site-may-be-compromised

How to Remove This Site May be Compromised Warning

Is your site displaying this site may be compromised warning? Continue reading this article on how to remove the message from Google’s search results.

More and more websites are being labeled with Google’s new message:

This site may be compromised

Here’s what a real example would look like in Google’s search results:

To protect the safety of our users, we show this warning message for search results that we believe may have been hacked or otherwise compromised.

What does it mean?

Compromised does not necessarily mean malware – it usually refers to indications that the site was hacked and spam is added.

When the site is labeled with “This site may be compromised” instead of “This site may harm your computer” it would indicate that Google noticed something that indicates the site may have been modified in some way without your permission.

When we believe a site may be hacked or compromised but have not detected malware, we display “This site may be compromised” as an alert.

Since they are referring to malicious files / malware, you would not see any warnings or flags inside Google WebMaster Tools. Therefore, looking through the SafeBrowsing report or the Malware tab won’t be of much help.

If a site has been hacked, it typically means that a third party has taken control of the site without the owner’s permission. Hackers may change the content of a page, add new links on a page, or add new pages to the site. The intent can include phishing (tricking users into sharing personal and credit card information) or spamming (violating search engine quality guidelines to rank pages more highly than they should rank)

How to Remove the Warning?

Here are the recommended steps:

1) Scan your site

Start with a few scans of your site. This may help narrow down where exactly the problem lies.

2) Investigate Server Directories

Start with your root directory on your server and investigate all directories one-by-one, navigating deep into all of them.

3) Identify Strange Files

Look within each folder / directory for any files that seem out of place. Look for any of the following:

  • files with long strings or weird characters in their name
  • files that are not packaged with a standard WP installation
  • files that contain any words such as base64 or eval strings (i.e., eval(base64_decode...)
  • be sure to scroll all the way down of each file for any code not immediately visible

4) Preventive Maintenance

If you found anything up to this point, you need to secure your server so that it does not happen again.

  • Make a backup of your server and site files.
  • If warranted, start over with a clean installation of WordPress, and then re-install your theme and database.
  • Eliminate shady plugins and ensure all of them are compatible with the latest version of WordPress.

Ensure you take measures to prevent your site being hacked again. It’s a time-consuming and costly process to have to do this all over again.

5) Submit Reconsideration Request

Finally, after you are certain that all spammy links, malware, or unsafe files have been removed from your server, you can now submit a reconsideration request.

Unfortunately, you will not get an immediate response, so don’t wait for it. Once submitted, Google will take its time to review your site again. Based on my experience, it takes at least a week, but could take 3 weeks. During this time, the warning will continue to be displayed in the search results.

There is noting further that you can do so there’s no need to bang your head any further. Hopefully, sooner rather than later, Google will automatically remove the message, and your site will be listed in all its safe glory again.

Charlie

Charlie Patel is a world traveler, WordPress geek, serial entrepreneur, & consultant to big-shots in the corporate world and on the web. Otherwise, he's just planning the next trip or in some far-away land. He runs WPsite.net (this awesome site!).

16 thoughts on “How to Remove This Site May be Compromised Warning

  1. A company I am working at, is facing this same thing as of now. My boss is furious and our site too is absolutely clean, even the server logs do not show anything unusual. I don’t know what to do about it.

    1. Did you do any of the scans recommended? All clean? If so, I would continue doing so as some malicious scripts self-remove themselves, and then re-appear. Therefore, a scan at one time will say nothing found, but then hours later will provide warning of malicious code. So keep scanning for a day or two at random intervals. Secondly, if you’re sure there are no corrupt files on your site, then make a backup of your site and replace the WP admin and includes directories with fresh ones (MAKE BACKUP FIRST JUST IN CASE). After that, you only need to dig into your wp-content directory to ensure nothing else has been missed.

      However, don’t expect the google warning message to disappear. It takes a few weeks.

  2. This is a malicious act on the part of Google. A site cannot be any better than the “system” which has international issue of hackers and viruses. Google has chosen to “act” when it seems that some users are complaining to them about scam, spam etc. Google simply “shuts you down.” It is a monopoly and a corrupt one at that.

  3. This is a malicious act on the part of Google. A site cannot be any better than the “system” which has international issue of hackers and viruses. Google has chosen to “act” when it seems that some users are complaining to them about scam, spam etc. Google simply “shuts you down.” It is a monopoly and a corrupt one at that.

  4. Wow thanks so much for this post! Google has had my site marked as compromised for the last few days, I thought it had to do with a caching plugin I was playing around with. I just ran the Sucuri scan and it found a bunch of junk, ended up being some stuff at the bottom of my footer file. I just deleted it and everything looks good now :)

    Now hopefully google will remove the warning soon! I wonder if I have to submit a reconsideration request or if the warning will automatically go away

    1. Hi Johnny – You’ll have to submit a reconsideration request. It could take up to a few weeks for that message to be cleared, but hopefully sooner. But definitely submit the request as soon as possible. Some people had it removed within a few days after cleaning their site.

  5. Thank you!

    Sucuri just helped me remove some seo spam injected in the header of one of my sites. I noticed in Google that the site came up with “this site may be compromised.” message but I could not find any malicious files. When I ran Sucuri it helped me locate the code in the header.

  6. Thanks so much for this information. It was only when I changed to Hostgator that their team discovered the malicious files for me. Have been through the whole google, webmaster, malware thing – shows all good, but still the line is there. It’s a pity Google’s service isn’t as good as Hostgator’s, they’re wonderful!
    Not sure how to do the Sucuri scan though, very new to all this but thanks again for this information,
    Cheers Deb

  7. Google’s rise to success was in large part due to a patented algorithm called PageRank that helps rank web pages that match a given search string. When Google was a Stanford research project, it was nicknamed BackRub because the technology checks backlinks to determine a site’s importance..;

    Ciao for now
    http://healthwellnesslab.com/

Leave a Reply

Your email address will not be published. Required fields are marked *