How to fix Deceptive Site AheadInder
Deceptive site ahead is quite common page for infected website with malware’s or spywares. Generally, this vulnerability comes from outdated scripts, third-party plugins, or vulnerable themes. Google automatically detects and warn its users about the infected website. The detailed message will appear as Google Safe Browsing recently detected phishing on domain.com.
Phishing sites pretend to be other websites to trick you. In short to explain in an easy way this warning means search engine like Google have detected a hack on your site and blacklisted it in order to protect their users from being victims of data theft and fraud.
Well, how and why this happen is a different topic as it will require detailed analysis of the server and security logs and other security processes. You can read more about this topic here how to protect your website . But what we are going to explain here is how to quickly get rid of Deceptive Site Ahead.
What you should do? How to fix Deceptive Site Ahead
There are two things you need to understand 1) Host Security and 2) Website Security.
Host is your server which is either dedicated or shared server with multiple websites hosted. My advice will be if you are critical with your business website host it on dedicated or vps server as it will provide much better security protection layer. Shared hosting’s are often vulnerable because there are many other websites hosted with insecure software’s and plugins.
And if still don’t have any choice other than shared hosting protect your website by applying latest patches, develop website using latest platforms whether its php or html. WordPress is very common website CMS and you can protect your website by installing security plugins like Wordfence.
To start how to get rid of this problem – First secure your host server with the help of a security expert. Well if you are the root owner of the server its totally your responsibility to plan and design the security architecture of your server. I will recommend using services of third party MSPs like 24x7servermanagement who are expert in cPanel server security process.
Brief security process from server side –
1) Install Web application firewall like Mod_security to prevent any kind of malwares or SQL injection attacks on the server.
2) Install a Good malware scanner like cPguard, Imunify AV++, or Maldet etc and schedule scan events.
3) Disable normal shell access for accounts & compilers on the server.
4) Install firewall like ConfigServer Security & Firewall (CSF) or Imunify360 Firewall.
5) Patch your systems with the latest stable versions of software’s on server that is live and in production.
Website security process –
Second secure the website with online tools like sucurri and other malware scanners, and if the website is developed in WordPress then there are plenty of security plugins available. This will not only help to protect your website but will also help to clean infected pages. For example some of the good plugins I can suggest is Wordfence, Sucurri and iThemes security plugins. Here are some more tips that you can consider.
1) If budget is not an issue, Use Cloudflare solution for advanced DDoS, Intelligent WAF, Bot Management. Almost 90% of your security objective is achieved with the use of cloudflare solution.
2) If you website is infected then scan your website using online malware scanning tools like SiteCheck or Wordfence website. There are various other scanners also available which might charge you some fees. Find out the pages and clean it by removing the infected code, You can also scan the websites files by using Anti-Malware tool on your local machine. For that you will need to Download the website content on your local system and scan with the Anti Malware tool like Norton or Quick heal.
3.) Backups, never forget to back up your website files and folder along with the database. Have daily, weekly and monthly backups of your website.
Finally Review your website with google. Use Google Search Console to remove “Deceptive site ahead” warning from your website.
In order to remove google warning, you have to submit the site for review considering that you have fixed and cleaned your website.
Log in to Search Console and access Security Issues Report.
Select Request a Review.
You need to fill in the information required on what steps you took to rectify the malware issue.
Submit your request.
The processing time for a review request can take a day or even several weeks. You will receive a response in your Messages in Search Console or Webmaster tools account.
Once Google determines that your website is clean, the warning will be removed within 72 hours.
You may refer this https://developers.google.com/web/fundamentals/security/hacked/use_search_console?visit_id=637335891322463099-1651330548&rd=1 link for how to use the Google Search Console.
Note: If your request isn’t approved, it means you need to reassess your site for malware or spam. You can contact support team of 24×7 to handle this for you.