Imagine that an internet user is searching for a website just like yours. Your SEO efforts have paid off — your site lands at the top of the search results, and the potential customer clicks the link, only to be met with a warning that there’s a “deceptive site ahead” or that “the site ahead contains malware.”

But you’re not trying to deceive anyone. Why would Google show a warning about your site?

While this message can be alarming, the good news is that website warnings like “deceptive site ahead” can be fixed. Keep reading to find out what these warnings mean and how to remove them from your website.

Check Out Our Video Guide to Fixing the “Deceptive Site Ahead” Warning

What Does “Deceptive Site Ahead” Mean?

Finding out your website has a warning is a shock. Your first reaction might be to assume there’s nothing wrong with your site. After all, you know that you didn’t put anything dangerous on it.

But someone else might have.

Deceptive content warning on a website, showing the text
Deceptive content warning on a website.

We’ve all read about cyber attacks on major corporations in the news, but it can happen to the little guys, too. In fact, 46% of data breaches happen to small businesses.

Common types of website hacks include URL injection, which is when a hacker creates spam pages on a site, and content injection, like adding keywords and gibberish text.

If you get one of Google’s warnings, it may indicate that you’ve been hacked. It’s also possible that you’ve set up your site in a way that Google doesn’t like.

Reasons for the warnings include:

To get the warning removed, you’ll have to resubmit your website to Google and ask to have it unflagged as dangerous or deceptive. Fortunately, this is a pretty simple process.

Don’t submit your site to Google until you’re sure the problem with your website has been solved (more on this later on).

Website Warning Messages and What They Mean

“Deceptive site ahead” isn’t the only warning Google attaches to websites. While the fix — resubmitting your site to Google — is the same for all of them, the meaning of each is slightly different.

Understanding what the warning means is the first step to fixing it. So let’s take a look at some of the most common ones.

“Deceptive Site Ahead”

This warning refers specifically to websites that might be phishing sites. For example, it could be a page designed to look like it belongs on your website but used to steal users’ personal information.

“Site Ahead Contains Malware”

This indicates that the website might try to install harmful software on a site visitor’s computer. The malware could potentially be embedded in your site in places like images, third-party components, or ads.

“Suspicious Site”

This is a general warning that Google has deemed a site suspicious and potentially unsafe.

“Site Ahead Contains Harmful Programs”

The harmful programs error warns that your website might try to trick visitors into installing programs that cause problems when they’re browsing online.

“This Page Is Trying to Load Scripts From Unauthenticated Sources”

Good news: if this is the warning Google has attached to your site, you probably haven’t been hacked. It usually means that your website is HTTPS but is trying to load scripts from HTTP sources.

“Did You Mean [Site Name]?”

Google shows this message to site visitors when it thinks they might be looking for a different site with a similar name. Hackers sometimes create sites that are just a letter or a hyphen away from a safe site to lure visitors into giving up their personal information.

The process for asking Google to review this problem is a bit different from the other warnings. If you or visitors to your site are getting a “Did you mean [site name]?” warning, Google asks that you contact them about it using this form.

“Fraudulent Website Warning” (Safari)

With 77.03% of the global desktop market share, Google Chrome may be the undisputed king among browsers, but it’s not the only game in town. Safari (8.87% market share) also shows website warnings, though with slightly different wording.

“Potential Security Risk Ahead” (Firefox)

Firefox, the third most popular browser with a 7.69% market share, has its own set of warnings.

Although Safari and Firefox might word their website warnings differently than Google, the causes — and the fixes — are the same.

How to Fix Website Warning Messages

Before you resubmit your site to Google for review, you need to make sure you’ve fixed any security issues.

Google Search Console (previously known as Webmaster Tools) is your best friend in this process. Through the Search Console, Google makes it easy for you to figure out what’s going on with your site — even if you don’t have a lot of technical expertise.

If you haven’t set up Google Search Console for your site yet, now’s a great time. It’s completely free, and it will help you monitor, manage, and improve your site long after the security warning is cleared.

1. View Your Security Issues Report on Google Search Console

Log into Google Search Console. If Google has found security problems, there’ll be a link to your Security Issues Report on the overview page.

