could type:

For content injection, I removed the spam content and fixed the vulnerability by updating my WordPress plugins. For harmful downloads, I replaced the third party code that distributed malware downloads on my website.

If your website has been specifically flagged for phishing, you can submit it for review through Google Search Console as described.

If you see “Quindad 2? [site name]?”, submit your site through this link, not Search Console.

Step 3: Wait

The time it takes for Google to review your website depends on the type of security issue.

• Hacked with spam: Several weeks
• Malware: A few days
• Phishing: About a day

If Google finds that your website is clean, the warning should be removed within 72 hours.

What if your site doesn’t pass the review?

If Google determines that it hasn’t resolved the issue, the deceptive website warning will remain in place. The security issue report may start showing more sample infected urls to help you track down malicious content.

What about warnings in other browsers?

If your website also shows warnings in Safari or Firefox, don’t worry. You do not have to go through a separate review process for each browser.

Mensaje de advertencia de riesgo de seguridad de Firefox.

Firefox and Safari, as well as many other browsers, get their information from Google’s safe browsing lists, a set of frequently updated lists of unsafe web resources. (The exception is for users in mainland China, where Safari can use Tencent lists instead of Google.)

If you authorize your website with Google, the warnings will also be removed from other browsers.

How to prevent “deceptive site ahead” warnings

No website is 100% secure. Hackers develop new tricks all the time, and if you’re a website owner, there’s always a chance you could be the next victim.

That said, most cyber attacks can be prevented by following some best practices.

Here are our top tips for preventing that bright red warning page from greeting your site visitors.

Stay up to date

It is essential that any software on your website, be it your main CMS program, plugins or theme, is up to date.

Developers update software in response to new security threats, but your site is still vulnerable if you’re running an older version.

One study found that 49% of hacked WordPress sites were running outdated versions of the CMS at the time of infection.

And don’t forget about your plugins. Plugins are a great feature of WordPress, but it’s easy to add a bunch and never think about them again.

Each plugin is a gateway for a hacker to gain access to your site. To be as safe as possible, update all of them regularly and avoid using overridden plugins.

Use a WordPress security plugin

There is no shortage of plugins designed to improve WordPress website security.

The problem is that many of them cause site performance issues. That is why we have banned some of them from Phluit sites.

If you’re hosted on Phluit, our free hacking fixes and security features built into the MyPhluit dashboard mean you don’t need any third-party security tools.

But for site owners using other hosting services who might want to use a WordPress plugin, we recommend two in particular: Sucuri or Wordfence.

Monitor Google Search Console

Site owners using Google Search Console should receive email warnings about security issues, but it doesn’t hurt to check in from time to time.

In addition, Search Console has many other features that help your site’s performance and search engine optimization. Keeping an eye on this tool can only improve your website.

Restrict access

A surprising number of hackers gain access to your website in a simple way: they use your password.

Be careful who you have login credentials for your site. Make sure everyone on your team follows best practices, like using a password manager, and understands how to avoid scams like phishing emails.

Choose a secure host

As a website owner, you can only do so much to ensure that your site is secure. For server-level security, you need to find a host you can trust.

Summary

It’s alarming to realize that Google has put a warning on your website, but it’s not hard to fix. Seeing the warning message can even be a useful alert that something is wrong with your site.

The best way to keep an eye on your website is to set up Google Search Console and monitor it regularly. Deal with any problem as soon as it occurs.

Even better, avoid security issues in the first place. Following the WordPress security best practices above will go a long way toward keeping your site secure and your incoming traffic flowing.