How to remove your web site from Google’s blacklist

Google’s “This site may harm your computer” may very well be every website owner’s most dreaded nightmare. When Google blocks your site you can say goodbye to any traffic you had and see your revenues go down drastically.

Whether you like it or not, Google traffic means everything:

Here I’m going to show you how to fix this issue and get your web site back in order. The process is fairly straightforward and if you follow these steps, you do not need to worry.


1) Assess the problem

The first thing you need to do is activate Google’s webmaster tools. If Google is flagging your site as malicious, then they ought to show you what the problem is, right? And that, they generally do.

Add your site to Google Webmaster Tools by clicking the “ADD A SITE” button.

Google will ask you to verify that you are the site’s owner:

Use FTP or CPanel to either upload that file or create it with exactly the same name and content.

Once this is done, navigate to Health-> Malware:

Here Google will tell you what it found and where. This includes a list of pages where bad code was found:


2) Remove the problem

The problem is malware or some other sort of malicious / spammy / phishy content.

Cleaning up a website can be a difficult task if you are not familiar with coding or security in general. However, you are not alone. There are entire communities out there where people can get help. I recommend in particular StopBadware and BadwareBusters.

If you just want the problem solved for you there are companies that specialize in website cleanups. Do a bit of research, read some reviews and pick the one you want. Obviously this is not free. Prices range from $60 to $399 for one website. The company I work for, SparkTrust does offer such a service. In fact, most website cleanups are sent over to me, so most likely you’d be dealing with me ­čśë If you are interested, you can sign up here.

Once your site has been cleaned up, secured and all passwords changed, you can breathe a little and get ready for the next step.


3) Restore your good standing with Google

On the screenshot seen above, you may have noticed a button called “Request a review“. Click on it and fill in the details in the next screen:

Then Google will print a message:

This does not mean your web site has been cleared yet! Unfortunately, you have to wait… again! Waiting times seem to vary quite a bit, but if nothing has changed after 48 hours, you will want to review the malware report again to make sure that all the bad stuff has been removed.

A quick note regarding the malware removal: it is advised to disinfect the files rather than┬ácompletely┬áremove┬áthem┬á(unless, of course, the files are entirely malicious). For example, it is common to see legitimate JavaScript files get injected with┬ámalicious┬ácontent. It makes it easier for Google to crawl those same files again and confirm that they have been cleaned. If the files have been removed, Google won’t be able to verify that.


4) Learn about the experience

Once Google has cleared your site, you may want to forget about the whole thing and hope it never happens again. You can do that… or take the time to review what just happened and how to prevent it in the future.

Review why your website was hacked. Was it because of a poor password, an infected PC that leaked your passwords, an out-of-date WordPress installation? Whichever it was, you can take this bad experience and learn a few things about security. See my security tips.

If you were helped by some people from the community, you may want to return the favor and use your own experience and what you’ve learned to pass it on to others. Malware is a global problem that can only be tackled by proper knowledge and education, not just software.


Jerome Segura

One comment

  1. Thanks for your guide and support! I am awaiting a review from Google now and also got a dude to help me cleaning up the files.


Leave a Reply

Your email address will not be published. Required fields are marked *