The “deceptive site ahead” message by Google warns visitors about the compromised state of a website. The warning indicates hacker activities that have compromised your site for malicious purposes like phishing where they show fake pages to the visitors and try to acquire their credentials.
Everything was fine until last night and suddenly Google is showing an ugly ‘Deceptive site ahead’ red page on your website today? Truth be told, you’re not the first one to experience this. There was a lot going on in your website behind the curtains, with Google displaying the deceptive site warning it’s all out now. We’ve seen that a website is hacked at least 3-4 weeks before Google detects it and starts displaying the deceptive site ahead warning – more on it below.
Our tool scans 65+ blacklists to check if your website is blacklisted
Why is your site showing deceptive site ahead?
- Your website is hosting phishing pages
- The website has malware/virus infection
- There is code within your website linking to questionable websites according to Google
- Personal information of visitors is transmitted to unsecured servers/links through your website
- There is a credit card stealing malware in your website’s code
Related: How To Remove “The Site Ahead Contains Harmful Programs” Warning
Reasons for the Deceptive Site Ahead Warning on your website
As we discussed earlier, phishing and malware are a few reasons why Google deems a website deceptive or fake. But, it must be mentioned here that these are not all. In this section, we will discuss in detail what are the possible reasons for the “Deceptive Site Ahead” warning on your website.
- Phishing
A phishing website is a website that disguises itself as a legitimate source and tricks innocent users into revealing sensitive personal information like credit card details, credentials, passwords, etc. Phishing, pronounced and meant the same as the word ‘fishing’ in the English language, is a crooked way to fetch personal account details by malefactors. Phishing could be executed by the use of several maneuvers like:
Planing legitimate-looking pages on the website which trick users to add their personal information like credit cards, phone number, and emails
Planting viruses or keystroke loggers (which record what you type), thus giving away your passwords/usernames to the hacker without your knowledge
By showing a sense of urgency and wanting prompt action at your end. Remember being told that if you do not give your bank credentials right now, your bank account will be in danger? Yes, that is probably phishing.
It is important to stay aware and informed about your digital privacy, in general, to avoid falling prey to such attacks. Here are 10 Tips to Protect Your Digital Privacy in 2022.
- Malware
Malware, short for malicious software is also one of the reasons why Google flags a website as deceptive. Malware is one of the top reasons for the ‘Deceptive Site Ahead’ warning. Websites are often infected with malware for months until it’s discovered. A Malware is often inserted into a website with these frequent cyber attacks:
- Cross-Site Scripting (XSS) attack: Cross-site scripting attack is also used as a way to plant malicious link which automatically downloads on a user’s computer when visited. A number of plugins, themes and websites are known to be vulnerable to XSS. It’s often regarded as the ‘low hanging fruit’ of web security due to so many website being vulnerable to it. This attack can be quite hazardous when combined with other vulnerabilities.Quite obviously, Google blacklists those sites as being deceptive.
- SQL injection attack: SQLi is used to add, modify, and delete records in the database. Such content is often called a malicious payload and is the key part of the attack. After the attacker sends this content, malicious SQL commands are executed in the database. This could also be a reason for Google blacklisting a website. Further, it might also be added to your website via a vulnerability in your CMS (eg WordPress, Magento, OpenCart etc.) theme, or plugin. It could also happen that your website was trying to load harmful scripts on visitor’s site.
Malicious Advertisements (Malvertising): If Google notices random pop-ups, redirecting ads, or malware loading ads on your website, it shows the deceptive warning to prevent your users getting tricked into going to malicious websites.
These ads can infect visitors without requiring action from them. They do not even require to click on it to infect them. This makes it particularly worrisome. Hence, Google renders the deceptive site ahead warning in these cases.- Not Having Proper SSL Certificate: Google is very strict with its policies. Recently they made SSL mandatory for all the websites and even included having SSL as a part of their website ranking mechanism.
We have seen sites flagged as “deceptive” if they haven’t moved from HTTP to HTTPS. Only installing an SSL certificate is not enough, you also need to redirect your website From HTTP to HTTPS. Besides that, having some of your web pages as HTTP and some as HTTPS gives Google a mixed content signal. This could also be a reason why your website has been flagged by Google.
