How to Remove Google Phishing Warning- Includes a Review Request Template

With the Google Safe Browsing feature, Google maintains a list of suspicious websites that might be under attack by hackers. When users try to visit an unsafe site, they are met with a red screen displaying a warning message. Google phishing warning appears as “Deceptive site ahead” for sites that are suspected of phishing attacks.

Compromised sites also show warning in SERPs (Search Engine Result Pages) If your site also appears with such warnings, then it has been blacklisted by Google. You should act fast to remedy the situation because potential customers are being turned away by the Google phishing warning.

Google phishing warning
Google phishing warning

Related Article: How To Remove “Deceptive Site Ahead” Warning Message

What is Phishing?

Phishing is a type of social engineering attack that tricks online users into sharing personal information. Attackers masquerade as a trusted entity and ask for information. For Example: You might receive a mail that appears to be from your Bank wanting you to confirm your bank account number.

According to a study from Google about social engineering, some of the most effective phishing campaigns have a 45% success rate!

Your site could be used as a mask for phishing attacks. Hackers could use flaws in your website’s script to execute cross-site scripting attacks. These types of attacks are difficult to spot because the users are directed to a page that looks legitimate but the link to the pages are crafted. Such a flaw was used against PayPal in 2006.

Some phishing scams alter the address bar of the website. This is done either by masking the address bar with a picture of a legitimate URL over or by closing the bar that the link directs to and opening a new legitimate one.

Check out: Is my website under attack by phishers?

How to remove the Google phishing warning?

As long as your website is flagged, Google restricts visitor traffic to your site. It is important to address the issue as fast as possible to reduce its effect on your SEO rankings.

Finding the Cause with Google search console

The first step of damage control is finding the cause of the infection. So, the first step should be to look at the Google Search Console for anomalies and vulnerabilities. If your site has been blacklisted by Google, you will receive a message in your Google Search Console account.

  1. Set up your website with Google Search Console, if you haven’t already. Follow these steps to get your website on Search Console.
  2. Verify your site ownership. Remove any unauthorized users and their verification tags.
  3. Go to “Security Issues” in left panel. This lists the pages that are indexed by Google.

Removing the Infection

To remove the infection, you might have to remove certain files. Follow these steps to remove infections:

  1. Review the unfamiliar modifications on your website and remove them manually.
  2. If you have a good copy of the backup in store. Compare and delete the infected files and rewrite those codes from scratch.
  3. Disable rarely-used and rarely-updated plugins
  4. Clean the tables of the infected database manually.
  5. Check the addition of any unverified user. Remove them.
  6. Hackers always leave back doors in attacked sites. It is important that you patch all back doors and run a vulnerability assessment of your cleaned site.
  7. Finally, check if your site is functioning as you want it to.

If you are inept, get professionals to do the dirty work for you. Drop us a message now or chat with us now, and we will be happy to help you 😊

Requesting a Review

  1. Go to Google Search Console
  2. Click the “Security Issues” on the left panel
  3. Check the “I have fixed these issues” box and
  4. Request a review.

In order to submit a review, you will be required to give information about the remedial steps you took to remove the policy violation from your site. Our experts have designed a request a review template for your ease.

Google review helps make sure all the security concerns are tackled before the site comes online. The review will not take longer than 72 hours. If no infections are found, your website will soon reclaim its SEO rankings.

Google review request
Google review request

If your request wasn’t approved, reassess your site for infections or for any modifications by the hacker. Alternatively, you can chat with an Astra security expert for our experts’ advice.

Other blacklists

Google is not the only safe browsing warrior on the internet. However, many authorities find it more convenient and reliable to use Google’s API to add suspicious websites to their own blacklists. If your website is flagged by Google, it is quite possible that other blacklists have also added your site.

Related article: How To Remove “The Site Ahead Contains Harmful Programs” Warning

There are services available which help you look through such lists. Although there are so many such services, you can use MX Toolbox. It will check your website against multiple lists and gives you an organised output as shown below. You can then proceed to remove your website from the lists that are marked. Different lists have different procedures to remove your website.

MX toolbox scan for www.getstra.com
MX toolbox scan for www.getstra.com

Related article: How to Remove “This site may be hacked” Warning message

Preventing Future Disasters

You should also consider taking more steps to harden and protect your website. Follow the following steps to ensure the maximum safety of your website.

Updated CMS and Plug-ins

Always keep your CMS software and plug-ins up-to-date. Developers regularly release security patches for detected vulnerabilities. Removing unnecessary extensions and plug-ins could be a good security practice. Out of date extensions pose gateways for attackers.

It is advised to remove all rarely-used and rarely-updated extensions. More the number of extensions, more the number of potential gateways for malicious actors.

Schedule Malware Scan

Running a malware scan to ensure that the site is free from any content that the attackers might have left behind. Remove all infected files and patch all vulnerabilities. Astra provides complete 360° web security services. It has features like scheduled scans, access log reports, vulnerability analysis etc. You can also schedule regular scanning. This helps remove vulnerabilities before they come into notice by malicious actors.

Check out: How to scan a website for malware

Enable Web Application Firewall

Web application firewall(WAF) is an application layer security solution that monitors traffic coming to your server and takes necessary action to protect it from malicious actors. In simple words, a WAF filters all traffic coming to your portal. Astra firewall takes the headache of security away from the webmasters, so you can focus more on your business. Get an Astra demo now!

Join our Community Security Program

With Astra’s Community Security Program, you give white-hat hackers a safe and secure way to report any vulnerability that they find on your website. This will crowd-source your website’s security. Scores of bright minds will be working together to keep your website safe.

The vulnerabilities detected will be verified and validated by our team and only the valid ones will be sent to you. Our experts will also suggest the most efficient solution to the problem reported. This will ensure complete website protection.

Click here to be a part of Astra’s Community Security Program

Found this article helpful? Share with your friends on 👉 Facebook, Twitter & LinkedIn. If you have something to say about this article, let us know in the comment box below.

Was this post helpful?



Waiting to Get Hacked?

Get security tips & latest vulnerability fixes right in your inbox:

About The Author

Mahima Maheshwari

She is an Embedded Systems Engineer and a cybersecurity enthusiast. She spends most of her free time researching & reading. And loves to spread knowledge through blogs.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Close