URL blocklisting has become a common occurrence these days, and it’s important that a savvy business owner does everything they can to avoid it.
If your site ends up on a URL blocklist, then you could see pretty big negative effects on your website traffic, and overall website performance.
Luckily for you, we have put together this article to give you some information you need to prevent your website from finding its way onto a URL blocklist, and removing it if it unfortunately does.
What Is a URL Blocklist?
The URL blocklist is a collection of web addresses put together by search engines that they think are suspicious or dangerous.
A blocklisted website won’t appear on a search engine’s results page, in order to protect their users from any potential malware or unsafe plugins.
Here is what a blocklisted site looks like in your browser:
Although most of the websites put on the blocklists are indeed dangerous, it’s quite common for completely innocent websites to find themselves blocklisted.
Sometimes they don’t even know it’s happened, and only realize when their earnings start to take a hit or traffic completely drops off.
In fact, Google blocklists around 10,000 websites a day, so it’s easy to see how some good websites are bound to slip through the cracks.
To prevent this from happening to you, you need to make sure that your website security is tight enough to satisfy the search engines’ strict rules and regulations.
How Does URL Blocklisting Happen?
A URL can get blocklisted for a variety of different reasons.
It could be down to something completely innocent, or it could be a result of cutting corners on your website setup, and flagging your site up on Google’s radars.
Below you’ll find the main things that search engines look out for when they’re deciding which websites to blocklist.
Having even one of these problems associated with your website will likely mean that it will never show up for most searchers, or at least drop in the rankings.
1. Unsafe Plugins
Plugins are tools regularly used by site owners, webmasters, and web developers to add extra features to websites. They can be incredibly useful and can quickly transform an average webpage into something much more engaging for the user.
However, since plugins can be developed and released by anyone, it can be quite difficult to know which plugins are going to be safe to install on your website.
According to the data on known WordPress issues, almost 18% are WordPress plugin vulnerabilities:
It is often outdated plugins that are the most vulnerable to attacks. These plugins usually have far fewer layers of security and are much more vulnerable to hacks.
On one hand, plugins offer incredible functionality and benefits, but on the other, they can quite easily be taken over and used to malicious ends when WordPress maintenance is neglected.
2. Phishing Schemes
Phishing schemes have unfortunately become extremely popular in recent years. Over 60,000 phishing websites were reported in March 2020 alone.
Phishing is a type of digital attack used to gain access to a person’s personal information, such as their bank details, by tricking them into clicking on a misleading link.
Phishing attacks can have devastating effects on a victim.
Bank account hacks are fairly common results of a phishing scheme and in more serious cases, identity theft can also occur. It is for these reasons that search engines are cracking down on any site that might be harboring a phishing link.
The worst part is that many website owners aren’t aware that their website features phishing links – hackers often work to take control of a site before posting their malicious links on it. This can lead to heavy penalization from search engines.
3. Trojan Horses
In computing terms, a Trojan horse is a virus or piece of malware that is disguised as something innocent. Cybercriminals usually hide a malicious file inside a piece of software that then infects a computer when the software is downloaded.
Trojan horses are similar to phishing schemes as they are specifically designed to trick someone into installing harmful software without them knowing about it.
As you’d expect, this process is frowned upon by search engines and is one of the biggest reasons why a URL suspected of having downloadable malware is instantly blocklisted.
Keeping your website free from Trojan horses is extremely important if you want to have any chance of ranking anywhere near the top of Google.
A website defacement attack is where a hacker takes over the control of a website and replaces parts of the content with their own.
Usually, this is accomplished through the addition of phishing links, Trojan horses, and other potentially harmful malware.
Some hackers will be able to create content that looks nearly the same as your own, meaning your users and customers might not even notice anything has changed.
URL blocklisting aims to take these websites off search engines before anyone can fall victim to the defaced pages.
5. SEO Spam
The final thing search engines look out for is SEO spam. Somewhat ironically, overdoing SEO can have a negative impact on the ranking of a website.
Another popular form of SEO spam is keyword stuffing. Search engines use the keywords from a user’s query to match up their search with the most relevant webpages.
Some site owners assume that if they pack lots of target keywords into all their pages, then they will show up more often in search engines.
Search engine providers, though, are very aware of this practice and can easily filter out any articles that have been stuffed with too many keywords
How to Check if Your Website Has Been Add to a URL Blocklist
As we’ve mentioned, the main problem with your website being blocklisted is that it can be quite difficult to notice when it happens.
There are various tools that can tell you whether or not your website has been blocklisted. They will also direct you towards the specific URLs that are causing the problems, which you can then deal with and delete as necessary.
Here are three methods for checking if your website has been blocklisted:
1. Google Search Console
One of the easiest ways to see if you have been blocklisted is to check Google Search Console (formerly known as Webmaster Tools):
If you haven’t yet verified your GSC account, go read this Google Search Console verification guide and then come back.
If your site has been unfortunately blocklisted, you’ll see it here:
2. Check Your Traffic Stats
It is also worth checking for any big drops in traffic inside your Google Analytics account. A sudden decrease in visitors can be a sign of being blocklisted.
An early indicator that a website has been blocklisted will be its sudden and rapid drop in traffic.
A blocklisted website loses around 95% of its traffic, so you should be able to notice that. If you see something similar with your website analytics, then there’s definitely a problem worth investigating more.