- Cross-Site Scripting (XSS) attack: Cross-site scripting attack is also used as a way to plant malicious link which automatically downloads on a user’s computer when visited. A number of plugins, themes and websites are known to be vulnerable to XSS. It’s often regarded as the ‘low hanging fruit’ of web security due to so many website being vulnerable to it. This attack can be quite hazardous when combined with other vulnerabilities.Quite obviously, Google blacklists those sites as being deceptive.
How to fix deceptive site ahead error in Google Chrome
Fixing the ‘Deceptive Site Ahead’ message requires a multi-fold approach. This is because Google doesn’t share a lot of information to work with, so one has to either be a web security expert or eliminate all the possibilities on by one. In this section, we’ll discuss in detail on how to get rid of deceptive site warning :
- Add your website to Google Search Console so that you can manage the search settings
- Navigate to the ‘Security issues‘ tab from the lest sidebar
- Since your site is blacklisted by Google, you will be shown some basic reasons about why your website is flagged. Read the details over here, and also copy the malicious URLs which were detected
- Take a backup of your website, just in case it needs to be restored
- Now use an online malware scanner to scan your website remotely to see if any additional malware is detected.
- Google and other free online malware scanners are only able to scan your site remotely. To completely fix your site and make it 100% secure, you would have to perform a server-side malware scan on your website. This will help you find all malware, and protect your site from being hacked again.
If you would like to review the code yourself, it’s highly recommended you start your hunt for malware from the following files:
- index.php file
- core theme files
- header & footer files
- functions.php file (if using WordPress)
- .htaccess
- wp-config file (if this file is infected, wp-config hack could be at work)
- Review the files flagged by all the security scanners, and quarantine them. Get rid of redirecting, third-party Ads or Scripts.
- Once you are confident that your website is 100% clean, navigate to the ‘Security issues‘ tab in the Google Search Console, and click on the ‘Request Review’ button. More details about this in the next section.
Related Guide – Fixing Hacked WordPress Site
How to Submit a Review Request To Google For Blacklist Removal
Once you have done the cleaning thoroughly. You can go ahead and submit a request to Google to remove the “Deceptive Site Ahead” message from it. But, before you submit that request make sure the following things are in place:
- Your site is 100% clean of malware & other viruses
- All vulnerabilities in the site are patched
- Website is up and running
- Your website is well protected with a firewall and malware scanning to prevent re-infections
Precautions to take before submitting a Review Request
It is very important that you submit the reconsideration request with Google ONLY AFTER you are 100% sure that your website is clean. If your sites repeatedly fail the verification process by Google, you will be classified as a Repeat Offender. In such cases, you will be unable to request additional reviews via the Search Console for a period of 30 days.
Please don’t resubmit your request before you get a decision on any outstanding requests. Submitting a reconsideration request when the issue hasn’t been fixed can cause longer turnaround time for the next request, or even get you marked as a repeat offender.
Google Search Console Team
One guaranteed way to make sure that your website is free from ‘Deceptive content’ is to perform a server-side malware scan of all files, database, & the server.
Steps to submit Deceptive site removal request via Google Search Console:
- Navigate to Security Issues Tab of your Google Search Console.
- Click on the ‘Request Review’ button.
- Check the box, I have fixed these issues.
- A new window will pop up, you will have to mention all the steps you have takes to remove the infection & protect the site from re-infection. Make sure you give detailed information. If you are using a firewall such as Astra, you can mention it so that Google feels more confident that your site is well protected.
- We’ve put together a template for the message you need to send Google: Request a review template
- You’ll now have to wait for 24-72 hours for Google to verify that your site is clean and remove the red warning message.
Is your website hacked? Drop us a message in the chat box and we will be happy to help ?
Although Google is usually correct about malware warnings, they may have inadvertently tagged your site with the “Deceptive Site Ahead” message. In such case you can submit your appeal here – Report incorrect phishing warning to Google.
The request takes around a day to process, and your websites will be removed from the deceptive category.
Related article – Blacklisted By Google: How to Remove Website from Google Blacklist
How to fix the warning in Safari, Edge, and Chrome?
After scanning the site for malware and removing the security issues, here are the methods for different browsers to remove the warning sign.
