How to Fix the Google Blacklist Warning Page

Has your site been blacklisted by Google? Here is how to fix and remove the Google blacklist warning page.

That sickening feeling when you realise that you are a victim of having your business website hacked is further compounded when Google blacklists your website.

To make things worse you are the one looking after your WordPress site care so you know you are going to have to take time out of your business to get it sorted and quickly before you start losing customer trust and brand loyalty!

Google finds and reports thousands of malware-infected websites every day and makes them available through a blacklist API.

Most of the popular web browsers use this API to quickly check the site you are trying to navigate to isn’t on the blacklist.

However, if the site you are trying to open is found on the Google API blacklist, the browser will show a warning page, giving users a chance to navigate away, rather than become additional victims.

Browser Malware Screens

Each browser will respond with a different screen when detecting a blacklisted site.

Browser Phishing Screens

If Google has detected that a site is trying to scam or phish details, browsers will display a slightly different warning screen.

Fixing and Removing the Google Blacklist Screen

To get your website off the Google blacklist, you must of course get rid of the malware or phishing code fro your site.

If you have a WordPress website, we recommend doing the following steps:

  • Copy your entire site and database to your local machine, quarantine them in a separate drive if possible, if you want to try and fix it.
  • Or, download a backup of your site that you are 100% sure is not infected, to your local machine.
  • Wipe your web hosting space entirely! Delete all files and databases.
  • Change all your web hosting passwords; cPanel, FTP, email, database users.
  • On your local machine, scan your database SQL file for any malware signatures.
  • Reupload the clean database SQL to your hosting space using PHPMyAdmin.
  • Reinstall WordPress to the hosting space using a download directly from WordPress.org.
  • Download all your plugins from their source websites to a separate folder on your local machine, then upload them to the wp-content/plugins folder of your hosting space.
  • Download the theme you were using from the source website and upload it to the web space in the wp-content/themes folder.

Following the steps above will get your WordPress website back up running, malware and phishing free.

It gets a bit more complicated if you have a child theme that you have made file changes to. You will have to scan through the code looking for any issue before uploading it to the hosting space.

Google Search Console

Once your site is clean and operational again the final step is to let Google know.

You can do this from the Google Search Console (formally Webmaster Toools).

If you don’t already have an account, go ahead now and go through the guided steps to add and verify your site.

Request a Security Review

When your verified site has been added, in the Google Search Console, navigate to the Security Issues tab.

Security & Manual Actions
  • Review the issues to confirm all have been cleaned.
  • Check the box to confirm “I have fixed these issues”.
  • Click Request a Review.
  • Fill in the information with as much detail as possible about what was cleaned.

The last step is super critical and the more information you can supply about how you cleaned the site, the faster Google will remove your site from the blacklist.

A couple of paragraphs outlining the steps you have taken will be sufficient to show Google that you took the issue seriously.

Here’s a sample of what you could write:

Upon finding out my site was infected I have taken the following steps to clean and restore the site.

  1. All files were removed from the web host.
  2. All databases were dropped.
  3. Passwords for all cPanel services have been changed.
  4. WordPress core files were downloaded from wordpress.org and uploaded to the site afresh.
  5. All plugins and themes have been downloaded from their original source sites and reuploaded.
  6. The database has been scanned for malware and malicious content and reuploaded.
  7. A security plugin called Wordfence has been installed to constantly scan for and block malware on the site.

Please, can you review the site and remove it from the blacklist.

Once you have submitted the request for review, the only thing you can do is sit back and wait.

I have found that Google generally responds within 48 hours, hopefully unblocking the site or asking for additional information.

Other Blacklist Sites

Google is not the only company that maintains blacklisted sites.

If you have gone through the Google review and had them delist your site from their blacklist but you get reports from your customers saying the site is still blocked, have a look at the following blacklist authorities:

  • McAfee SiteAdvisor
  • Bing Blacklist
  • Yandex Blacklist
  • Norton SafeWeb
  • PhishTank
  • Spamhaus
  • BitDefender
  • ESET

Let Us Give You a Helping Hand

Cleaning and restoring a hacked site does take a lot of time and effort.

That’s time you are not spending on your business.

WP Wingman can help you restore your hacked website and with one of our WordPress Site Care Packages you can rest assured your site is secure and being looked after properly.

Posted in


Wil is a dad, consultant, developer, conference organiser, speaker and business mentor. He co-organizes the WordPress Sydney meetup group and has been on the organising committee for WordCamp Sydney since 2014. He speaks at many special events and contributes to the WordPress open source project. His likes are chillies, craft beer and electrogravitics.
Scroll to Top