How To Remove "Deceptive Site Ahead" Warning

Out of the various warning messages that Google displays, Deceptive site ahead is more often than not displayed for a website identified as Phishing. However, sometimes, phishing might not be the only cause. It could also happen that your website has malware in it. I am sure; you got a mini heart attack on seeing your website flagged with a scary looking red screen with the message Deceptive Site Ahead in it. In this article, we will try to answer most questions around that dreaded sentence “Deceptive Site Ahead.

In time, we will discuss what all you can do to remove this warning from your website. But, before that, let us try to figure out what is “Deceptive site ahead” and what could be the possible reasons that Google thought it better to flag your website. Shall we begin?

What is Deceptive Site Ahead?

Deceptive site ahead is a warning message (typically a red screen with “Deceptive site ahead” written in it) rendered by Google on sites identified as phishing or hacked to ensure the safety of the visitors.

On the other hand, deceptive sites are those sites which try to trick you into doing something dangerous online, such as revealing passwords or personal information, clicking on malign links, downloading malicious JavaScripts or codes either by phishing or by social engineering.

Related article – How To Remove “The Site Ahead Contains Harmful Programs” Warning

Reasons for the Deceptive Site Ahead Warning

As we discussed earlier, phishing and malware are a few reasons why Google deems a website deceptive or fake. But, it must be mentioned here that these are not all. In this section, we will discuss in detail what are the possible reasons that make for the red warning of “Deceptive Site Ahead” on a website.

  1. Phishing

    A phishing website is a website that disguises itself as a legitimate source and tricks innocent users into revealing sensitive personal information like credit card details, credentials, passwords, etc. Phishing, pronounced and meant the same as the word ‘fishing’ in the English language, is a crooked way to fetch personal account details by malefactors. Phishing could be executed by the use of several maneuvers like:

    1. Imposing sensitive pages of the original website like credentials form, payment forms, etc.
    2. Planting viruses or keystroke loggers (which record what you type), thus giving away your passwords/usernames to the hacker without your knowledge.
    3. By showing a sense of urgency and wanting prompt action at your end. Remember being told that if you do not give your bank credentials right now, your bank account will be in danger? Yes, that is probably phishing. A legitimate bank or any other institution would not require you to take decision by some random form online.

  2. Malware

    Malware, short for malicious software is also one of the reasons why Google flags a website as deceptive. To be more clear, Malware is a file that intends to damage a website, a computer, or a server. ” A Malware is often inserted into a website with these frequent cyber attacks:

    Cross-Site Scripting (XSS) attack

    Stored cross-site scripting attack is also used as a way to plant malicious link which automatically downloads on a user’s computer when visited. Quite obviously, Google blacklists those sites as being deceptive.

    SQL injection attack –

    SQLi is used to add, modify, and delete records in the database. Such content is often called a malicious payload and is the key part of the attack. After the attacker sends this content, malicious SQL commands are executed in the database. This could also be a reason for Google blacklisting a website.

    Further, it might also be added to your website via a vulnerability in your CMS(content management system), theme, or plugin. It could also happen that your website was trying to load harmful scripts on visitor’s site.

  3. Malicious Advertisements (Malvertising)

    If Google notices random pop-ups, redirecting ads, or malware loading ads on your website, it shows the red screen to protect other users online. Malvertising is a relatively new concept, in which, hackers tend to inject malign ads into hacked websites so that it gets delivered through web pages. Also, these ads can infect visitors without requiring action from them. They do not even require to click on it to infect them. This makes it particularly worrisome. Hence, Google renders the deceptive site ahead warning in these cases.

  4. Not Having Proper SSL Certificate

    Google is very strict with its policies. So, when it made SSL certificate mandatory for websites, it surely wasn’t kidding. We have seen sites flagged as “deceptive” if they haven’t moved from HTTP to HTTPS. Only installing an SSL certificate is not enough, you also need to redirect your website From HTTP to HTTPS.

    Besides that, having some of your web pages as HTTP and some as HTTPS gives Google a mixed content signal. This could also be a reason why your website has been flagged by Google.

Does chrome show warning message “Deceptive Site Ahead”  for your website? Drop us a message here or chat with an Astra agent now, and we will be happy to help 😊

How to Fix the Deceptive Site Ahead Warning

We have till now understood what could be the possible causes of Google flagging your website. Let’s dive right into the fixation process then.

