911 Hack Removal

Google Blacklist – How to Remove Your Website from Google Blacklist (WordPress, Magento, PrestaShop, OpenCart, Drupal & PHP)

Updated on: February 4, 2022

Google Blacklist – How to Remove Your Website from Google Blacklist (WordPress, Magento, PrestaShop, OpenCart, Drupal & PHP)

Are your website’s search results carrying a warning that your site may be suspicious? Bad news ahead but your website has been subjected to Google blacklist. Sites that are hacked or affected by malware often carry these warnings to protect users. This, however, can affect your reputation. To find out more about why you may have been blacklisted by Google and to remove your site from it, read on.

What is Google Blacklist?

The Google black list is a database maintained by Google that contains websites flagged as unsafe for users by Google, other search engines, or security companies. These websites may host malware, Phishing attacks, spam ware, etc, and Google blacklist protects the users from these.

As we know, Google is the most popular search engine out there. People make millions of queries every day on Google to find out answers to their questions. It indexes thousands of web pages and returns the relevant pages based on the query. Now, Google has the onus to protect its users from landing on suspicious pages by identifying and blocking malicious pages beforehand. For this, Google regularly scans all web pages for malware, deceptive content, redirecting links & ads, and so on.

Whenever Google finds malicious content or files in a website that might compromise a visitor’s security, it immediately starts showing the Google blacklist warning for the website. Visitors are cautioned with a Google warning message upon visiting the website, which says something like – ‘Deceptive Site Ahead’, ‘This website contains malware’, ‘This site has been hacked’, etc. Website owners are notified too via email or message in Google’s search console.

What happens after Google blacklists a website?

When Google blacklists a website, usually two things happen:

  • The website/web pages is taken off the index list. So if your website has been blacklisted, it means your website will not appear on Google.
  • A warning message is displayed for the website to discourage people from visiting it. Further, Google also removes malicious web pages from the top pages to avoid people clicking on it.

This would mean your website may lose all its organic traffic from Google if it’s blacklisted. If you run a business and Google traffic is your main source of acquiring prospects, your sales and revenue may take a hit too.

How To Check If Your Site is Blacklisted By Google & Other Search Engines

We’ve seen that Google blacklists a website as the last resort. The website is usually infected for weeks after which Google picks up the malicious code on your website, leading to blacklisting it.

Types of Google Blacklist messages
Types of Google Blacklist

In addition to the website being blacklisted by Google, we’ve seen there are other engines too where your website could be blacklist. Example: McAffee’s blacklist, Virustotal, AVG, Avast, etc.

You can check if your website is on Google blacklist and other 65+ security engines from below:

Is your website blacklisted by security tools? Find out in 15 seconds.

Common Website Blacklist Indicators/symptoms

What are some common signs or symptoms one should look out for to understand if you’ve been blacklisted by Google?

  • On visiting the site, you get blocked by a big warning screen.
  • There are external links with search engine optimization (SEO) spam keywords that, on clicking, will redirect one to search engine result pages (SERP).
  • There are unexpected and suspicious changes to your website database files or the appearance of new ones with malicious content.
  • Your antivirus blocks a portion or the entire website when you visit it.
  • You may come across messages such ‘This site may be hacked’ on your search engine results.
  • Your hosting server suspends your account without warning and disables it until the hacked content gets cleaned out and the website is re-submitted for verification. 

Why does Google Blacklist happen?

Usually, website authorities like Google, Bing, and McAfee SiteAdvisor monitor sites that appear on their results page to detect the presence of any malware. This includes trojan horses, pharma hacks, SEO spam, phishing schemes, etc. Search engines, in their best interests, target such infected sites and refuse to let them be displayed or be accessed by visitors, wishing to protect their integrity and trustworthiness. 

In most situations, website owners are not aware of being hacked until they realize they have been placed on the blacklist of authorities like Google. 

