So, after months of work designing your website, publishing content, and SEO work, your site finally gets to the first page of Google. But what’s that? When users click on the link and open your website, they get the “Deceptive Site Ahead” warning splattered all over their web browser. Months of hard work, dedication, and resources are flushed down the toilet because Google blacklisted your website. That is a nightmare scenario no website owner wants to experience.
Unfortunately, it can happen to anyone. All it takes is one little miss-click or a cut corner to get your website blacklisted. And if you got hacked, there’s no telling what the hackers are capable of doing to your beloved project.
In this article, we’ll go on a deep dive into this issue. We discuss what this message means, why you’re getting it, how to fix it – and much more.
What Does Deceptive Site Ahead Google Warning Mean?
When Google detects suspicious activity or a virus on your website, it flags it as deceptive. That is why you’re getting the dreaded “deceptive site ahead” message.
This message notifies visitors your website is unsafe. It also warns them they shouldn’t share any personal or financial info on the website.
Google adds every site flagged this way onto the blacklist. This blacklist has domain names of every website that’s either:
- Infected with malware
- Promotes adult content
- Promotes gambling
- Has deceptive ads
In most cases, hackers use malware to hijack your website and use it for phishing or promoting adult content. What’s more, the malicious code on your website can also infect the computers of your visitors.
While this might seem like an absolute nightmare, you can fix it. Google gives you the ability to scan your WordPress website, locate the virus, and delete it.
However, getting rid of malicious code is only a part of the problem here. Even with it gone, your website is still flagged as “deceptive.”
Thankfully, you can always request Google to review your website – and take it down from the blacklist.
The most important thing to remember when dealing with this type of problem is to remain calm. While this warning may affect your reputation, it’s nothing that you can’t remedy with time and transparency with your customers.
Reasons Why You’re Getting The “Deceptive Site Ahead” Warning
Now that you know what this warning means, let’s discuss why you’re getting it.
There are two reasons why you’re getting the “deceptive site ahead” warning when visiting your website. Those are phishing and malware.
Let’s go into a bit more detail.
Phishing
Phishing is among the oldest forms of hacking. Its goal is to trick the user into sharing sensitive information.
Phishing schemes can be set up in quite a few ways, like:
- The hackers create a legitimate-looking page to trick visitors into sharing personal information; the info they’re after can be anything from emails to bank credentials.
- Planting hidden code on the page that will infect visitors with key loggers. These malicious programs will detect everything the user is typing and send it to the hacker.
- Fake malware scan pop-ups. Each day thousands of fake virus scan pages pop up. They promote fake call centers that use social engineering to scam you out of your money.
Malware
Malicious software – or just malware for short – is another reason why Google marks websites as deceptive.
Malware is the main reason why websites get flagged as deceptive by Google. That is why you should scan your website for viruses at least once a week. If you omit this maintenance task, it’s only a matter of time before your website gets infected. You can always contact Meshnetics support and we will clean and secure your WordPress website from any malware infection.
Malware is usually inserted into a website in a couple of ways:
XSS Attack
A cross-site scripting attack – or XSS attack for short – is a method used by hackers to insert a malicious link into your website. This link will download malware to visitor computers when they open the infected page.
There are many WordPress plugins and themes vulnerable to this type of attack.
XXS attacks are common and can be pretty dangerous when combined with other vulnerabilities your website might have.
SQLi
SQL injection attack targets your database. The hacker will use this attack to add, change, or delete records in your WordPress database.
In most cases, the attacker will inject malicious code into your database. And that code can do anything from messing with the database to infecting visitor computers with a virus.
Malvertising
If your website is full of random pop-ups or redirecting ads, Google will see this as malicious behavior and blacklist your website. That’s because most websites that have lots of banners, pop-ups, and redirects usually spread malware.
Outdated SSL Certificate
Another reason why you’re getting a “deceptive site ahead” message is because your SSL certificate expired. Google made it mandatory for every website to have a valid SSL certificate.
Other Reasons for Deceptive Site Ahead Message
Having a valid SSL certificate is not enough to avoid getting flagged. Google also flags websites that only run on HTTP. That is why you must redirect your WordPress website from HTTP to HTTPS.
Even if you have a few pages that run on HTTP, there’s still a chance your website will get flagged.
Different Warning Messages And What They Mean
Google generates more than one type of message. While the fix is the same for every kind of warning message, each has a slightly different meaning.
Understanding what warning you’re getting is key to fixing it. Here are different types of warning messages you might encounter:
Deceptive Site Ahead
This message refers explicitly to phishing websites. For instance, the website can be a single page designed to look like the Facebook login page. When you type in your login info, you will get redirected to real Facebook – but the hackers will have your information.
Suspicious Site
Google monitors your site’s behavior, and if it detects suspicious activity, it flags it. “Suspicious behavior” can be anything from promoting scams to phishing schemes.
Site Ahead Contains Harmful Programs
If you’re getting this warning, it means Google detected download links to harmful programs.
