Google says My Website has Malware on it, What can I do?
- 9 Jan 2023
In an effort to keep the internet safe, Google and other search engines put in safe guards in their search results that prompt the user of safety issues with the websites that they are attempting to click through to.
Often times, websites get flagged by Google and other search engines without the website owner being aware that their website is compromized.
If that is you, then chances are you found out in one of 2 ways that Google has been warning your would-be website visitors that your website is dangerous:
- You tried to visit your own website; or
- A loyal customer, friend or colleague has warned you that your website has been flagged
And in either case, wind up seeing a screen like this on your website:
As you can imagine, showing this screen to your potential leads or customers is not going to go well for your business, start-up or fan-page.
So, what can you do?
What is malware?
Malware refers to any piece of software created to harm or exploit another piece of software or hardware. Malware comes in many forms like executable applications, scripts, or in a form of executable files.
It can be spread through emails, websites, and apps. It is often installed unknowingly on a system when you open an infected email attachment, by clicking on a link containing a virus, or if your website has some vulnerable directories, sections or plugins in which the attacker can inject or upload their malware.
Malware is a collective term for all types of malicious software. Since malware comes in many different types and forms, it’s important to recognize these malware as it could be in your website without you knowing. These various types of malware include:
- Fileless malware
There is a lot of malware out there, but understanding these different types of malware and the steps needed to guard your internet activities online is one way to help protect your data and prevent further risk.
How harmful is malware?
Malware can do many things but on the subject of how harmful it is, the answer is extremely dangerous.
It can cost you a lot of money and cause reputational damage and lots of heart-ache.
Depending on the type of malware and the objectives of hackers, malware can be used for several reasons.
Stealing confidential information from your website or your visitors
Stolen data will be a fuel for the hackers for identity theft like setting up bank accounts under someone else’s name or accessing bank accounts of someone else, especially for the stolen information like your credit card data or other financial data.
Another way hackers profit from these stolen data is by selling it to other hackers. With this data, they can target victims with phishing attacks, masking their scam as something legit as they use the victim’s privileged information to attempt to sound more credible to them.
Sabotaging your ability to manage your website
Once the hacker reaches the admin portal of your website, they can do anything with your website as they pleases. As they are now taking over your admin portal, they can change your account’s password and you will lose access to your admin portal.
As a result, there will be no way for you to take control of your website, at least until you contact your website hosting company to help you regain control, but then the damage can already be done to your website.
Altering your website’s appearance
Hackers usually alter your website’s content with their own agenda-driven message. They may want to attract attention to some political issue, damage someone’s reputation, promote their own reputation, or simply display some pranks. Your valued visitors will be surprised at the sudden change your website has and as a result they may opt to leave your website entirely or they will never engage again to your website or business.
Infecting your website to use them for mining bitcoin or other cryptocurrencies
Once some malicious scripts or code is embedded or injected into your website it will run and load some more malicious code without you knowing. It will exploit your web hosting or other services/resources that you have paid for, such as disk space, emails or processing power.
This will not only affect your web hosting but there are malware programs that can also affect your personal computer once you visit or click through to an infected webpage. After that, it can start to run cryptocurrency mining processes on the infected local computers, devices or other user’s machines.
Stealing traffic from your website by redirecting it elsewhere
Hackers try to deceive visitors and users to go to their fraudulent website instead of yours. These fraudulent pages or websites duplicate the same branding, presentation and content from your website to make their fraudulent website hard to distinguish from your own legitimate website, making unsuspecting users trust these fraudulent websites.
There are a number of reasons why hackers do this:
- To increase the advertising revenue obtained from traffic from your website
- Introduce visitors and users to malware that downloads to infect their computers or devices
- To receive enquiry information to obtain fresh new contact information or even ask for private information that normally legitimate websites would not ask for
What will happen to your website if malware is not actioned right away?
If this malware is not actioned right away, it can disrupt your website and business. The most common effects of these malwares are:
Disrupting your business operations
Malware infections can halt the essential operation of your business as they may have taken over the website’s managing portal. This would prevent you from serving your customers or worse steal your business confidential information and use it for their gain.
If Google has also flagged your website has malicious, then this can be picked up by email servers and start flagging any email messages attached to your website domain (ie, email@example.com) as suspicious.
Many people receiving emails from affected email addresses will likely see these messages start falling into their spam folders or even stop receiving these emails in their inbox entirely.
Damaging your reputation
If your website is flagged by Google as harmful as containing malware, your website will present like this to them:
Users seeing this page will quickly click away before even make it onto your website, many of whom will vow to never try to visit your website again.
In the worst case, any of your repeat website visitors who had their personal information stolen and can identify that your website was responsible for this, then they will refuse to return to your website again.