There are different categories for consideration when a website is blacklisted – some may be pushed to the list for containing spam, others have malware content and yet others provide external links that lead to phishing scams and compromise visitor’s data privacy and security. These are some sort of situations when a site is usually pushed into the blacklist, which requires comprehensive and precise steps to renew its reputation. 

Causes for Getting Blacklisted by Google

1) Malware

Google may blacklist your website when it suspects that your website is being used to spread malware. The pages on your site that have been hacked may automatically download malware when visited – which can alert Google to the fact that your website might be the target of a pervasive malware campaign.

Therefore, to keep users safe, their browsers might display a warning when they visit your site, typically a message or a red screen containing the keyword ‘malware’ on Chrome. Some browsers may display different warnings such as this site may be hacked,  this site may harm your computer, deceptive site ahead, etc.

If your website shows such a warning, it might be a good idea to start working on Google blacklist removal.

2) Phishing

If your website has been labeled deceptive or fake, it might be due to your site being on Google’s phishing listing. Your website may have been modified to collect user info and send it to other servers controlled by hackers. These modified pages might ask users for sensitive info, and users who provide this information may themselves be attacked. This can decrease the users’ trust in your website and affect your reputation.

Related Post – How to remove Deceptive Site Ahead warning?

3) Using Black Hat SEO Techniques

If you’re using Black hat SEO techniques, such as cloaking, scraping websites, and buying links for your website, Google may have blacklisted you. These techniques are unethical as they give websites an unfair advantage, so Google keeps a lookout for sites using such techniques.

How to Remove Site from Google Blacklist:

If you have identified that your site has been blacklisted by Google, we need to work on removing it. Here is a step-by-step guide to removing your website from the blacklist.

  1. Checking for Infection
  2. Cleaning Infections/Malware
  3. Ask Google for Blacklist Removal Review
  4. Removing Your Site’s IP from Spam Lists

1) Checking for Infection

A good place to begin checking is to look at the Google Search Console, which will show why your website was blacklisted – it may be due to viruses, SQL injection, a spam link injection, etc. Once you have identified the reason, you can take steps to rectify the issue depending on the exact issue flagged by Google.

2) Cleaning Infections

Here are a few steps to begin cleaning the infections you may have found in the previous step. A word of caution – be careful in executing these steps and removing the loopholes, if any.

  • Review the unfamiliar modifications on your website and remove them manually.
  • There are certain files which hackers prefer infecting for their important. Trying to find malware in these locations will be a good start:
    • Index file of the website (index.php in most of the case). Within this file, start by checking the header and footer sections for un-recognizable code or gibberish text.
    • .htaccess file is often used by hackers to redirect your visitors to malicious websites which is often picked up by search engines resulting the Google’s blacklist.
    • functions & wp-config files are worth checking considering their super important files containing sensitive information (if you’re using WordPress).
  • Checking key database tables also helps. Hackers often inject malicious scripts in database by exploiting vulnerabilities causing remote code execution and SQL injection. A few examples of key database tables would be table containing your articles (wp-posts), user information and form data. Basically, data tables which are linked to various website inputs should be checked for malicious code insertions.
  • Disable plugins which have been de-activated but still installed
  • Check for new admin(s) added. Then, remove them manually and reset all passwords and usernames.
  • Clean the tables of the infected database manually.
  • Enable two-way authentication for the users.
  • Check the addition of any unverified user and remove them.

We also have comprehensive guides to malware removal you can follow:

Steps to ask Google for Blacklist Removal Review

You can then submit your site for a malware review. However, it may take some time for Google to review your website, ranging from a few hours to a day or two. The steps to submit your site for a review are:

  1. Go to the Security Issues Tab.  This is to review the issues Google has found.
  2. Then select “I have fixed these issues”.
  3. Now, click on “Request a Review”.
  4. Type the steps taken by you to remove malware from your site & the Google blacklist. Make sure you give detailed information!
  5. Finally, click the Manual Actions section.

In case there are multiple issues, continue to follow steps 1-4 until all of them have been resolved.

