Is your site displaying this site may be compromised warning? Continue reading this article on how to remove the message from Google’s search results.
More and more websites are being labeled with Google’s new message:
This site may be compromised
Here’s what a real example would look like in Google’s search results:
To protect the safety of our users, we show this warning message for search results that we believe may have been hacked or otherwise compromised.
What does it mean?
Compromised does not necessarily mean malware – it usually refers to indications that the site was hacked and spam is added.
When the site is labeled with “This site may be compromised” instead of “This site may harm your computer” it would indicate that Google noticed something that indicates the site may have been modified in some way without your permission.
When we believe a site may be hacked or compromised but have not detected malware, we display “This site may be compromised” as an alert.
Since they are referring to malicious files / malware, you would not see any warnings or flags inside Google WebMaster Tools. Therefore, looking through the SafeBrowsing report or the Malware tab won’t be of much help.
If a site has been hacked, it typically means that a third party has taken control of the site without the owner’s permission. Hackers may change the content of a page, add new links on a page, or add new pages to the site. The intent can include phishing (tricking users into sharing personal and credit card information) or spamming (violating search engine quality guidelines to rank pages more highly than they should rank)
How to Remove the Warning?
Here are the recommended steps:
1) Scan your site
Start with a few scans of your site. This may help narrow down where exactly the problem lies.
- You can request a malware review in Webmaster Tools.
- You can do a test via Sucuri Scanner.
- You can also try my Unmask Parasites tool.
2) Investigate Server Directories
Start with your root directory on your server and investigate all directories one-by-one, navigating deep into all of them.
3) Identify Strange Files
Look within each folder / directory for any files that seem out of place. Look for any of the following:
- files with long strings or weird characters in their name
- files that are not packaged with a standard WP installation
- files that contain any words such as base64 or eval strings (i.e., eval(base64_decode...)
- be sure to scroll all the way down of each file for any code not immediately visible
4) Preventive Maintenance
If you found anything up to this point, you need to secure your server so that it does not happen again.
- Make a backup of your server and site files.
- If warranted, start over with a clean installation of WordPress, and then re-install your theme and database.
- Eliminate shady plugins and ensure all of them are compatible with the latest version of WordPress.
Ensure you take measures to prevent your site being hacked again. It’s a time-consuming and costly process to have to do this all over again.
5) Submit Reconsideration Request
Finally, after you are certain that all spammy links, malware, or unsafe files have been removed from your server, you can now submit a reconsideration request.
Unfortunately, you will not get an immediate response, so don’t wait for it. Once submitted, Google will take its time to review your site again. Based on my experience, it takes at least a week, but could take 3 weeks. During this time, the warning will continue to be displayed in the search results.
There is noting further that you can do so there’s no need to bang your head any further. Hopefully, sooner rather than later, Google will automatically remove the message, and your site will be listed in all its safe glory again.