Many of these people can also leave a nasty review on Facebook or Google, or spread the word on their social media pages.
Damaging your Google rankings
If your website is flagged by Google as harmful and containing malware, it will likely display a warning which says “This site may harm your computer.” in the search result pages.
Just as with the “red screen of death” above, your website traffic will take a hit as a result.
Affecting the user’s experience
If malware is injected onto your website, it may have removed a substantial part of your system or severely affect its functionality, resulting in a broken and ultimately unsuccessful user’s experience.
The user experience symptoms of a website can be a whole mix of many of these things:
- The website is defaced and displaying broken or incomplete web pages
- The website is defaced and displaying error messages or programming code
- The website is defaced and displaying malicious content material or links to dangerous web pages
- Core website functions such as checkout or administrative functions not working properly
- Degraded website performance due to website hosting resources excessively consumed
Losing your sales and profit
With users informed of your site being unsafe and the website user experience affected, this will sharply reduce the purchases of your products or enquiries about your services.
In certain circumstances, you may need encounter legal ramifications of your website being compromised, if for example the compromised website has resulted in a data breach that exposed sensitive customer data. This is a loss that many website owners and businesses cannot afford, and the consideration of storing sensitive customer data on your website should be strongly reconsidered for any website owner anyway.
One of our clients recently struggled with their website having malicious website code sitting dormant on their website. This happened to be discovered close to the time when they were also looking to promote their business in newspapers and advertising.
Subsequently to the discovery of the malicious code, the client’s emails were also getting flagged as spam or as malicious.
A hacked website not only affects the website itself, it also affects how the business can be discovered, how the business can transact online, how the business communicates and the business’s image.
With this in mind, a single hacking event may often lead to you experiencing a myriad of issues all at once or in quick succession as a chain of events. It is important at any period to keep tabs on your website to ensure that it is clean of any malicious code.
What should I do if my website is flagged for malware?
Malware on your website needs to be acted on quickly. I’ve listed out the things that you need to do when you first become aware that your website is affected my malware.
1) Identifying the malicious files
It is important to first identify the type of hack for you to help understand where to focus your time and effort in generating steps of action and solution to the problem. Here are some things you can do to identify the type of hack:
Perform diagnostics on pages
Check and use the Google’s safe browsing site status page if you think your website contains malware or it’s being blocked by Google due to malware.
Simply enter or type in your website URL and perform the search. This Google tool will tell what type of harmful content was injected to your website and where that content is located. If affected, the diagnostics will show a status message like “The site example.com contains harmful content, including pages that: Install unwanted or malicious software on visitors’ computers”.
Also seek out for any further instructions displayed in the diagnostic tool which can point you in the right direction.
Identify what category of malware
Identifying what kind of malware infected your website can help you create a solution. Websites who use Google Search Console, Google Analytics, or Google Adsense may receive email warnings about the presence of the malware from Google or notifications in dashboard sections of Search Console. These messages also include information about the suspicious URLs and potential attack vectors.
Generally, Google uses these categories for malware:
- Phishing and Deceptive site
- Server configuration (Malware infection type)
- SQL Injection
- Code Injection
- Error template
For an active website with loyal users or customers, it may be the users who are the first to encounter malware and to let you know about it. In that case, they may contact you via contact form or phone to notify you that something is wrong. Gather and take note of as much information as you can so that you are best equipped to tackle the step to actually remove the malware.
2) Fix the website by cleaning up malicious files
After identifying the problem and getting information about the malware, it’s time to remove the malware from your website.
Backup your website’s files and database
The first thing to do before making changes or removing files on your website is to have a full backup of your websites and database. Having backup can help you recover your site if something goes wrong or you delete files which you aren’t meant to delete and are unrecoverable.
You can take a complete backup of your website using backup functions within cPanel if your web hosting company is using cPanel, or you can use the File Manager to copy and compress your www directory into a ZIP archive and sit it in your hosting space.
Scan your website’s source files
The best way to scan your website without risking other servers or your computer’s safety is to perform a scan on your website using some third-party tools. If you’re using WordPress and you have admin access, then you can install a security plugin in your website and perform a scan to locate the malicious file and malware injected on your code base. There are several plugins that provide some security and scanning features that can help you identify some suspicious changes in your website.
This plugin comes complete with a powerful malware scanner, gives you insights into overall traffic trends and hack attempts. It will automatically scan your website for threats or you can manually scan anytime. They will alert you for any signs of security breach and any detected threats with recommended actions to resolve them. The plugin comes with a web application firewall – it is a valuable addition to your website’s security, blocking malicious traffic and preventing brute force attacks. All the essential features and functions are all available in their free version.