3) Removing Your Site’s IP from Spam Lists

Your infected site may have been used for a spam campaign – a few groups that look out for domains spamming users could have put your website on their list. There are services available that help you look through such lists. Different lists have different procedures to remove your site’s IP from the list. The Internet can be of great help with this.

How to Prevent Being Blacklisted by Google in the Future:

1) Work with Google Analytics

Google Analytics is a great way to know about your website. It gives you a comprehensive view of how your website works regarding internet traffic. It can also help you identify suspicious activity and give you insight as to whether your site may be affected by malware.

2) Use White Hat SEO

If you’re using black hat SEO techniques, you might want to reconsider that! They have a high likelihood of getting you blacklisted by Google. Instead, here are a few positive techniques to make your website awesome:

  • Spruce up the content on your website which makes users spend more time.
  • Make your website secure.
  • Pay attention to what users are looking for on your website.
  • When blacklisted, the quicker you act, the more damage you control.

3) Update

A good practice is to keep updating the software regularly. This is the best precaution you can take as a webmaster, and the most basic step towards securing your website.

4) Follow Good Security Practices

You can follow our comprehensive security guides as per your CMSs to secure them in real-time from attacks.

5) Go for a Security Audit

Website security is of utmost importance today, and your website is more likely to be blacklisted if it isn’t very secure. Going for a security audit is a good idea – an expert opinion can help take your website’s security from good to excellent!

6) Use a Security Solution

It can be quite a tedious task to look out for malware on your website round the clock, but there are security solutions like Astra which could help keep an eye on your website and protect it from hackers and malware. This will prevent your website from getting blacklisted by Google.

We’ve made a detailed step-by-step video on how to fix the warnings and remove your site from Google’s blacklist that you might find helpful:

Google Blacklist: Conclusion

Malware is always changing, and can affect your website and even your reputation. While removing your website from the blacklist is one part, ensuring you never get blacklisted again requires something more permanent – like Astra Website Protection.

Infographic: Fixing Google Warning Messages (Google blacklist)
Fixing Warning Messages in Google

Is your website blacklisted by security tools? Find out in 15 seconds.

Want to know more or have a quick question? Talk with our engineers!

We are always online! 😊

Tags: , ,

Shikhil Sharma

Shikhil Sharma is the founder & CEO of Astra Security. Being involved with cybersecurity for over six years now, his vision is to make cyber security a 5-minute affair. Shikhil plays on the line between security and marketing. When not thinking about how to make Astra super simple, Shikhil can be found enjoying alternative rock or a game of football. Astra Security has been rewarded at Global Conference on Cyber Security by PM of India Mr. Narendra Modi. French President Mr. François Hollande also rewarded Astra under the La French Tech program. Astra Security is also a NASSCOM Emerge 50 company.
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Newest Most Voted
Inline Feedbacks
View all comments
Alex Marvin
Alex Marvin
5 years ago

Great article!


[…] to the spam pages. However, search engines have malware filters. As a result, the store may get Blacklisted for spam content or malware. This warns the users each time they proceed on the site. Thus user […]


[…] Spam content can also damage the reputation of the host server and can at times result in getting blacklisted by search engines. Therefore, hosting providers take adequate steps resulting in the WordPress site getting […]


[…] I shall explain the detailed steps of (upload, install, unzip, move, XML and remove) which made OpenCart vulnerable to RCE. Later in the article, we shall show how security measures like a secret temp directory name […]


[…] Note: Know more about Google Blacklist Removal. […]

4 years ago

One of the complete guide on Blacklist removal. My WordPress website is showing “Deceptive site ahead”. Can you please help me

Naman Rastogi
4 years ago
Reply to  Mariana

Thanks, Mariana.

For Deceptive site ahead you can check our guide here – https://www.getastra.com/blog/911/remove-deceptive-site-ahead-warning/

Also, you can use our scanner to scan your website – https://www.getastra.com/website-scanner

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include a vulnerability scanner, firewall, malware scanner and pentests to protect your site from the evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany