URL blocklisting has become a common occurrence these days, and it’s important that a savvy business owner does everything they can to avoid it.

If your site ends up on a URL blocklist, then you could see pretty big negative effects on your website traffic, and overall website performance.

Luckily for you, we have put together this article to give you some information you need to prevent your website from finding its way onto a URL blocklist, and removing it if it unfortunately does.

What Is a URL Blocklist?

The URL blocklist is a collection of web addresses put together by search engines that they think are suspicious or dangerous.

A blocklisted website won’t appear on a search engine’s results page, in order to protect their users from any potential malware or unsafe plugins.

Here is what a blocklisted site looks like in your browser:

An example of what you'll see in your browser when visiting a blocklisted site
An example of what you’ll see in your browser when visiting a blocklisted site

Although most of the websites put on the blocklists are indeed dangerous, it’s quite common for completely innocent websites to find themselves blocklisted.

Sometimes they don’t even know it’s happened, and only realize when their earnings start to take a hit or traffic completely drops off.

In fact, Google blocklists around 10,000 websites a day, so it’s easy to see how some good websites are bound to slip through the cracks.

To prevent this from happening to you, you need to make sure that your website security is tight enough to satisfy the search engines’ strict rules and regulations.

How Does URL Blocklisting Happen?

A URL can get blocklisted for a variety of different reasons.

It could be down to something completely innocent, or it could be a result of cutting corners on your website setup, and flagging your site up on Google’s radars.

Below you’ll find the main things that search engines look out for when they’re deciding which websites to blocklist.

Having even one of these problems associated with your website will likely mean that it will never show up for most searchers, or at least drop in the rankings.

1. Unsafe Plugins

Plugins are tools regularly used by site owners, webmasters, and web developers to add extra features to websites. They can be incredibly useful and can quickly transform an average webpage into something much more engaging for the user.

However, since plugins can be developed and released by anyone, it can be quite difficult to know which plugins are going to be safe to install on your website.

According to the data on known WordPress issues, almost 18% are WordPress plugin vulnerabilities:

Breakdown of WordPress vulnerabilities
Breakdown of WordPress vulnerabilities. (Source: wpwhitesecurity.com)

Unsafe plugins can be used to inject malware, and are generally used by hackers to easily gain access to your site.

It is often outdated plugins that are the most vulnerable to attacks. These plugins usually have far fewer layers of security and are much more vulnerable to hacks.

On one hand, plugins offer incredible functionality and benefits, but on the other, they can quite easily be taken over and used to malicious ends when WordPress maintenance is neglected.

2. Phishing Schemes

Phishing schemes have unfortunately become extremely popular in recent years. Over 60,000 phishing websites were reported in March 2020 alone.

An overview of phishing statistics. (Source: apwg.org)

Phishing is a type of digital attack used to gain access to a person’s personal information, such as their bank details, by tricking them into clicking on a misleading link.

Phishing attacks can have devastating effects on a victim.

Bank account hacks are fairly common results of a phishing scheme and in more serious cases, identity theft can also occur. It is for these reasons that search engines are cracking down on any site that might be harboring a phishing link.

The worst part is that many website owners aren’t aware that their website features phishing links – hackers often work to take control of a site before posting their malicious links on it. This can lead to heavy penalization from search engines.

3. Trojan Horses

In computing terms, a Trojan horse is a virus or piece of malware that is disguised as something innocent. Cybercriminals usually hide a malicious file inside a piece of software that then infects a computer when the software is downloaded.

A simple breakdown of how a trojan horse works
A simple breakdown of how a trojan horse works. (Source: imperva.com)

Trojan horses are similar to phishing schemes as they are specifically designed to trick someone into installing harmful software without them knowing about it.

As you’d expect, this process is frowned upon by search engines and is one of the biggest reasons why a URL suspected of having downloadable malware is instantly blocklisted.

Keeping your website free from Trojan horses is extremely important if you want to have any chance of ranking anywhere near the top of Google.