1) For WordPress Websites

  1. Go to your Google Search Console > Security tab. Review the issues alerted there. It will show you what kind of hack you have fallen victim to. And, the problem pages where the infection is.
  2. Take a backup of your website. And, use an online malware scanner to scan your website. You can also install a security plugin to scan your website too. Review the scan and remove the modifications.
  3. Navigate to Google Toolbar > View > Developer > JavaScript Console. Check for malicious codes; remove if any.
  4. Get rid of redirecting, third-party Ads or Scripts.
  5. Install a proper SSL certificate. Make sure to set the redirection of the website from HTTP to HTTPS (301 Redirections).

2)  For other CMS and Custom PHP

  1. Go to your Google Search Console > Security tab. Review the issues alerted there. It will show you what kind of hack you have fallen victim to. And, the problem pages where the infection is.
  2. Take a backup of your website. And, use an online malware scanner or the aw snap tool to scan your website. You can also install a security plugin to scan your website too. Review the scan and remove the modifications.
  3. Get rid of redirecting, third-party Ads or Scripts.
  4. Install a proper SSL certificate. Make sure to set the redirection of the website from HTTP to HTTPS (301 Redirections).

How to Submit a Review Request

Once you have done the cleaning thoroughly. You can go ahead and submit a request to Google to remove “Deceptive Site Ahead” message from it. But, before you submit that request make sure the following things are in place:

  • Your site is completely clean of the malware
  • All vulnerabilities are patched
  • It is up and running

Follow these steps to submit the request:

  1. Navigate to Security Issues Tab of your Google search console.
  2. Check the box, I have fixed these issues.
  3. Now, click on Request a Review.
  4. A new window will pop up, you will need to mention the steps you have takes to remove the infection. Make sure you give detailed information. Regarding the structure of the review request, you can refer to this Request a review template which our security experts have designed. And, send it to Google search console team.
  5. Finally, click the Manual Actions section.

Is your website hacked? Drop us a message in the chat box and we will be happy to help 😊

Also, if you believe your website had no infections at all and is wrongly tagged with the “Deceptive Site Ahead” message, you can submit your concern here – Report incorrect phishing warning to Google.

Report incorrect "Deceptive Site Ahead" Warning
Report incorrect phishing warning to Google

The request takes around a day to process for websites deemed as deceptive. Once google your website with its malware scanner and finds no malware it will remove the “Deceptive Site Ahead” warning message. In case, the malware persists on the site, it will decline the request.

Related article – Blacklisted By Google: How to Remove Website from Google Blacklist

Prevent your website from “Deceptive Site Ahead”

As you would have realized after reading this blog, removing the “Deceptive Site Ahead” warning requires much effort, time and patience from your part. Not to mention the effect it has on the reputation of your website and business. But, if you would take care of these little yet effective security measures, the risk factor naturally reduces. Some of these measures are:

  1. Update to the latest versions

    Updates are nothing but mended and patched versions. So, the easiest yet effective measure that you can take is to be updated all year long. Using obsolete versions can result in an unexpected and brutal cyber attack. Every disclosed vulnerability should be mended at the earliest.

  2. Change passwords

    Changing passwords often is a way you can ensure the security of your website quite easily. Also, having unique and hard to guess usernames for your admin panel, databases, APIs will make it tougher for a hacker to crack it. Thus, making the website less prone to hacks.

  3. Install firewall

    A firewall is a continuous monitoring system that guards your website 24*7. A firewall, such as Astra’s protects your website against SQLi, XSS, LFI, RFI, Bad Bots, Spam & 100+ threats in real time. Apart from OWASP’s top 10 threats found in websites, the firewall also protects against known CVE’s. It also detects visitor patterns on your website & automatically blocks hackers with malicious intent. Having a firewall can mean your website remains protected even when you are sleeping.

Related article – How to Remove “This site may be hacked” Warning message

Steps to remove Google warning, deceptive site warning, Chrome red screen

Get Professional Help From Astra Web Security

Hopefully, you have succeeded in removing the infection and requesting the review. In case you are finding it difficult to remove the malware yourself you can always contact Astra, and we will be happy to help you out. Because let’s be honest here not everyone can be good at security.

Astra Web Security is tailored for CMS(s) like WordPress, Magento, PrestaShop, OpenCart, Drupal and custom PHP. Our firewall stops SQLi, XSS, bad bots, brute force attacks and 100+ other coming threats to your website. With Astra’s on-demand malware scanner you can scan your website in just a matter of minutes, on a click of a button. Further, our ever-evolving malware scanner keeps getting more and more optimized with each scan.

Try the Astra demo now.

Was this post helpful?



Waiting to Get Hacked?

Get security tips & latest vulnerability fixes right in your inbox:

About The Author

Naman Rastogi

Naman is a Digital Marketer & Growth Hacker at Astra. A technology enthusiast with focused interest in website security.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Close