This Page Is Trying TO Load Scripts From Unauthenticated Sources
That’s the best warning you can get. Why?
Because it means your website wasn’t hacked.
Instead, it means your website is running on HTTPS but is loading scripts from an HTTP source.
Did You Mean [Website]
If you get that message, it essentially means your domain name is too similar to another one. The thing is, hackers usually buy domain names that are slightly different from the website they’re spoofing.
The only way to remove this message is to contact Google. You can do this by filling out this form.
How Does The Deceptive Site Ahead Warning Impact Your WordPress Website
Getting your website flagged by a “deceptive site ahead” warning can have some pretty severe consequences, including:
- Decreased traffic – The moment your website gets flagged, you’ll notice a drastic fall in traffic. Most people will click on the “go back to safety” option.
- Drastic fall in SEO ranking – Google penalizes flagged websites. That means your website’s rankings will go into free fall. Your website can fall from the first page to the fourth or fifth page of search results.
- Google will suspend all ads because of malware on your website
- You can get suspended by your host – If you don’t fix the problem soon, your host can ban your entire website. Thankfully, it’s not a permanent ban – it will get lifted after you’ve cleared your website.
If your WordPress website gets hacked, it won’t only deal damage to you but your visitors, too. Google goes through all this trouble of flagging websites to protect users from any harm.
How To Fix Deceptive Site Ahead Google Warning
Now that you know why your WordPress website is flagged by Google, it’s time to learn how to remove the “deceptive site ahead” warning from your website.
The fix involves three steps:
- Scanning and cleaning your WordPress website for malicious code (malware)
- Submitting your website to Google for a review
- Preventing future infection from occurring on your WordPress website
Scanning And Cleaning Your WordPress Website For Malware
The first step in getting rid of malicious code is finding the cause. So, let’s start from there.
Finding The Cause
While nothing is stopping you from finding and removing malware manually, it’s time-consuming and frustrating at times. That is why we recommend you use specialized tools.
You have a wide selection of security plugins to choose from when it comes to WordPress. These plugins help you protect your website from hacker attacks and malware infections – but you must install these plugins before you suffer an attack.
If you’re willing to go over files manually, here’s a list of files hackers commonly target:
- Index.php
- Theme files
- Header and footer files
- wp-content/uploads directory
- functions.php
- .htaccess
- Wp-config
You can also get a list of infected pages if you visit Google Search Console and open the Security Settings page.
Scanning Your WordPress Website For Malware
Going through thousands of files manually looking for malicious code is time-consuming and tedious. Thankfully, there’s an easier way.
You can use one of many online virus-scanning tools.
One such tool is Sitechek by Sucuri. While this tool won’t fix infected files, it will help you isolate infected files so that you can deal with them
There are also quite a few WordPress plugins that do the same thing. For instance, you can try out All In One WP Security & Firewall. While this WordPress security plugin does more than just scan for files, its ability to check which files have been tampered with will be of great help.
Removing Malware From Your WordPress Website
Once you’ve identified which files are infected with malware, it’s time to remove them. Here are the steps you should follow:
- Login to your website via SFTP or SSH
- Generate a backup of your site
- Select the infected files
- Restore infected files with clean copies
- Insert any custom code you’ve had before
- Check your website to see if it’s working properly
If you don’t have any experience working with SSH or SFTP, it may be for the best if you hire a service to do the malware cleanup for you.
Cleaning Your WordPress Database
Just because you’ve cleaned infected files from your website, it doesn’t mean you’re out of the woods yet. The next step is cleaning your database.
To do that, you need to access your WordPress database either by administration panel or by connecting to it.
Here’s how to clean your WordPress database:
- Login to the admin panel
- Generate a backup of the database
- Look for any suspicious content, such as spam links or suspicious usernames
- Open and delete tables with suspicious content
- Check your website to see if it’s working properly
You could also go over PHP code manually and look for suspicious functions – such as eval, base64_decode, preg_replace, and others.
Keep in mind that plugins also use these functions, though. That is why it’s imperative you test your website whenever you remove one of these functions.
Eliminating Backdoors
After you’ve dealt with the infection, it’s time to close down any backdoors hackers might’ve left on your WordPress website. If you leave any backdoors open, your website can get reinfected.
Backdoors usually include one of the PHP functions listed below:
- Base64
- Str_rot13
- gzuncompress
- Eval
- Exec
- Create_fuction
- System
- Assert
- Strpsplashes
- Preg_replace
- Move_uploaded_file
Please note that plugins also use these functions for legitimate purposes. So, before making any changes, make a backup of your website.
Removing Malware Warnings
Once you’ve removed malware and backdoors from your WordPress website, it’s time to deal with that pesky warning. If you’ve been suspended by your host, you should first clear that up.
And after you’ve done that, you can submit your website to Google for review.
Before applying for a review, there are a few more things you can do to improve your website’s security.
Obtaining An SSL Certificate
Getting a hold of an SSL certificate is pretty simple. Keep in mind that you will have to pay for it – but thankfully, SSL certificates are pretty cheap.
