What is Google Safe Browsing?
Google just got stricter with its safe browsing policies. It will brand malicious sites as ‘deceptive’ and won’t entertain reviews to ‘unclean sites’ for 30 days!
This is a big deal for the average WordPress website owner who is the victim of hackers. Cleaning a hacked WordPress site is both time consuming and expensive depending on the severity of the hack, and sometimes even the most conscientious malware removal can miss things. When this happens the first time, you can request that Google “review” the site and give you it’s blessing that the site is now “clean” and free of malware and unwanted software.
If you missed something during your malware cleanup, and the malware returns, your site will be marked as unsafe for 30 days after which point, you can request a new site review. This basically sucks for small business owners who will suffer both loss of web traffic and Google search results ranking for 30 days or more. This also tasks malware removal companies with a great responsibility as many have been more cavalier about their malware removal approaches by offering to clean the site for free if the malware returns. This is no longer good enough. They really need to make sure it is gone and gone for good! Free site cleaning is not going to give you back your 30 days of lost web traffic.
When Google marks your site as unsafe, one of the following things may happen depending on the type of offense Google finds your site guilty of:
1 – On the Search Engine Results page, searchers will see the message “This site may be hacked” beneath the URL. In this case, Google says:
You’ll see the message “This site may be hacked” when we believe a hacker might have changed some of the existing pages on the site or added new spam pages. If you visit the site, you could be redirected to spam or malware.
2 – The other message that may show on the Search Engine Results page is: “This site may harm your computer” beneath the URL. In this case, Google says:
You’ll see the message “This site may harm your computer” beneath the site URL when we think the site you’re about to visit might allow programs to install malicious software on your computer.
If this is the case, when clicking the link, the user will see a screen something like this:
The site is blacklisted by Google. To see a full list of types of blacklist status, read What is Google Blacklist at Sucuri.
Who is subject to the 30-day Google Site Review ban?
According to the Google Security Blog, not all hacked sites will be subject to the site review ban:
Please note that websites that are hacked will not be classified as Repeat Offenders; only sites that purposefully post harmful content will be subject to the policy.
How do you know if your site is a repeat offender?
According to the Google Security Blog:
When a site is established as a Repeat Offender, the webmaster will be notified via email to their registered Search Console email address.
To sign up for Google Search Console, see Submitting Your WordPress Site to Google Search Console.
Removing the Google malware message from your site
The “This site may harm your computer” notice won’t be removed until the webmaster of the site takes action. Visit this page for details on now to remove malware notice from your site: https://developers.google.com/webmasters/hacked/ and https://sucuri.net/guides/how-to-remove-google-blacklist-warning.php
These steps include:
- Register and verify your site in Google’s Search Console. (See my post on how to register with Google Search Console using the Yoast SEO plugin.)
- Sign in to Search Console and check the “Security Issues” section to see details of sample URLs that might be infected.
- Clean the infection from your site (see 10 Steps to Remove Malware from Your WordPress Site).
- Request a review in the Security Issues section in Search Console when your entire website is clean and secure. After we determine your site is fixed, we’ll remove the “This site may harm your computer” notification.