How To Fix “Deceptive Site Ahead” Warning in Website

How To Fix “Deceptive Site Ahead” Warning in Website

When opening a website in Google Chrome, the last thing anyone wants to see is the “deceptive site ahead” error. This message indicates that the web browser considers the website unsafe to open due to security concerns, discouraging visitors from visiting it.

If you see this warning message on your website, you should fix it as soon as possible. Aside from jeopardizing the security of your data, having Google flag your site will significantly harm its SEO and traffic volume, as well as potentially negatively impact it in other ways.

What Is the “Deceptive Site Ahead” Warning?

“Deceptive site ahead” is a Google Chrome warning message that appears when a site is deemed unsafe. Its appearance indicates that Google has blocked access to a malicious website due to security concerns.

How to fix Deceptive Site Ahead Post - 24x7servermanagement

Reasons for Deceptive Site Ahead Warning Message on your Website

Usually, this warning is showcased due to an unauthorized user (hacker) intervention, malware infection in a website, or security misconfiguration. Besides these, a wide range of other reasons can also result in a Google warning message. Some of these reasons can include:

  • Hosting phishing pages on your website-knowingly or unknowingly.
  • Website frontend is infected with malware which leads to redirection to a spammy site.
  • A website having some hidden backdoor code or script written on it, which is badly interpreted by Google.
  • A website may be prone to malicious backlinking or even stealing sensitive user information.
  • There is a possibility of credit card stealing malware residing on a website (for example on the payment checkout page). These are meant to steal credit card data and send it to malicious intruders.


Fixing the Deceptive Site Ahead Warning Message by Google

The deceptive site ahead warning simply indicates that attackers have compromised your site and are most likely using it for Phishing. This means that visiting users are being served fake pages that trick them into disclosing their credentials, credit card information, and other vital information. This is then sent to the attackers’ shady servers.

Step1: Find the Cause of Infection

The first and most important step towards fixing the deceptive site ahead warning is to locate the infection. It could be present in a single page, file, folder, or the entire website.

To identify the hack, you can take a number of steps to find that as mentioned below:

1.1. Using Manual Search

While a manual search is not the best method for malware detection because it requires expertise and prior knowledge to detect malware, it can be a good starting point if you know your website inside and out.

To start with,

  • Visit your website from another device by ignoring the warning.
  • Now, view the source of your site by right-clicking outside any element and selecting the View page source option. This will open the source code of your page in a new tab.
  • Here look for any suspicious third-party javascript files, iFrames, HTML tags, or other fishy-looking elements loading on that page. Note them down.
  • Now open the file manager of your server and view the source code of those files for malicious code.

During the manual search, some other resources that you need to check for fixing deceptive site ahead warning are:

  • Any new themes or plugins you recently installed.
  • Unknown web admins in the dashboard.
  • New admins or users in the database.
  • New files with unique names or base64 encoded characters.

To check for recently modified files, say 30 days old, log in to your server via SSH and run the following command:

find . -type f -mtime 30

Here, change the value from 30 to as per the number of days of your choice. A word of caution here, some files are automatically modified by the system so be sure to double verify for malware in such files before removing them.

1.2. Using Malware Scanners

Astra Security Free Scanner

A number of free online tools and malware scanner plugins are available that you can use to find the infected pages on your website, all at once. This is also the quickest way to detect all infected pages & files on your website. Astra Security’s malware scanner is one of the finest in the market.

Astra Security - Example

It detects the tiniest changes in your files and even lets you review them in its ‘View File Difference’ interface.

Astra Security - View File Difference

These malware scanners detect malware infections by scanning your publicly available files and source code. The results of this scanner are somewhat limited as compared to the paid ones. However, it still helps you identify if you’re hacked or not.

Just enter your website in the widget and scan your website for 140+ security tests. It can even detect Google blacklisting apart from detecting your pages infected with malware, SEO spam, etc.

1.3. Using Google Search Console

Google Search Console: Security Issues

Google search console is a great help for locating infected pages on your site. In the ‘Security Issues’ section of Google Search Console, Google lists the security issues it has found with your website.

For this, you need to claim ownership of your website. This basically means that you need to prove to Google that you own this website. This can be done in multiple ways i.e. HTML tags, meta tags, etc.

Please note that in case of a hack there is always a possibility that attackers have already seized your website’s search console as well. So, to check and remove such unauthorized users, visit the property owner management page in your Google search console dashboard.

Finally, make sure to take a backup of your website before proceeding with the cleanup as it will restore your website in case something goes wrong.

Step 2: Clean the Website

Now that you have identified the infected files or hacked resources the next steps for fixing deceptive site ahead warning are:

  • Delete the malicious code in infected files. If you are unsure of what the code does, comment it out and get help from experts.
  • For code obfuscated using base64 encoding, use online resources to decode it and see what it does.
  • Remove suspicious users from the database as well as the dashboard and change passwords to each one of them to a secure and random string.
  • Delete any buggy or null plugins, themes, etc, and make sure to delete their files as well. There are plenty of alternatives available to them today that you can choose from if the plugin/theme adds important functionality to your website.
  • If any suspicious users are found in the property owner management page of your Google search console dashboard, remove them. Also, delete all meta tags and HTML files that were used to verify the ownership by unauthorized users.
  • Finally, alert the users to reset their credentials as phishing pages would have sent them to attackers.

Step 3: Submit Site for Review

The last step in fixing a deceptive site ahead warning message is to submit the website to Google for a review. However, before doing so, make sure you have double-checked your website for backdoors or malware.

If all is spick and span, submit the site for review using these steps:

  1. Login to your Google Search Console.
  2. Click and open the Security Issues report section and select I have fixed these issues.
  3. Thereafter, click on the Request a review. Here, tell in detail the steps you took in fixing the warning. You can also use custom templates provided by some sites.
  4. Finally, click Submit Request and in case there are multiple issues, repeat the process for each.
  5. When done with all, sit back and wait as this can take a few hours for Google to review your request.

If all is okay with your website, Google will lift the blacklisting and de-indexation of your pages. It can take a few days for your web pages to get re-indexed to regain their rankings entirely.

Leave a Reply

Your email address will not be published. Required fields are marked *