Once you acquire one, you still have to configure it before getting rid of the deceptive site ahead warnings
Change WordPress URL
You’ve probably had to switch it to HTTP to clean up your website. It’s time to change it back to HTTPS.
To change your WordPress URL, click on the Settings option in the admin dashboard and visit the General settings tab. You will find a whole slew of settings there, but you’ll be interested in WordPress Address (URL) and Site Address (URL) options.
You have to change both URLs from HTTP to HTTPS. Your URL should look something like this:
https://www.examplewebsite.com
You might wonder why WordPress has two fields for essentially the same thing. The WordPress Address field tells WP where it can find the main files of the website; the Site Address field tells WordPress where users can find your website.
In 99% of cases, these fields will be identical. However, you can also have WordPress core files stored in a different directory. That will change the WordPress Address field.
Even if that is the case with your website, all you have to do is change the HTTP in the address to HTTPS.
Implementing 301 Redirect Across The Whole Website
Changing your WordPress address is only half the work. Visitors can still access some portions of your website using HTTP. That happens because users might have saved your old URLs, or they’ve come from an external site.
You need to instruct WordPress to redirect all HTTP traffic to HTTPS to fix this. You will have to set up redirects for your whole site.
There are quite a few types of redirects – but you’ll need the 301 redirects for this problem.
This redirect is also known as a permanent redirect. It tells search engines like Google that your site has been moved to a new address.
You don’t have to set up this redirect manually, though. Some plugins do this in just a few clicks.
For instance, Really Simple SSL can do this for you in less than 10 minutes. The plugin will automatically look for an SSL certificate associated with your WordPress website and enable HTTPS.
Keep in mind that this plugin may not be compatible with your active theme or other plugins. If that’s the case, you could either look for an alternative or implement the 301 redirects manually. Doing this manually will take some time – but you won’t have to rely on third-party software.
Requesting A Review From Google – Deceptive Site Ahead
Once you’ve cleaned your website of malware and any vulnerabilities, it’s time to submit it to Google for review.
Here are the steps needed to do that:
Prepare Your Website For Submission
Before submitting your website for review, you need to double-check everything. Re-scan your website for malware and go over all other changes you’ve made.
If you submit your website without fixing all the problems, you are looking at further delays.
Google needs to crawl over your website to review it. That is why you should make sure you haven’t blocked the crawler via noindex tags.
Finally, if you’ve brought your website offline – make sure to get it online so that Google can crawl over it.
Request A Review From Google
Go to your Google Search Console, and on the Security Issues Report, choose the Request Review option.
The link will take you to the form that’ll ask you to describe everything you did to fix the problem. We recommend that you keep it clear and concise. Write a sentence for each security issue Google detected.
If your website was flagged for phishing, you could submit it for review by visiting this link. And if visitors get the “did you mean [website]” message, you’ll need to submit your website for review here.
Once you’ve requested a review, all that’s left to do is wait for a reply from Google.
How To Prevent Deceptive Site Ahead Message From Appearing On Your WordPress Website
So far, we’ve discussed what you need to do to get rid of any malware from your website. Now it’s time to learn what you can do to protect your website from getting infected or hacked in the future.
Here are some measures you may employ to prevent deceptive site ahead warning messages from appearing on your WordPress website.
Use Secure Hosting Services
If your hosting has robust security, your site will be safe from most types of attacks. That is why it’s imperative you get a hosting plan that includes strong security measures.
Of course, all software has some vulnerabilities. However, using a hosting plan with anti-hacking measures, a firewall, and a system like CageFS will make it challenging for hackers to exploit your website.
Generate Frequent Backups
Besides security, when looking for a hosting plan, make sure it also includes daily backups. That way, you’ll be able to restore your website to the state it was before the attack occurred.
You can also use plugins such as Updraft to generate locally stored plugins.
The point is, having multiple backups is always a wise move.
Keep Your Website Up To Date
To prevent any hacking attacks from occurring, it’s imperative you keep your WordPress and plugins up to date.
New vulnerabilities are getting discovered each day, and developers are issuing new security fixes with each new release.
Only Use Trusted Themes And Plugins
Never pirate themes and plugins. In most cases, they come with malware that will cause your site to get flagged by Google. We recommend looking for plugins using WordPress repositories or marketplaces such as CodeCanyon and ThemeForest.
Delete Inactive Themes and Plugins
The more code you have on your website, the more vulnerable it is to attack. It’s best you keep your WordPress as lean as possible.
Protect WordPress Login Screen
Another crucial thing you could do to improve your website’s security is to protect the WordPress login screen.
Using a strong password and username is not enough, though. You also have to:
- Change the URL to the WP login screen
- Set password protection o the wp-admin directory
- Use captcha
Conclusion – Deceptive Site Ahead in WordPress
In this post, you have learned what is Deceptive Site Ahead warning message in WordPress, and the best ways How to Fix it. If you still experiencing problems with this error, contact Meshnetics WordPress support and we will help you fix it in no time.
