911 Hack Removal

How To Fix “Deceptive Site Ahead” Warning Message from Google (Video & Review Template Included)

Updated on: August 24, 2020

How To Fix “Deceptive Site Ahead” Warning Message from Google (Video & Review Template Included)

Article Summary

I am sure, you got a mini heart attack to have your website flagged with a scary looking red screen with the message Deceptive Site Ahead in it. And you have been striving to retrieve your website from that danger ever since maybe. Yes, you are in the right place. In this article, we will try to answer most questions around that dreaded sentence “Deceptive Site Ahead”. Further, we will help you in removing that face shaming message from your website.

Everything was fine until last night and suddenly Google is showing an ugly ‘Deceptive site ahead’ red page on your website today? Truth be told, you’re not the first one to experience this. There was a lot going on in your website behind the curtains, with Google displaying the deceptive site warning it’s all out now. We’ve seen that a website is hacked at least 3-4 weeks before Google detects it and starts displaying the deceptive site ahead warning – more on it below.

Scan Your Website For Blacklist
Our tool scans 65+ blacklists to check if your website is blacklisted

Meaning of ‘Deceptive Site Ahead’

Deceptive site ahead is a warning message (typically a red screen with “Deceptive site ahead” written in it) rendered by Google on sites identified as unsafe for visitors to load on their devices.

Here’s what Google is saying what it says your website is ‘Deceptive’:

  • Your website is hosting phishing pages

  • The website has malware/virus infection

  • There is code within your website linking to questionable websites according to Google

  • Personal information of visitors is transmitted to un-secure servers/links through your website

  • There is a credit card stealing malware in your website’s code

deceptive site ahead fix

Related: How To Remove “The Site Ahead Contains Harmful Programs” Warning

Reasons for the Deceptive Site Ahead Warning on your website

As we discussed earlier, phishing and malware are a few reasons why Google deems a website deceptive or fake. But, it must be mentioned here that these are not all. In this section, we will discuss in detail what are the possible reasons for the “Deceptive Site Ahead” warning on your website.

  1. Phishing

    A phishing website is a website that disguises itself as a legitimate source and tricks innocent users into revealing sensitive personal information like credit card details, credentials, passwords, etc. Phishing, pronounced and meant the same as the word ‘fishing’ in the English language, is a crooked way to fetch personal account details by malefactors. Phishing could be executed by the use of several maneuvers like:

    • Planing legitimate looking pages on the website which trick users to add their personal information like credit cards, phone number and emails

    • Planting viruses or keystroke loggers (which record what you type), thus giving away your passwords/usernames to the hacker without your knowledge

    • By showing a sense of urgency and wanting prompt action at your end. Remember being told that if you do not give your bank credentials right now, your bank account will be in danger? Yes, that is probably phishing. A legitimate bank or any other institution would not require you to take decision by some random form online

  2. Malware

    Malware, short for malicious software is also one of the reasons why Google flags a website as deceptive. Malware is one of the top reasons for the ‘Deceptive Site Ahead’ warning. Websites are often infected with malware for months until it’s discovered. A Malware is often inserted into a website with these frequent cyber attacks:

    • Cross-Site Scripting (XSS) attack: Cross-site scripting attack is also used as a way to plant malicious link which automatically downloads on a user’s computer when visited. A number of plugins, themes and websites are known to be vulnerable to XSS. It’s often regarded as the ‘low hanging fruit’ of web security due to so many website being vulnerable to it. This attack can be quite hazardous when combined with other vulnerabilities.Quite obviously, Google blacklists those sites as being deceptive.

    • SQL injection attack: SQLi is used to add, modify, and delete records in the database. Such content is often called a malicious payload and is the key part of the attack. After the attacker sends this content, malicious SQL commands are executed in the database. This could also be a reason for Google blacklisting a website. Further, it might also be added to your website via a vulnerability in your CMS (eg WordPress, Magento, OpenCart etc.) theme, or plugin. It could also happen that your website was trying to load harmful scripts on visitor’s site.
    • Malicious Advertisements (Malvertising): If Google notices random pop-ups, redirecting ads, or malware loading ads on your website, it shows the deceptive warning to prevent your users getting tricked into going to malicious websites.


