Google Blacklist Removal Guide for Websites
In order to get off of Google’s blacklist, you need to do the following:
Identify the Reason for Blacklisting
Address the Root Cause
Submit a Reconsideration Request
Identify the Reason for Blacklisting
Log in to your Google Search Console account. If you haven’t added your website to Google Search Console, you should do so, as you will need to submit a request to remove the blacklisting through there. Check for any security warnings or manual actions. These will provide specific details about why your site was blacklisted. Common reasons include:
Malware: Your site might be infected with viruses, trojans, or other malicious software.
Hacking: Your site could have been compromised and used to distribute spam or malware.
Deceptive Practices: You might be using techniques like cloaking (showing different content to search engines and users) or doorway pages (creating multiple pages with slightly different content to rank higher).
Spam: Your site might be spamming search results with irrelevant or low-quality content.
Google Search Console may even give you the URLs of any pages that may be infected, but don’t always expect a lot of details. You will need to scan your website to address the root cause of the blacklisting.
Address the Root Cause
If your site is infected with malware, you'll need to clean it thoroughly. This may involve:
Website Scan
Software Updates
Password Changes
Hack Investigation
Reviewing server logs
Checking for backdoors
Deceptive Practices
Spam Cleanup
Website Scan
Use a reputable security scanner to identify and remove all malware.
You can do a free online malware scanner to get an overview of what you might be looking at, as well as if you’re blacklisted with other search engines. Here are 3 free online website malware scanners:
Sucuri SiteCheck
Sucuri SiteCheck provides security checks beyond just malware, like blacklisting status, mixed content, outdated software, and more. It even provides detailed reports and helpful advice.
Google Safe Browsing Center
Google Safe Browsing Center primarily checks for phishing and malware threats. It allows you to submit URLs for analysis and receive information about potential risks.
VirusTotal
VirusTotal analyzes files and URLs for malware using multiple antivirus engines. This online malware scanning tool provides a community-driven analysis of files and URLs, giving you insights from various security vendors.
However, it’s important once you get a general idea of what is going on, you need to do a deeper scan. For example, some web hosts provide malware scanners in their cPanel hosting packages, like ClamAV. This malware scanner will give you a detailed list of all infected files and databases.
If you’re on a specific CMS like WordPress, and you can still access your website’s admin area, you may want to use a plugin like GOTMLS, as this tool provides a very deep scan of your website and files. You can also use Wordfence, which not only offers a nice malware scanning tool, but also can help with content injections(also known as content spoofing), code injections, or SEO spam.
In the case you’re having issues, your web host might be able to help scan the site and provide a list of the infected file. With Verpex, you can just ask customer support and even take advantage of the Imunify360 solution included with their reliable shared web hosting.
Software Updates
Update your website software (CMS like WordPress, plugins, themes) to the latest versions to patch known vulnerabilities. In fact, most web hosts require that users keep their software up-to-date. If the infection is really bad, and the web host deems that it was due to outdated software, you can risk being terminated from the host’s services. Make sure to read the terms of service with your web host about this.
Password Changes
Change all passwords for your website, hosting account (both the web host and if you’re using cPanel or Plesk), email account, and any related services. If you’re using FTP, you will want to change any and all account passwords.
Hack Investigation
If your site was hacked, you need to determine how it happened. You need to know so you can close up the problem and prevent it from happening in the future. This might involve:
Reviewing server logs: Look for suspicious activity.
Checking for backdoors: Search for any hidden code that could allow attackers to regain access.
Deceptive Practices: If you were using any deceptive tactics, remove them immediately.
Spam Cleanup: Remove any spammy content, links, or keywords from your site.
Submit a Reconsideration Request
Once you’ve removed the problem, make sure to double check, even if you have to spend time waiting for a second deep malware scan to complete. When you’re ready, go to Google Search Console.
In the left sidebar, you’ll scroll down to the Security Issues section. You'll usually find a "Request a Review" button. Make sure to explain the steps you've taken to resolve the issues. Be as specific as possible. Google will review your request and let you know their decision. This process can take some time. If Google rejects the request, they will often tell you why. Again, it might not always be in detail, but that does mean that you will need to go rescan everything, and clean anything that comes up.
The best way to avoid being blacklisted is to maintain a secure website. Use strong passwords, keep your software updated, and regularly back up your website data. Google's decision is final. Even if you follow all the steps, there's no guarantee that your site will be reinstated.
If you still have issues, you may even want to hire someone that’s knowledgeable in removing malware and even experience in Google blacklist removal. Your web host might even offer malware cleanup services for a fee.