Google Search Console showing 5 security issues detected.
Google Search Console showing security issues detected. (Image source: Search Engine Journal)

You can also access the report by going to Security & Manual Actions and then Security Issues in the sidebar.

There are several possible security issues that you might see in your report. Google categorizes the problems into three groups: hacked content, social engineering, and malware or unwanted software. Let’s take a quick look at each one.

Hacked Content

Hacked content is any content added to your website without your permission due to security vulnerabilities in the site. For example, a hacker might add spammy links to your web pages.

If you’ve been hacked, your Security Issues Report will show issues like:

  • Hacked: Malware
  • Hacked: Code injection
  • Hacked: Content injection
  • Hacked: URL injection

Social Engineering

Social engineering means that content on your site is trying to trick people into doing something dangerous. For example, the site might have deceptive forms to convince users to reveal confidential information.

Social engineering content issues on your report could include:

  • Deceptive pages
  • Deceptive embedded resources

Malware and Unwanted Software

This issue means you have applications or downloadable software on your website that can harm the user. The site owner or a hacker could have installed them.

Expect to see issues like:

  • Harmful downloads
  • Links to harmful downloads

No matter which issue you see on your report, you can click on it to get more information.

Google advises on how to solve the problem, but it can get pretty technical. For many of the issues, there are more straightforward, WordPress-friendly ways to fix your website and remove the warning.

2. Find and Remove Malicious Code on Your Website

At Kinsta, we have a malware security pledge. That means that if your website is hosted here, get in touch, and we’ll:

  • Perform a deep scan of your site’s files to identify malware
  • Repair the WordPress core by installing a clean copy of the core files
  • Identify and remove infected plugins and themes

If your WordPress site is hosted elsewhere, though, you can try restoring a previous, clean version of your site from a recent backup. Just remember that you’ll lose any changes you made since you backed up the website.

If you don’t have a backup or don’t want to lose your new content, there are several plugins and services that can help.

3. Make Sure SSL Certificate Is Properly Installed

SSL stands for Secure Sockets Layer. It’s a web security protocol that encrypts and authenticates data as it’s sent between two applications, like a browser and a web server.

Sometimes an improper SSL certificate installation can cause a browser warning message. You can check your installation with tools like SSL Checker.

If your website is hosted on Kinsta, it’s automatically protected by our Cloudflare integration, including free SSL certificates with wildcard support.

SSL Certificate installation window dialog through MyKinsta.
SSL Certificate installation through MyKinsta.

4. Redirect the Website From HTTP to HTTPS

Your SSL certificate enables HTTPS. Everyone should be using HTTPS — it’s more secure, better for SEO, and provides more accurate referral data.

Unfortunately, the process of migrating from HTTP to HTTPS can cause problems.

It’s important to redirect all of your HTTP traffic to HTTPS permanently. If you have an HTTPS site, but some content is loaded over a less secure HTTP connection, Google might attach a warning message to your site.

Kinsta clients can use our Force HTTPS tool to redirect HTTP traffic to HTTPS with a few clicks. For other hosts, the fix will depend on the server software being used.

There is a simple solution that uses a WordPress plugin to configure your website to run over HTTPS. After you’ve installed SSL, get the Really Simple SSL plugin.

That said, we don’t recommend that you use the plugin method permanently.

While they might be tempting as a quick solution, third-party plugins introduce an extra layer of risk. You can always use it as a stopgap while you work on solving the problem in another way.

How to Resubmit Your Site to Google

You’ve found your website’s security issue and cleaned up the site. Now what?

To resubmit your site to Google, you’re going to use — you guessed it — Google Search Console. Here’s how:

Step 1: Prepare Your Site for Submission

Double-check that you’ve removed the harmful content from your website. If you used a security scanner to find the malware, rerun it.

Submitting your site without fixing the problem will cause additional delays.

To review your website, Google has to be able to crawl it. Make sure you haven’t blocked Googlebot through noindex tags or any other method.

Finally, this may seem obvious, but it’s a mistake made before: if you brought your site offline to deal with the hack, make sure it’s live again so that Google can check it.

Step 2: Request a Review

Go back to your Google Search Console. On your Security Issues Report, click the Request Review button.

This will take you to a form that asks you to describe what you did to fix the problem. Write a sentence for each of the security issues detected.