- Safari – To remove the ‘deceptive site ahead’ warning from the Safari browser, click ‘Preferences’ from the ‘Menu’ > select ‘Extensions’ > find the ‘Deceptive Website warning’ pop-up or other associated extensions that may look suspicious > click ‘Uninstall’ button to remove it.
- Chrome – For Chrome browsers, open up chrome://settings into the URL bar, click on the option ‘Sync and Google Services’, go down and find ‘Other Google services’, under which there is a ‘Safe Browsing’ option which you can turn off.
Microsoft Edge – Clicking on the Edge ‘Menu’ option in the upper-right corner, from which you can select ‘Extensions’, locate any recently installed suspicious extensions or browser add-ons, and click ‘Remove’ to uninstall them. If you still have issues with ‘deceptive site ahead’ warnings, you can always go to the ‘Settings’ option under ‘Menu’ and click ‘Restore settings to their default values’.
How To Prevent your website from “Deceptive Site Ahead” Warning
As you would have realized by now, removing the “Deceptive Site Ahead” warning requires some technical effort, time and patience from your end. Not to mention the effect it has on the reputation of your website and business. But, if you would take care of these little yet effective security measures, the risk factor naturally reduces. Some of these measures are:
- Update your website to the latest versions
As a thumb rule, always keep your website CMS, plugins & themes up to date. With updates, you benefit from security patches & other improvements. If you are using older versions of software, your site would be on the radar of hackers who will try and exploit known vulnerabilities.
- Change passwords
Once the site is compromised, there is a good chance that hackers would have stolen the passwords. After a hack situation, always change passwords of all user & admin accounts, database, cPanel, FTP passwords. The passwords should be unique and hard to guess. This will prevent hackers from re-infecting your site using the compromised credentials. - Virtually patch vulnerabilities with a firewall
Just removing the hack is not enough, as the vulnerability would still exist in your site and leave it open to being infected again.A firewall is a continuous monitoring system that guards your website 24*7. A firewall, such as Astra protects your website against SQLi, XSS, LFI, RFI, Bad Bots, Spam & 100+ threats in real-time. Apart from OWASP’s top 10 threats found in websites, the firewall also protects against known CVE’s. It also detects visitor patterns on your website & automatically blocks hackers with malicious intent. Having a firewall can mean your website remains protected even when you are sleeping.
Related article – How to Remove “This site may be hacked” Warning message
Get Professional Help From Astra Web Security
Preventing malware infection is not always straight forward as hackers hide the bad coded using sophisticated obfuscation techniques. In case you are finding it difficult to prevent the malware or other cyberattacks infecting your site – we’re here to help you!
Astra Security is tailored for CMS(s) like WordPress, Magento, PrestaShop, OpenCart, Drupal and custom PHP. Our firewall stops SQLi, XSS, bad bots, brute force attacks and 100+ other coming threats to your website. With Astra’s on-demand malware scanner you can scan your website in just a matter of minutes, on a click of a button. Further, our ever-evolving malware scanner keeps getting more and more optimized with each scan.
Read Also: Google Showing Japanese Keywords For Your Website – Fixed
I have been exploring for a bit for any high-quality articles оr blog posts on this sort ᧐f ɑrea
. Exploring іn Yahoo I finaⅼly stumbled uon thuis site.
Reading tһis info So i’m satisfied tto exhibit tһat I һave ɑ very goօd
uncanny feeling Ι found out јust wһɑt І neeԁeԁ.
I such a lߋt defіnitely ԝill mаke certain to dоn?t putt out of yoսr mind thiѕ web site аnd providdes itt a glance regularly.
Thank you so much, Ernie
Keeр tһiѕ going please, grewt job!
Thanks
Hello, I’m asking for your expert opinion.
Is it normal that I still get a deceptive site warning even after I took the site offline and run it on a local server?
Thanks in advance, Mr. Naman Rastogi.
Jehan
Thank you this is exactly what I need to know
Thanks for your kind words!
This has absolutely fixed my issue within hours. The only reason I could see a violation was the http instead of https. Which was really strange because blogger has an automatic http redirect. I used the link above ‘Report incorrect phishing warning to Google’ and reinstated the blog post they deleted. Thanks to you guys.
You’re welcome 🙂