Published
Updated

At Seravo, we occasionally encounter cases where customers contact us regarding information security cases. In occasion these include situations where their entire web site has been blocked by popular browsers. In such cases, Google Chrome and Mozilla Firefox prevent the opening of the effected site, producing a frightening error message, warning the user that something malicious could be going on.

This can occurs if Google deduces that a site is running malware or it has malicious content. This may indicate a data leak or phishing attempt. The detection of these threats is often made automatically, as Google scans websites for known malware patterns. Alternatively, a third-party may have reported your site to Google using Google’s reporting form.

Firefox displays a "Deceptive site ahead" alert
Firefox displays a “Deceptive site ahead” alert
Google Chrome suggest that the site is malicious
Also Google Chrome suggest that the site is malicious

When this kind of error message is displayed, your site has being blacklisted, and modern browsers utilize these blacklists for security reasons. Depending on the level of deduced risk, the site can be blocked entirely. In some cases, the user can choose “unsafe” option to proceed the site. If user chooses this option, the browser still shows alert icon beside the URL.

Chrome giving details of a security warning for a website

If your site has been blocked, it’s not always obvious why it has happened. In cases where our customers have contacted us, the reason of blacklisting was not the site itself, but warning sign that Google determined to be malicious. Examples of this include running additional content on a public external server, with that content being served from a subdomain. In some cases, the content was not malware or malicious at all, but legacy code, that had been utilized in some exploitation’s elsewhere .

What happens to the blocked site?

If the site has been blacklisted by Google, it’s not just temporarily blocked with browsers. The impact is greater and far more wide-reaching:

  • The site will be immediately excluded from Google search results, so your customers or users can not easily to find your site anymore.
  • SEO ranking will be decreased.
  • Your reputation and sales (particularly in online stores) may suffer when users face this sort of error message.
  • If the site is hosted in Google, the account will be suspended.

How to fix it?

If your site has been blocked, there is normally a specific reason. This means that the site should be checked immediately. We have collected useful tips for checking the site integrity and security in our documentation. In such cases, you can complete the following steps:

  • If you are a customer at Seravo, our security monitoring might have noticed this already. If not, please contact customer support ASAP and we will help you sort if out as part of our security guarantee.
  • Check your Google Search Console. It may tell you what is the particular URL where the assumed malware or malicious content was found, and why the site has been blocked.
  • If you think that the site was blacklisted incorrectly, you can send a report to Google and ask to remove the site from the blacklist.
  • Check your workstation for possible malware / viruses.
  • Check that your site has the latest versions of WordPress core, theme and plugins. Also verifying code checksums is always great idea. In our environment, you can log in via SSH and run wp plugin verify-checksums and wp theme verify-checksums commands. The commands are available in systems with WP-CLI installed.
Firefox reporting tool for Incorrect Forgery Alert
Firefox reporting tool for Incorrect Forgery Alert

At Seravo, we have made several tools available for site security. Some of the tools that allow you to diagnose unauthorised changes to your site include:

  • wp-backup-list-changes for comparing filesystem to backups,
  • wp-list-files-ctime for listing the most recent files,
  • wp-list-files-mtime for listing the latest changes to file
  • wp-last-wp-admin to list latest admin user logins to WordPress backend.

For more information, read about the upkeep and security included in all plans at Seravo.

With Seravo You Are Safe

If you are not already a Seravo customer and would like the peace of mind that comes with our enhanced monitoring & site protection services, find out how to migrate your WordPress site to Seravo.