For example, if you received the errors “Hacked: Content Injection” and “Harmful Downloads, “you could write:

For content injection, I removed the spammy content and fixed the vulnerability by updating my WordPress plugins. For harmful downloads, I replaced the third-party code that was distributing malware downloads on my website.

If your website has been flagged for phishing specifically, you can submit it for review through Google Search Console as described.

If you see the “Did you mean [site name]?” message, submit your site through this link, not the Search Console.

Step 3: Wait

How long it takes for Google to review your website depends on the type of security issue.

  • Hacked with spam: Several weeks
  • Malware: A few days
  • Phishing: About a day

If Google finds that your website is clean, the warning should be removed within 72 hours.

What if Your Site Doesn’t Pass the Review?

If Google determines that you haven’t solved the problem, the deceptive website warning will remain in place. Your Security Issues Report might start to display more sample infected URLs to help you track down the malicious content.

What About Warnings on Other Browsers?

If your website is also showing warnings on Safari or Firefox, don’t worry. You don’t have to go through a separate review process for each browser.

Firefox security risk warning message with the text
Firefox security risk warning message.

Firefox and Safari, as well as many other browsers, get their information from Google Safe Browsing lists, a set of frequently updated lists of unsafe web resources. (The exception is for users in Mainland China, where Safari may use lists from Tencent rather than Google.)

If you get your website cleared with Google, the warnings will also be removed from other browsers.

How to Prevent “Deceptive Site Ahead” Warnings

No website is 100% secure. Hackers develop new tricks all the time, and if you’re a website owner, there’s always a chance that you’ll be the next victim.

That said, the majority of cyber attacks can be prevented by following a few best practices.

Here are our top tips for keeping that bright red warning page from greeting visitors to your site.

Stay Up-to-Date

It’s essential that any software on your website, whether your core CMS program, plugins, or theme, is up-to-date.

Developers update software in response to new security threats, but your site is still vulnerable if you’re running an old version.

Pending WordPress site updates as seen in the WordPress Admin Dashboard.
Pending WordPress site updates.

A study found that 49% of hacked WordPress sites were running outdated versions of the CMS at the time of infection.

And don’t forget about your plugins. Plugins are a great feature of WordPress, but it’s easy to add a bunch and never think about them again.

Each plugin is a gateway for a hacker to gain access to your site. To be as safe as possible, update them all regularly, and avoid using nulled plugins.

Use a WordPress Security Plugin

There’s no shortage of plugins designed to enhance WordPress website security.

The problem is that many of them cause site performance issues. That’s why we’ve banned some of them from Kinsta sites.

If you’re hosted on Kinsta, our free hack fixes and the security features built into the MyKinsta dashboard mean that you don’t need third-party security tools.

But for site owners using other hosting services that might want to use a WordPress plugin, we recommend two in particular: Sucuri or Wordfence.

Monitor Google Search Console

Site owners using Google Search Console should get email warnings about security issues, but it can’t hurt to check in from time to time.

Plus, Search Console has many other features that help your site’s performance and search engine optimization. Keeping an eye on this tool can only make your website better.

Restrict Access

A surprising number of hackers gain access to your website in a simple way: They use your password.

Be careful about who has login credentials for your site. Ensure that everyone on your team is following best practices, like using a password manager, and that they understand how to avoid scams like phishing emails.

Choose a Secure Host

As a website owner, you can only do so much to ensure your site is safe. For server-level security, you need to find a host you can trust.

A few things your host can do to keep those warnings off of your site are:

Summary

It’s alarming to realize that Google has put a warning on your website, but it’s not hard to fix. Seeing the warning message can even be a helpful alert that something is wrong with your site.

The best way to keep an eye on your website is to set up Google Search Console and monitor it regularly. Deal with any problems as soon as they occur.

Even better, avoid security issues in the first place. Following the WordPress security best practices above will go a long way toward keeping your site safe and your incoming traffic flowing.

It all starts with a security-focused application, database, and managed WordPress host. Click to learn more about how Kinsta makes it easy to manage your projects.

Salman Ravoof

Salman Ravoof is a self-taught web developer, writer, creator, and a huge admirer of Free and Open Source Software (FOSS). Besides tech, he's excited by science, philosophy, photography, arts, cats, and food. Learn more about him on his website, and connect with Salman on Twitter.