How To Fix Your Site If Google Says It Contains Malware

Google is an awesome search engine, there is no question about it.  It’s useful for finding information on the web about basically anything you can think of.  And, it is also getting better at keeping its users safe from malicious websites.  Google’s Safe Browsing technology will not only label sites that it thinks are dangerous (malicious) in its search results but also notify and warn you before actually loading the page.  The Safe Browsing technology is even built-in to the Google Chrome web browser so any site in Google’s “potentially malicious” site database will be initially stopped from loading in Google Chrome unless the user chooses to bypass the warning.

But now, you start getting emails from visitors saying that Google is saying your site contains malware and is being blocked.  What do you do?  Well, fortunately, the very same technology that is blocking your website from loading in people’s browsers is also useful in finding and fixing the malware problem on your site.  The steps below are generalized because every site is different.  Your site may require a slightly modified approach.

1. If suddenly your site is listed as containing malware by Google and you haven’t made any recent changes that you can think of that would cause this change in Google’s behavior then before you do anything else change your passwords for any web application that has access to your account on the server.  This may include a FTP account, WordPress account, forum software (e.g. Invision Power Board/phpBB, etc), as well as any other third-party applications installed on your server (e.g. ad serving software).

You will want to change the passwords just in case the person who has modified your site in some way did so through obtaining access to your password.  However, I should also note that it is not always necessary for someone who has gained unauthorized access to your site to have your password.  There are several ways in which people can gain unauthorized access that do not involve having your password.  We’ll discuss more on that later.

2. After you have changed the passwords, use Google’s Safe Browsing tool to figure out exactly what is being labeled as malware on your site.  For example, if you want to check on my site’s current status in Google’s database you can see that here.  Obviously, you will want to check for your own site.  To do that, simply replace besttechie.net in the URL with your site’s domain (e.g. http://www.google.com/safebrowsing/diagnostic?site=example.com) and load the page.

This page will inform you of what Google has determined to be malware on your site.  You can use this information to track down the cause of your problem.

3. Often times people can find vulnerabilities in out dated software installed on your server and use those security flaws to insert malicious code into your website.  This is exactly why I recommend always keeping your server software up-to-date (similar to how you would keep software on your computer updated). Side note: if you use WordPress you will want to check out my 5 ways to help keep WordPress secure.  If you are lucky you can simply update your software and the new files will overwrite any modifications made by the intruder.  Once you update your software, go to Google Webmaster Tools and request that Google review your site.  It may take up to a few hours for the change to be reflected in Google’s search results.

In order to request a review by Google:

1. Sign in to Webmaster Tools with your Google Account.
2. Make sure you have added and verified the site you want reconsidered.
3. On the Webmaster Tools Home page, select the site you want.
4. Click Diagnostics, and then click Malware.
5. Click Request a review.

However, don’t panic if that doesn’t resolve the issue.  Updating your software is still a necessary step.  So make sure you update all of your software before moving on.

4. If updating and reinstalling your server’s software doesn’t fix the problem, it’s possible that your site has become a victim of a SQL injection.  Handling these can be difficult if you are not experienced with SQL databases of any type.  However, if you have updated your server’s software, you can revert your site’s database back using a backup (which hopefully you have) from before the attack occurred.  This will ensure the code injection is no longer present and will minimize the possibility that it will happen again because by this point your server’s software should be up-to-date as well, thus most likely protecting you from the security exploit used against your site before.

5. Once you have done all of that, hopefully your site will be clean of malware.  Again, you will need to ask Google to review your site using the steps provided above.  If for some reason your site is no longer listed in Google’s results at all, you will also want to send a request to be included in Google’s index again.

In order to request a reconsideration to be re-added into the Google index:

1. Sign in to Webmaster Tools with your Google Account.
2. Make sure you have added and verified the site you want reconsidered.
3. Request reconsideration of your site.