Deceptive Site Ahead Warning

Are you trying to remove the “Deceptive Site Ahead” warning from your WordPress website?

Seeing this warning is alarming for any website owner. Displayed with a red background by search engines, it aims to protect users from potential malware threats believed to be present on your site.

In this post, I’ll explain why the “Deceptive Site Ahead” warning appears and how it affects your site. I’ll also walk you through the steps to remove the warning and keep it from coming back.

Let’s get started.

The meaning of deceptive site ahead warning

The “Deceptive Site Ahead” warning means Google thinks your site might be dangerous for visitors. This warning aims to protect users from potential threats on your site.

Seeing this warning can be surprising, especially if you aren’t running anything shady on your site. So, why is this happening?

There are two main reasons Google might flag your site with this warning:

  1. Your site is infected with malware.
  2. Your SSL certificate is incorrectly installed.

In this article, I’ll show you how to identify and fix the problem with your website.

And you really shouldn’t ignore it. If you do, you’re facing all kinds of problems. Chief of them: your SEO rankings can drop and organic traffic decline, as a result, you can lose revenue and create a negative impact on your brand value. In some serious cases, you can even have your web host suspend your account or your email provider blacklist you.

Fixing the “deceptive site ahead” warning

Note: Before we begin, take a back up of your entire website. The solutions we offer involve installing a new plugin or accessing WordPress files and folders. Both activities are risky. In case things go south, you’d have a backup to fall back on.

1. Install your SSL certificate correctly

Google has made it mandatory to have an SSL certificate installed on every website. But simply getting the certificate is not enough. You need to migrate every single page of your site from HTTP to HTTPS.

This is easily done on a small website with a dozen or two pages. But it’s a real challenge with large websites where some pages migrate to HTTPS and others don’t. Google calls it a mixed content error. Luckily, it’s a common error and can be fixed in a jiffy.

Step 1: Open WhyNoPadlock or Jitbit and insert the URL of your website. It should determine if your website has mixed content issues.

You can also do a manual check. Here’s how:

Go to your homepage, right-click and choose Inspect from the menu.

inspect page

A window pops up below or on the side of your screen. Go to Console. You should see a warning for the mixed content error.

deceptive site ahead warning - inspect page console

Step 2: To fix the mixed content issue, you need to install and activate a plugin called Really Simple SSL. It’s a free plugin. 

Install the plugin on your website and it’ll automatically detect the SSL certificate installed on your website. Then, it’ll ask you to activate that certificate. You just need to hit the Activate SSL button.

The plugin will ensure that the certificate is properly installed and activated on your website. Behind the scenes, it looks for all URLs being served over HTTP and redirects them to HTTPS. 

really simple ssl plugin activate ssl

When that’s done, the plugin shows that the certificate has been properly installed and all mixed content issues have been taken care of. 

really simple ssl plugin mixed content issue resolved - deceptive site ahead

If the “deceptive site ahead” warning is not gone, then you’re most likely facing a hack.

2. Check for a website hack and get rid of it

If you didn’t find any “SSL mixed content” issues, the most likely cause of the “Deceptive Site Ahead” warning is a malware infection due to a website hack.

Websites can be hacked because of vulnerable themes and plugins, weak usernames and passwords, and hosting issues.

To check if your website is hacked and infected with malware, you’ll need a WordPress security plugin like MalCare, Sucuri, or Wordfence.

Install the plugin on your website and start a scan. Depending on the size of your site, the scan might take a few minutes. Once it’s complete, the plugin will inform you if it found malware on your website.

👉 Need help picking your security plugin?

Here’s how to do these scans step-by-step with each plugin:

Sucuri

Install the plugin on your website. Then go to the plugin’s dashboard and Generate an API Key to activate features like server-level scans and malware clean up.

deceptive site ahead warning - fix with Sucuri

Next, head to Sucuri Security → Dashboard → Refresh Malware Scan. The plugin should have scanned your website as soon as it was installed, but the initial scan was a surface-level HTML scan which generally fails to find complex and remote malware infections.

After the server-level scan is complete, it shows you malicious files found on your site. Select the files and choose Delete File.

This initiates the malware removal process. Before long, your website will be clean.

Wordfence

Activate Wordfence on your website. It asks you to enter your email address and the premium key. Without the key, you can’t clean the malware infections – you can just identify them.

deceptive site ahead warning - fix with Wordfence

Go to your dashboard and navigate to Wordfence → Scan → Start New Scan. It should take the plugin a few minutes to run a complete scan. In the end, you will have a list of malicious files that you need to remove immediately. Just hit the Delete File button. That’s it. The malicious file is gone for good.

👉 Further reading: how to protect your site with Wordfence.

MalCare

Install and activate MalCare on your website. Go to your dashboard and select MalCare from the left-hand menu. Add your email address; the plugin will start scanning your website.

deceptive site ahead warning - fix with MalCare

The initial scan takes a while because the plugin is taking a backup of your site onto its own server before running the scan. It prevents overburdening your server.

When the scan is complete, the plugin will notify you about the malicious files found on your website. To remove those files, click the Auto-Clean button. Within a few minutes, your site should be as good as new.