      These ads can infect visitors without requiring action from them. They do not even require to click on it to infect them. This makes it particularly worrisome. Hence, Google renders the deceptive site ahead warning in these cases.

    • Not Having Proper SSL Certificate: Google is very strict with its policies. Recently they made SSL mandatory for all the websites and even included having SSL as a part of their website ranking mechanism.

      We have seen sites flagged as “deceptive” if they haven’t moved from HTTP to HTTPS. Only installing an SSL certificate is not enough, you also need to redirect your website From HTTP to HTTPS. Besides that, having some of your web pages as HTTP and some as HTTPS gives Google a mixed content signal. This could also be a reason why your website has been flagged by Google.

30,000 websites get hacked every single day. Are you next?

Secure your website from malware & hackers using Astra Security Suite before it’s too late.

How to Fix the Chrome Deceptive Site Ahead Warning

Fixing the ‘Deceptive Site Ahead’ message requires a multi-fold approach. This is because Google doesn’t share a lot of information to work with, so one has to either be a web security expert or eliminate all the possibilities on by one. More on it below:

  1. Add your website to Google Search Console so that you can manage the search settings

  2. Navigate to the ‘Security issues tab from the lest sidebar

    Deceptive Site Ahead Removal - Google Search Console

  3. Since your site is blacklisted by Google, you will be shown some basic reasons about why your website is flagged. Read the details over here, and also copy the malicious URLs which were detected

  4. Take a backup of your website, just in case it needs to be restored

  5. Now use an online malware scanner to scan your website remotely to see if any additional malware is detected.

  6. Google and other free online malware scanners are only able to scan your site remotely. To completely fix your site and make it 100% secure, you would have to perform a server-side malware scan on your website. This will help you find all malware, and protect your site from being hacked again.

    If you would like to review the code yourself, it’s highly recommended you start your hunt for malware from the following files:
    • index.php file
    • core theme files
    • header & footer files
    • functions.php file (if using WordPress)
    • .htaccess
    • wp-config file (if this file is infected, wp-config hack could be at work)

  7. Review the files flagged by all the security scanners, and quarantine them. Get rid of redirecting, third-party Ads or Scripts.

  8. Once you are confident that your website is 100% clean, navigate to the ‘Security issues‘ tab in the Google Search Console, and click on the ‘Request Review’ button. More details about this in the next section.

Related Guide – Fixing Hacked WordPress Site

How to Submit a Review Request To Google For Blacklist Removal

Once you have done the cleaning thoroughly. You can go ahead and submit a request to Google to remove the “Deceptive Site Ahead” message from it. But, before you submit that request make sure the following things are in place:

  • Your site is 100% clean of malware & other viruses
  • All vulnerabilities in the site are patched
  • Website is up and running
  • Your website is well protected with a firewall and malware scanning to prevent re-infections

Precautions to take before submitting a Review Request

It is very important that you submit the reconsideration request with Google ONLY AFTER you are 100% sure that your website is clean. If your sites repeatedly fail the verification process by Google, you will be classified as a Repeat Offender. In such cases, you will be unable to request additional reviews via the Search Console for a period of 30 days.

Please don’t resubmit your request before you get a decision on any outstanding requests. Submitting a reconsideration request when the issue hasn’t been fixed can cause longer turnaround time for the next request, or even get you marked as a repeat offender.

Google Search Console Team

One guaranteed way to make sure that your website is free from ‘Deceptive content’ is to perform a server-side malware scan of all files, database, & the server.

30,000 websites get hacked every single day. Are you next?

Secure your website from malware & hackers using Astra Security Suite before it’s too late.

Steps to submit blacklist removal request:

  1. Navigate to Security Issues Tab of your Google Search Console.
  2. Click on the ‘Request Review’ button.
  3. Check the box, I have fixed these issues.
  4. A new window will pop up, you will have to mention all the steps you have takes to remove the infection & protect the site from re-infection. Make sure you give detailed information. If you are using a firewall such as Astra, you can mention it so that Google feels more confident that your site is well protected.
  5. We’ve put together a template for the message you need to send Google: Request a review template
  6. You’ll now have to wait for 24-72 hours for Google to verify that your site is clean and remove the red warning message.

Is your website hacked? Drop us a message in the chat box and we will be happy to help ?

