Google quarantines around 10,000 suspicious websites every day and puts them on a "Google blacklist".
When a website is added to a blacklist it means that Google and different search engines and anti-virus companies are marking the website as not secure to visit.
There are several reasons why you would think that your site is a Google blacklist or URL blacklist. One, for example, is when you see your website traffic dropping rapidly. But it never hurts to check if your pages are still being indexed by Google.
Google uses specific algorithms and keeps updating the algorithms from time to time. If web crawlers label and categorize anything unsafe they will add the websites to the Google blacklist.
We have helped hundreds of website owners get their sites re-ranked and cleaned. In most cases, we see that websites are added to the Google blacklist when they are infected with malware.
So the first step to getting your site out of the Google blacklist is to clean the infected site.
You can recognize the sites added to the Google blacklist or URL blacklist by seeing the display message “This site may harm your computer” in search results.
This will serve as a warning that prompts most users to stay away. For this warning consumers are grateful but at the same time, the businesses or website owners panic.
There are different warnings to inform people about sites that are harmful, some of those are:
It's a real pain because one thing is to get your site hacked, spreading malware, but when the website is on a blacklist, it means, that malware has been on the site for some time.
Not only your website needs a cleanup but also your own and your visitor's computers.
When a website is on a blacklist, the search engine is expelling a site from their list. When a website is blacklisted, it loses almost 95% of its organic traffic, which can rapidly affect revenue.
Usually, a website gets into blacklist when it contains something harmful to the user, for example, malware.
If your website is on a Google blacklist, there are two primary approaches to recovering a hacked site:
Take a look at the video below, which will explain why and how websites end up in Google blacklist.
For many website owners, malware and other harmful scripts can stay on the website for a while. Most of the malicious programs are built to stay undetected and without the technical knowledge and with the "eye" to see the changes, it's hard to spot the differences.
We have contacted even schools, whose websites have been redirecting visitors for years to different malicious sites, and webmasters in schools can't spot the problem so it stays unresolved.
There are many scanners where you can scan your website to detect the vulnerabilities or possible malware on the site. Google is also giving a piece of good advice if you are suspecting that your website could be hacked.
Follow the steps below if:
If you’re still unsure if your site is actually hacked, or when you think the site was incorrectly flagged, start by registering your site in Search Console to do a google blacklist check.
If you’re unable to see hacked content on the URLs provided in Search Console, the hacked content might be using a technique known as cloaking.
Cloaking is a search engine optimization (SEO) technique in which the content presented to the search engine spider is different from that presented to the user's browser. This is done by delivering content based on the IP addresses or the User-Agent HTTP header of the user requesting the page.
So basically, the malware is hiding from being detected.
To check for cloaking, use the Hacked Sites Troubleshooter. The troubleshooter will walk you through a few tools like the
site: search operator and Fetch as Google that can help you uncover any cloaked content.
Now we will go over how to remove your site from Google Blacklist. If you wish to leave this to professionals, we are happy to help. You can contact Patchstack security engineers by writing to our support chat.
To get your site back in working condition the first thing you should do is head to Google Search Console. If you don't have an account yet, start by making an account.
When you have made an account you need to add a property. In other words, you need to add your site to Google Search Console.
You can do that by clicking on the dropdown menu in the left upper corner. In the example above you can see the little arrow next to samplesite.com.
When you click on the dropdown menu you will see an option with the text +Add Property. After clicking add property you will see a popup as seen below.
Then add the URL of your site you are doing the blacklist removal for. Add the site and click continue. Now Google will start to verify your site and then asks for you to verify ownership.
You can verify ownership of a site by uploading a special HTML file to your site. This will be seen as a popup after you have clicked verify. The file is usually put to the main folder where your website's index.php is.
Keep in mind that the file is tied to a specific user. If you need additional help you can follow the instructions on the verification details page.
Also, if you remove the verification file from your site, it will cause you to lose verification for the site as well.
Now it will either show you a green "ownership verified" notification or a red "Ownership verification failed" notification. When you see the red one as seen below, you will usually get the failure reason and can act accordingly.
Now when your site has been verified, you should go to your property and see what will it show. You should see a security issue warning on the screen. It looks like the screenshot below.
In the report, you can see Google giving conveniently a list of URLs it sees a problem with.
Now that you know which URLs are affected on your site, you can take action by cleaning the sites. There are two options.
The first one is to perform the malware removal yourself.
The second option is to turn to professionals and ask for manual malware removal from those who do it on a daily basis.
If you need to request a cleanup you can use Patchstack. The easiest way to do it is to create an account, add your website to your Patchstack account and contact our support.
We often see service providers that offer “daily malware removal”, “one-click malware removal” and similar services that seem to be working well for website owners because every time they do it, a report shows that the website is clean. And it seems to be good because it does it often.
Instead of throwing out the bad guys on a regular basis, maybe it’s time to make a real effort and instead of investing in a fancy bucket to throw water out of a sinking ship, invest in tools to keep the water out.
As you know, malware infection is the result of a problem. It does not make sense to focus on the consequences. As far as you don’t solve the problem, you will end up in a dead circle of infections and cleanups. So don't go for scanners and automatic malware removal, get a hands-on manual service to clean and secure your site for good.
You can contact Patchstack security engineers via firstname.lastname@example.org. We clean sites built on any CMS, for example, Joomla, Drupal, Magento, or WordPress.
If the site has been cleaned, check the box "I have fixed the issues" and click "Request a review" as seen on the screenshot above.
Then you will need to explain how you addressed the problem. You can write something like "I have cleaned the site from malware and changed passwords" and then request a review.
It will usually take a couple of days for Google to review the site and remove the warnings from your site.