4. Defacement

A website defacement attack is where a hacker takes over the control of a website and replaces parts of the content with their own.

Usually, this is accomplished through the addition of phishing links, Trojan horses, and other potentially harmful malware.

An example of a website defacement attack
An example of a website defacement attack. (Source: securityboulevard.com)

Some hackers will be able to create content that looks nearly the same as your own, meaning your users and customers might not even notice anything has changed.

URL blocklisting aims to take these websites off search engines before anyone can fall victim to the defaced pages.

5. SEO Spam

The final thing search engines look out for is SEO spam. Somewhat ironically, overdoing SEO can have a negative impact on the ranking of a website.

An example of SEO spam in Google
An example of SEO spam in Google. (Source: Sucuri)

Negative SEO can come in all shapes and forms to halt your SEO progress. Things like DDos attacks, WordPress spam comments, and referrer spam in Google Analytics are all things to watch out for.

Another popular form of SEO spam is keyword stuffing. Search engines use the keywords from a user’s query to match up their search with the most relevant webpages.

Some site owners assume that if they pack lots of target keywords into all their pages, then they will show up more often in search engines.

Search engine providers, though, are very aware of this practice and can easily filter out any articles that have been stuffed with too many keywords

How to Check if Your Website Has Been Add to a URL Blocklist

As we’ve mentioned, the main problem with your website being blocklisted is that it can be quite difficult to notice when it happens.

There are various tools that can tell you whether or not your website has been blocklisted. They will also direct you towards the specific URLs that are causing the problems, which you can then deal with and delete as necessary.

Here are three methods for checking if your website has been blocklisted:

1. Google Search Console

One of the easiest ways to see if you have been blocklisted is to check Google Search Console (formerly known as Webmaster Tools):

How to view any security issues in Google Search Console
How to view any security issues in Google Search Console

If you haven’t yet verified your GSC account, go read this Google Search Console verification guide and then come back.

If your site has been unfortunately blocklisted, you’ll see it here:

An example of what you may see inside Google Search Console if your site (or a URL) is blocklisted
An example of what you may see inside Google Search Console if your site (or a URL) is blocklisted

2. Check Your Traffic Stats

It is also worth checking for any big drops in traffic inside your Google Analytics account. A sudden decrease in visitors can be a sign of being blocklisted.

An example of something no one wants to see in Google Analytics: a massive drop off in website traffic
An example of something no one wants to see in Google Analytics: a massive drop in website traffic

An early indicator that a website has been blocklisted will be its sudden and rapid drop in traffic.

A blocklisted website loses around 95% of its traffic, so you should be able to notice that. If you see something similar with your website analytics, then there’s definitely a problem worth investigating more.

3. Site Check Tools

If you want to test if your domain or IP is listed on anti-spam databases, you can also use dedicated site check tools.

Just run your site through Sitechecker and/or MxToolBox and check the results.

Run your site through these site checker tools
Run your site through these site checker tools

Between the two of them, these site check tools will:

  • Get an overview of your domain’s health status
  • Identify issues related to your domain name, mail server, web server, and DNS issues
  • Lookup if your domain or IP is marked as spam or blocklisted
  • Get a report with spam list databases

You should also check out this guide on how to block an IP address and this guide on dedicated IP addresses vs shared IP addresses to be extra careful.

How Being on the URL Blocklist Can Impact Your Business?

It’s pretty easy to see how such a large drop in traffic is going to negatively impact your business, growth, and bottom line.

It doesn’t matter which browser someone is using, whether it’s Chrome, Internet Explorer, or any other. A blocklisted URL won’t be showing up through any of them.

Being blocklisted is absolutely something that any website owner should avoid at all costs.

In the next section, we’ll go through a few tactics you can implement to ensure that your URLs never find their way into any URL blocklists.

How to Protect Your Site from Being Put on the Blocklist

The only real way to stay off the blocklist is to make sure there is nothing happening on your website that will attract any negative attention from Google. Unfortunately, sticking to the rules yourself isn’t always enough, since we know that hackers can take over sites and claim them as their own.

This means you have to think about a few different things if you want to follow effective WordPress SEO best practices and keep high traffic on your websites.

In short, you should:

  • Make sure your website is secure,
  • Build and develop your website safely in a safe manner,
  • Avoid risky ‘black hat’ practices as much as possible.

Thankfully, there are a few measures a website owner can take if they want to make sure that their website isn’t going to experience security issues.

Update, Update, Update

The first of these is to always keep your systems up to date, paying close attention to plugin and theme updates. Software updates fix security weaknesses so you always want to download them before hackers work out how to abuse these weaknesses for themselves.

Before implementing updates to your site, it’s always good practice to test them locally and/or in a staging environment.

Use Strong Passwords

Another more obvious security protocol is to always use strong passwords. Yes, we know you’ve heard this one before, but there are a surprising number of people that still use ‘pa55w0rd‘ as their security key for all of their accounts.

A strong password really can stop a hacker in their tracks and protect your server from infiltration.

Make sure to check out these password-related resources:

Avoid Letting Users Upload Files

Another recommendation is to avoid letting website users upload their own files as much as possible.

Although you may want to improve the user experience by uploading profile pictures and similar files to the site, this can be a big potential crack in the wall for people to exploit.

If you operate a site that requires users to upload files, we recommend working with a developer to add a malware scanning step into the file upload process.

Avoid Risky Practices

If you want to have the best chance of keeping your URLs well away from any blocklists, then you should try to avoid any risky practices.

In the SEO world, these are often known as ‘black hat’ processes.

Although these techniques can be effective in the short term, implementing them can easily have negative effects if not done properly.

What you should absolutely avoid, though, are things like keyword stuffing.

Keyword stuffing, hidden keywords, and articles that generally aren’t aligned with your brand/product/services will quickly flag your website up with Google. Google will then start to filter your URLs out of their searches and you’ll see your rankings drop dramatically.

If you stick to proper keyword research and learn how to drive traffic to your website, you’ll be on the safe side of things.

Now you know how to prevent your site or URLs from being blocklisted, let’s explore some of the things you can do to remove URLs from a blocklist.

How to Remove Your URL from Google Blocklist in 3 Steps

If you have identified that your site has been blocklisted by Google, we need to work on removing it. Here is a step-by-step guide to removing your website from the blocklist.

Step 1: Find the Infection

Open up Google Search Console and see why your website was blocklisted, it may be due to:

Whatever is causing the blocklist, once you’ve identified it, you can take the next steps to remove the issue.

Step 2: Clean the Infection

Once you know what is causing the infection, you can work on removing it. Here are some steps to start cleaning up site infections:

You might also find these resources helpful:

Step 3: Submit to Google for Review

Next you should submit your site for a malware review so Google can reassess your site. Follow these steps to submit your site for a review:

  1. Open up Google Search Console and go to the Security Issues Tab.
  2. Click “I have fixed these issues”.
  3. Now, select “Request a Review”.
  4. List the steps you have taken to remove the issues from your site. Be as detailed as you can here.
  5. Then click the Manual Actions section.

If you have multiple issues, repeat these steps until all have been resolved. Just keep in mind that Google can take up to a few days to review your website.

It might also be a good time to refresh your memory on how to submit your site to search engines.

Summary

It’s pretty clear to see that blocklisting can have detrimental effects on your website traffic and business.

Luckily, there are things you could do to reduce the chances of this happening, such as following web design best practices, SEO best practices, and investing in secure hosting.

Although there are always steps you can take against hackers and malware, sometimes you just get unlucky. This is why it’s always important to spot the signs of blocklisting as soon as possible and try to do something about it.

Matteo Duò Kinsta

Head of Content at Kinsta and Content Marketing Consultant for WordPress plugin developers. Connect with Matteo on Twitter.