3. Site Check Tools
Between the two of them, these site check tools will:
- Get an overview of your domain’s health status
- Identify issues related to your domain name, mail server, web server, and DNS issues
- Lookup if your domain or IP is marked as spam or blocklisted
- Get a report with spam list databases
How Being on the URL Blocklist Can Impact Your Business?
It’s pretty easy to see how such a large drop in traffic is going to negatively impact your business, growth, and bottom line.
It doesn’t matter which browser someone is using, whether it’s Chrome, Internet Explorer, or any other. A blocklisted URL won’t be showing up through any of them.
Being blocklisted is absolutely something that any website owner should avoid at all costs.
In the next section, we’ll go through a few tactics you can implement to ensure that your URLs never find their way into any URL blocklists.
How to Protect Your Site from Being Put on the Blocklist
The only real way to stay off the blocklist is to make sure there is nothing happening on your website that will attract any negative attention from Google. Unfortunately, sticking to the rules yourself isn’t always enough, since we know that hackers can take over sites and claim them as their own.
This means you have to think about a few different things if you want to follow effective WordPress SEO best practices and keep high traffic on your websites.
Worried about malware on your WordPress site? All Kinsta plans come with free malware scanning and cleanups. Check out our plans.
In short, you should:
- Make sure your website is secure,
- Build and develop your website safely in a safe manner,
- Avoid risky ‘black hat’ practices as much as possible.
Thankfully, there are a few measures a website owner can take if they want to make sure that their website isn’t going to experience security issues.
Update, Update, Update
The first of these is to always keep your systems up to date, paying close attention to plugin and theme updates. Software updates fix security weaknesses so you always want to download them before hackers work out how to abuse these weaknesses for themselves.
Use Strong Passwords
Another more obvious security protocol is to always use strong passwords. Yes, we know you’ve heard this one before, but there are a surprising number of people that still use ‘pa55w0rd‘ as their security key for all of their accounts.
A strong password really can stop a hacker in their tracks and protect your server from infiltration.
Make sure to check out these password-related resources:
Avoid Letting Users Upload Files
Another recommendation is to avoid letting website users upload their own files as much as possible.
Although you may want to improve the user experience by uploading profile pictures and similar files to the site, this can be a big potential crack in the wall for people to exploit.
If you operate a site that requires users to upload files, we recommend working with a developer to add a malware scanning step into the file upload process.
Avoid Risky Practices
If you want to have the best chance of keeping your URLs well away from any blocklists, then you should try to avoid any risky practices.
In the SEO world, these are often known as ‘black hat’ processes.
Although these techniques can be effective in the short term, implementing them can easily have negative effects if not done properly.
What you should absolutely avoid, though, are things like keyword stuffing.
Keyword stuffing, hidden keywords, and articles that generally aren’t aligned with your brand/product/services will quickly flag your website up with Google. Google will then start to filter your URLs out of their searches and you’ll see your rankings drop dramatically.
Now you know how to prevent your site or URLs from being blocklisted, let’s explore some of the things you can do to remove URLs from a blocklist.
How to Remove Your URL from Google Blocklist in 3 Steps
If you have identified that your site has been blocklisted by Google, we need to work on removing it. Here is a step-by-step guide to removing your website from the blocklist.
Step 1: Find the Infection
Open up Google Search Console and see why your website was blocklisted, it may be due to:
- SQL injection
- Spam links
Whatever is causing the blocklist, once you’ve identified it, you can take the next steps to remove the issue.
Step 2: Clean the Infection
Once you know what is causing the infection, you can work on removing it. Here are some steps to start cleaning up site infections:
- Review any unfamiliar modifications to your website and manually remove them.
- Disable any obsolete plugins.
- Check if new admin users have been added. Remove manually if so, and reset all passwords and usernames.
- Manually clean up tables in infected databases.
- Set up two-factor authentication for all your users.
- Check for any unverified users and remove those who shouldn’t be there.
You might also find these resources helpful:
- How WordPress Malware Removal Works
- How to Fix “The site ahead contains malware” Error on WordPress
- WordPress Hacked: What to Do When Your Site Is in Trouble
- 16 Best WordPress Security Plugins to Lock out the Bad Guys
Step 3: Submit to Google for Review
Next you should submit your site for a malware review so Google can reassess your site. Follow these steps to submit your site for a review:
- Open up Google Search Console and go to the Security Issues Tab.
- Click “I have fixed these issues”.
- Now, select “Request a Review”.
- List the steps you have taken to remove the issues from your site. Be as detailed as you can here.
- Then click the Manual Actions section.
If you have multiple issues, repeat these steps until all have been resolved. Just keep in mind that Google can take up to a few days to review your website.
It might also be a good time to refresh your memory on how to submit your site to search engines.
It’s pretty clear to see that blocklisting can have detrimental effects on your website traffic and business.
Although there are always steps you can take against hackers and malware, sometimes you just get unlucky. This is why it’s always important to spot the signs of blocklisting as soon as possible and try to do something about it.
Save time, costs and maximize site performance with:
- Instant help from WordPress hosting experts, 24/7.
- Cloudflare Enterprise integration.
- Global audience reach with 34 data centers worldwide.
- Optimization with our built-in Application Performance Monitoring.