Manual malware removal

Unlike a plugin, manual scanning is neither straightforward nor quick. Here’s a peek into all the steps you need to take. However, before I show you the list, you need to understand that this is just a general look at the issue, and you might have to do a lot more digging to remove malware from your site effectively.

  • First, access the backend of your website, open the root folder to look for recently modified files
  • Following identification, download the original versions of these files from the WordPress repository, and replace them on your server
  • Now scan custom files (i.e. files unavailable in the repository) for suspicious codes
  • As much as possible, clean those files and remove any unwanted code
  • Clean the database tables or restore them to their original structures

Even after all this effort, there is still no guarantee that your website will be completely clean and remain operational. Frankly, we are not security experts. That’s why we strongly recommend that you follow this guide by Sucuri Security for manual cleanups.

Request Google to remove the warning

After fixing your website, it’s time to ask Google to recrawl it and remove the “Deceptive Site Ahead” warning.

While Google will eventually recrawl your site on its own, it’s better to initiate the recrawl rather than waiting for Google to notice the changes.

Open Google Search Console. Go to Security Issues.

google search console security issues - deceptive site ahead

Search Console should have picked up that malware infection before so don’t panic when you see any infection warnings on your Console dashboard.

Just click on Request Review and on the next page, describe all the steps you took to clean the website and remove the root cause of the hack. Hit Submit Request.

It takes Google up to 72 hours to verify and remove the warning.

Some of you may not have added your website to Google Search Console. In that case, go to your AdWords account and request a review through the AdWords support center. If you don’t have that either, then just add your website to Google Search Console and wait for Console to start crawling your website. It should remove the warning within a week or two.

How to prevent future warnings

Removing the “deceptive site ahead warning” might not be enough if it was caused by a hack. You must future-proof the site.

1. Install a security plugin

Websites can be re-hacked. To prevent that from happening, we recommend using a security plugin that offers the following features: firewall, daily scanning, detection of vulnerable plugins and themes, and monitoring of user activities. 

  • The firewall filters traffic and prevents bad traffic from accessing the website. 
  • Detection of vulnerable WordPress core, plugins, and themes reminds you to update them before hackers have a chance to use them to gain access to your website. 
  • Monitoring user activities helps detect malicious users. And daily scanning ensures malware infections are instantly recognized so that you can get your website cleaned immediately. 

You’re good off just picking any of the plugins you used above for cleaning up the hack. All of them will help you avoid similar problems in the future.

2. Keep your website updated

Vulnerable software, especially plugins and themes, are responsible for most website hacks. You can avoid hacks by keeping plugins, themes, and the WordPress core updated.

Developers release updates when they find vulnerabilities in their software. By updating regularly, you ensure that your website runs the most secure version of the software.

Installing a security plugin helps by notifying you whenever the WordPress core, plugins, or themes have an update available. However, you still need to take action and perform the updates yourself.

wordpress plugins that need updating - deceptive site ahead

3. Use strong usernames and passwords 

Besides using vulnerable software, hackers also target weak usernames and passwords.

They open your login page and try combinations of common and guessable usernames and passwords to gain unauthorized access.

Weak usernames are those like “admin,” “administrator,” “user1,” “user2,” or author names displayed on your site.

Weak passwords are common ones like “123456,” “password,” “qwerty,” “admin123,” “abcd1234,” “111111,” or those based on easily discoverable details like your name, birthdate, or address.

👉 Here’s a guide on how to check how secure your password really is.

You can create strong usernames and passwords by using a combination of uppercase and lowercase letters, numbers, and special characters. Make sure they are unique and not related to personal information or easily guessable details.

4. Protect the login page

The default login page URLs for WordPress websites are https://example.com/wp-admin or https://example.com/wp-login.php

Since the URLs are common for all WordPress websites, hackers can easily open your login page and try brute forcing into your website.

Consider changing the login URL to something else, something that would be hard to guess. 

5. Switch to secure hosting

Hackers also target web servers of hosting companies.

Keeping web servers secure involves regular updates, data transmission encryption, security audits, vulnerability assessments, and backup and disaster recovery plans, among other measures.

Not all hosting companies can afford to implement these measures.

You can evaluate your hosting provider’s security by making a list of best hosting practices and then comparing your provider against those criteria.

If you don’t want to go through this time-consuming process, consider switching to a better hosting company that ensures your website is hosted on secure web servers.

Conclusion on the deceptive site ahead warning

The “Deceptive Site Ahead” warning usually appears when your website is hacked or your SSL certificate is improperly installed.

To remove the warning, clean the hacked website or reinstall your SSL certificate, then request Google to crawl your site and remove the warning. It can take Google a few days to respond.

Once the warning is gone, follow these steps to prevent future hacks:

  • Install a security plugin.
  • Keep your site always updated.
  • Use a strong username and password.
  • Protect the login page.
  • Switch to a secure hosting provider.

That’s all for this one, folks! We hope you found this guide helpful. Let us know if you have any questions on how to get rid of this warning.

Yay! 🎉 You made it to the end of the article!

0 Comments
Inline Feedbacks
View all comments

Or start the conversation in our Facebook group for WordPress professionals. Find answers, share tips, and get help from other WordPress experts. Join now (it’s free)!