Although Google is usually correct about malware warnings, they may have inadvertently tagged your site with the “Deceptive Site Ahead” message. In such case you can submit your appeal here – Report incorrect phishing warning to Google.

Report incorrect "Deceptive Site Ahead" Warning
Report incorrect phishing warning to Google

The request takes around a day to process, and your websites will be removed from the deceptive category.

Related article – Blacklisted By Google: How to Remove Website from Google Blacklist

Prevent your website from “Deceptive Site Ahead” Warning

As you would have realized by now, removing the “Deceptive Site Ahead” warning requires some technical effort, time and patience from your end. Not to mention the effect it has on the reputation of your website and business. But, if you would take care of these little yet effective security measures, the risk factor naturally reduces. Some of these measures are:

  1. Update your website to the latest versions

    As a thumb rule, always keep your website CMS, plugins & themes up to date. With updates, you benefit from security patches & other improvements. If you are using older versions of software, your site would be on the radar of hackers who will try and exploit known vulnerabilities.

  2. Change passwords

    Once the site is compromised, there is a good chance that hackers would have stolen the passwords. After a hack situation, always change passwords of all user & admin accounts, database, cPanel, FTP passwords. The passwords should be unique and hard to guess. This will prevent hackers from re-infecting your site using the compromised credentials.

  3. Virtually patch vulnerabilities with a firewall

    Just removing the hack is not enough, as the vulnerability would still exist in your site and leave it open to being infected again.

    A firewall is a continuous monitoring system that guards your website 24*7. A firewall, such as Astra protects your website against SQLi, XSS, LFI, RFI, Bad Bots, Spam & 100+ threats in real-time. Apart from OWASP’s top 10 threats found in websites, the firewall also protects against known CVE’s. It also detects visitor patterns on your website & automatically blocks hackers with malicious intent. Having a firewall can mean your website remains protected even when you are sleeping.

Website firewall & scanner - Astra
How Astra works to protect a site

Related article – How to Remove “This site may be hacked” Warning message

Get Professional Help From Astra Web Security

Finding malware is not always straight forward as hackers hide the bad coded using sophisticated obfuscation techniques. In case you are finding it difficult to remove the malware, or need a guaranteed solution for malware removal – we’d be happy to help!

Astra Security is tailored for CMS(s) like WordPress, Magento, PrestaShop, OpenCart, Drupal and custom PHP. Our firewall stops SQLi, XSS, bad bots, brute force attacks and 100+ other coming threats to your website. With Astra’s on-demand malware scanner you can scan your website in just a matter of minutes, on a click of a button. Further, our ever-evolving malware scanner keeps getting more and more optimized with each scan.

Don’t take our words for it. See it for yourself!

Peek inside Astra

Was this post helpful?

Tags: , , ,

Naman Rastogi

Naman Rastogi is a Growth hacker and digital marketer at Astra security. Working actively in cybersecurity for more than a year, Naman shares the passion for spreading awareness about cybersecurity amongst netizens. He is a regular reader of anything cybersecurity which he channelizes through the Astra blog.Naman is also a jack of all trade. He is certified in market analytics, content strategy, financial markets and more while working parallelly towards his passion i.e cybersecurity.When not hustling to find newer ways to spread awareness about cybersecurity, he can be found enjoying a game of ping pong or CSGO.
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

5 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Ernie
Ernie
10 months ago

I have been exploring for a bit for any high-quality articles оr blog posts on this sort ᧐f ɑrea
. Exploring іn Yahoo I finaⅼly stumbled uon thuis site.

Reading tһis info So i’m satisfied tto exhibit tһat I һave ɑ very goօd
uncanny feeling Ι found out јust wһɑt І neeԁeԁ.
I such a lߋt defіnitely ԝill mаke certain to dоn?t putt out of yoսr mind thiѕ web site аnd providdes itt a glance regularly.

Askii
Askii
9 months ago

Keeр tһiѕ going please, grewt job!

Jehan
Jehan
5 months ago

Hello, I’m asking for your expert opinion.

Is it normal that I still get a deceptive site warning even after I took the site offline and run it on a local server?

Thanks in advance, Mr. Naman Rastogi.

Jehan

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include firewall, malware scanner and security audits to protect your site from the
evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany