The “Deceptive Site Ahead” Warning: How to Fix It in WordPress

Did you encounter a “deceptive site ahead” warning on your website?

This is not an uncommon issue. It occurs when Google finds traces of malware on a website. By flagging it, Google prevents users from visiting the site.

In this article, we will show you how to remove the deceptive site ahead warning by following a few easy steps. After that, we will also show you how to prevent Google from flagging your website again in the future.

Let’s dive in…

The meaning of deceptive site ahead warning

The word ‘deception’ means that something is misleading. ‘Deceptive site ahead’ would mean ‘misleading site ahead.’ In other words, Google is saying that your website is misleading prospective visitors. This is a scare tactic that the search engine uses to prevent Google users from accessing your website.

No doubt, you are surprised at this accusation (assuming you are not running anything shady on the site) and want to know why!

There are two possible reasons why Google has flagged you with the deceptive site ahead warning:

1. Your site is infected with malware
2. Your SSL certificate is incorrectly installed

Over the course of the article, we will show you how to figure out what exactly is wrong with your website. But first, let’s take a quick look at the consequences of the warning if it’s not removed immediately.

The impact of deceptive site ahead warning on your website

After Google flags your website as deceptive, you will experience a host of problems, like:

• SEO ranking drop and organic traffic decline
• Loss of revenue for business and eCommerce websites
• Impact on brand value due to spammy pop-ups and redirections
• Breach of user data
• Web host suspension and email provider blacklisting, etc.

Needless to say, you need to act quickly. Now, let’s look at the solutions.

Fixing the deceptive site ahead warning

So far, you have learned about the meaning of the deceptive site ahead warning and its terrible impact on your business. Now you will learn how to remove the warning for good.

The steps you need to take are:

1. Figure out the exact reason Google flagged your site
2. Scan and clean any malware infection
3. Install your SSL certificate properly
4. Request Google to remove the warning
5. Secure your website

Note: Before we begin, take a backup of your entire website. The solutions we offer involve installing a new plugin or accessing WordPress files and folders. Both activities are risky. In case things go south, you’d have a backup to fall back on. Take a backup now.

Let’s get started…

As we mentioned earlier, there are two possibilities as to why Google targeted your website. Let’s dive into them one by one.

1. Incorrect installation of SSL certificate

Google has made it mandatory to have an SSL certificate installed on every website. But simply installing the certificate is not enough. You need to migrate every single page of your site from HTTP to HTTPS.

This is easily done on a small website with a dozen or two pages. But it’s a real challenge with large websites where some pages migrate to HTTPS and others don’t. Google calls it a mixed content error. Luckily, it’s a common error and can be fixed in a jiffy.

Solution: redirect HTTP to HTTPS

👉 Step 1: Open WhyNoPadlock or Jitbit and insert the URL of your website. It should determine if your website has mixed content issues. You can also do a manual check. Here’s how:

• Go to your homepage, right-click and choose Inspect from the menu.

• A window pops up below or on the side of your screen. Go to Console. You should see a warning for the mixed content error.

👉 Step 2: To fix the mixed content issue, you need to install and activate a plugin called Really Simple SSL. We have a separate guide on it here.

If it’s not an SSL issue, then it’s most likely a hack.

2. Your website is hacked

Google is always on the lookout for malware-infected websites. It blacklists hundreds of thousands of websites every day to prevent Google users from visiting them. Malware-infected websites are known to harass and mislead visitors by sending them to spammy third-party sites, subjecting them to phishing attacks, and tricking them into buying non-existent products.

According to security experts, hacks are caused by any of the three reasons below:

• Software vulnerabilities
• Unauthorized access control
• Vulnerable third-party integrations

Software Vulnerabilities: Themes and plugins are one of the biggest reasons WordPress is a successful CMS. But these are also the top vulnerability of this CMS. 95% of hacks today are caused by outdated or poorly coded themes and plugins.

Some of the most common hacks caused due to software vulnerabilities are DDoS attacks, cross-site scripting attacks (XSS attacks), link injection attacks, SQL injection attacks, session hijacking, and clickjacking attacks.

Unauthorized Access Control: We are referring to someone who shouldn’t have access to your website but does. A common way to acquire access is to brute force the login page. Weak username and password give easily.

Another surprisingly common way to gain unauthorized access is through the hands of the admin. You heard that right! Admins often add new users (like developers, writers) to allow access to the dashboard. If the new user is assigned a powerful role like an Admin, they essentially have complete control over the site which they can abuse if they choose to.

Vulnerable Third-Party Integration: Third-party integration like ads, hosting, and even Content Distribution Networks (CDN) can exploit your website. Ad network exploits are most common and it’s called malvertising hack attacks. Malware infection caused due to third-party integration is difficult to fix because it’s beyond your control. However, you can remove malware-infection from your website and migrate to a safer hosting, ad network, or CDN provider.

Solution: find and remove malware

You can remove a malware infection manually or by using a plugin. We recommend the plugin method because the manual one is unreliable and risky. Nonetheless, we will show you both methods.

Malware removal with a plugin

The first step is to choose a security plugin.

After reviewing the most popular security plugins for WordPress, we have come to the conclusion that Sucuri, Wordfence, and MalCare are the best ones out there. In this section, we will quickly show you how to scan and clean your website with the help of these three plugins.

Sucuri

Install the plugin on your website. Then go to the plugin’s dashboard and Generate an API Key to activate features like server-level scans and malware clean up.

Next, head to Sucuri Security → Dashboard → Refresh Malware Scan. The plugin should have scanned your website as soon as it was installed, but the initial scan was a surface-level HTML scan which generally fails to find complex and remote malware infections.

After the server-level scan is complete, it shows you malicious files found on your site. Select the files and choose Delete File.

This initiates the malware removal process. Before long, your website will be clean.

Wordfence

Activate Wordfence on your website. It asks you to enter your email address and the premium key. Without the key, you can’t clean the malware infections.

Go to your dashboard and navigate to Wordfence → Scan → Start New Scan. It should take the plugin a few minutes to run a complete scan. In the end, you will have a list of malicious files that you need to remove immediately. Just hit the Delete File button. That’s it. The malicious file is gone for good.

👉 Further reading: how to protect your site with Wordfence.

MalCare

Install and activate MalCare on your website. Go to your dashboard and select MalCare from the left-hand menu. Add your email address; the plugin will start scanning your website.

The initial scan takes a while because the plugin is taking a backup of your site onto its own server before running the scan. It prevents overburdening your server.

When the scan is complete, the plugin will notify you about the malicious files found on your website. To remove those files, click the Auto-Clean button. Within a few minutes, your site should be as good as new.

Manual malware removal

Unlike a plugin, manual scanning is neither straightforward nor quick. Here’s a peek into all the steps you need to take. However, before I show you the list, you need to understand that this is just a general look at the issue, and you might have to do a lot more digging to remove malware from your site effectively.

• First, access the backend of your website, open the root folder to look for recently modified files
• Following identification, download the original versions of these files from the WordPress repository, and replace them on your server
• Now scan custom files (i.e. files unavailable in the repository) for suspicious codes
• As much as possible, clean those files and remove any unwanted code
• Clean the database tables or restore them to their original structures

Even after all this effort, there is still no guarantee that your website will be completely clean and remain operational. Frankly, we are not security experts. That’s why we strongly recommend that you follow this guide by Sucuri Security for manual cleanups.

Requesting Google to remove the warning

Instead of waiting for Google to crawl your website again, you can inform them about the steps you took to clean the site right away.

Important: Before we go any further, make sure you removed the actual cause of the hack. If you didn’t manage to get the job done, Google won’t remove the warning from your site.

Here’s how to ask Google to review your site:

Open Google Search Console. Go to Security Issues.

Search Console should have picked up that malware infection before so don’t panic when you see any infection warnings on your Console dashboard.

Just click on Request Review and on the next page, describe all the steps you took to clean the website and remove the root cause of the hack. Hit Submit Request.

It takes Google up to 72 hours to verify and remove the warning.

Some of you may not have added your website to Google Search Console. In that case, go to your AdWords account and request a review through the AdWords support center. If you don’t have that either, then just add your website to Google Search Console and wait for Console to start crawling your website. It should remove the warning within a week or two.

Protecting your website from future warnings

Removing the deceptive site ahead warning is not enough, you must future-proof the site.

Installing a security plugin is insufficient. You have to follow the best security practices listed below:

• Keep the core and all the themes and plugins updated
• Buy themes and plugins from well-known places only
• Avoid using pirated or nulled themes and plugins
• Enforce strong passwords
• Limit failed login attempts
• Install a firewall
• Set proper user roles
• Take regular backups
• Review third-party services you’re using thoroughly

We have a dedicated guide on top WordPress security tips. Take a look.

Conclusion on the deceptive site ahead warning

Then, try loading your site on other web browsers like Firefox, Safari, and Microsoft Edge to ensure that the website works properly there. If you notice the detective site ahead warning again, don’t worry, clear the browser cache, and try again.

That’s all for this one, folks! We hope you found this guide helpful. Let us know if you have any questions on how to get rid of the deceptive site ahead warning.