Sucuri Security provides preventive measures to increase security on your websites and ability to scan your website for common threats with email alert notification. They also serve static content from their own CDN servers which give you a performance boost and speed on your website. These features are available for free.
This plugin will take your website security to another level. It lowers the risk of a security breach by scanning for vulnerabilities and applying most recent suggested WordPress security practices. It is easy to use, stable and comprehensive. All their latest security practices and techniques are available for free.
This security plugin will monitor your site’s security health like logs file changes, scan for known vulnerabilities, check your Google’s blocklist status and will alert you. It also has the ability to create backups of your WordPress database and secure our WordPress login with several layers of security. All their basic security features are available for free.
List and keep track of malware warnings received
List and keep track of malware warnings received. After you scanned your website for malware with the use of third-party tools, or any security plugins you have, they will have the list of the files appear to be malicious. From then, you can keep track of those files for you to be able to assess them to fix or to remove.
Find the malicious code
Find the malicious code inserted in your code files and remove infected files. Some code files will not be detected by mere scanning using the anti-virus or your security plugin. That’s why it is best and recommended to look in each code file for any malicious code inserted. Here’s some ways and tips in looking for the malicious code in your website:
Using WordPress as an example, malicious code can usually be found in wp-admin or wp-content/plugins/ folders, or in your theme files. It’s important to keep in mind that there are several types of files in a typical complete WordPress website:
- WordPress core files – these are found in the public_html or www folder of your hosting instance in folders such as wp-admin, wp-includes. The list of files and folders in your WordPress installation should match what can be downloaded from the wordpress.org website. Be sure to find the WordPress release that matches your current WordPress version
- Plugin files – each plugin can be found within your WordPress installation under wp-content/plugins/. Individual plugins can be downloaded again by reinstalling each plugin from WordPress
- Theme files – each theme can be found within your WordPress installation under wp-content/themes/. Individual themes can be downloaded again by reinstalling each theme from WordPress. Note that some themes may be custom made for your website and won’t be downloadable from else where
- Editable files – these are files that are designed to be edited, authored or managed. These files are wp-config.php, custom themes in the wp-content/themes folder or custom plugins in your wp-content/plugins folder. It’s likely that these files cannot be recovered as easily, unless your website is managed by an agency such as Bode Contagion provided that a backup of the files were provided beforehand
- Uploads – these are files that are uploaded using the media library and uploaded to wp-content/uploads
- Cached files – these files are generated files from your plugins depending on their purposes
For WordPress core files, it is best to download a fresh copy of the same version of your WordPress and compare the fresh files against your current files. Take a look at the differences and examine them.
To do this quickly, you can use some file comparison tools such as BeyondCompare, WinMerge, Code Compare or ExamDiff or some source-code editors have built-in file comparison tools such as Visual Studio Code.
Check recently modified files
Another way in locating malicious code, is accessing your website source files and sorting them by the latest modification date. From there, you can check the unfamiliar modifications where it may be suspicious.
Check for unusual file directory placements
When looking for the injected malicious file, examine also their file directory placement. Hackers want their malicious code and files injected to be hidden as possible. One way to do this is they will hide their scripts in the place where you least expect it, like in CSS or images folder. In instance , a PHP file is sitting inside a CSS folder. It is very unusual that a file named blue.php is sitting inside the wp-admin/css/colors/blue/ folder where all files in it are CSS. These types of occurence is worth checking as they are potentially malicious.
Replace the files with fresh and safe copy
After identifying the files which have been compromised through the various file comparison techniques above, replace those files with fresh and safe copies.
For WordPress, download the exact same version of it and replace your files. Do this to all your plugins also, download their current versions and replace them.
Review and double check the files
Double check your files to ensure there are no malware files still remaining. Scan the files.
Request a review of your website or removal of the malware flag. The Google warning message in your website will not automatically be removed.
Once everything has been done to remove the malicious files and the site is secured, request a review from Google for the removal of the malware flag. Here’s the step to do this:
- Go to Google Search Console account.
- If you haven’t verified your website, you will be prompted to verify ownership of the website. It can be done by placing some special .html file in the root of your website. If this step has been done, you can proceed to the next step.
- Click on the Security Issues tab, and navigate to the bottom of the screen
- Review if all issues have been resolved. If yes, check the box to confirm you have fixed all issues.
- Hit the ‘Request a review’ button
- Use the form to indicate all the steps you took to resolve the security issues and submit.
Once done, Google will review your website. This request can take a few days to process depending on the issue. When Google decides that your website is all clean, all those warnings ang malware flags will be removed. If it determines that your website is not yet clean, you may need to repeat all the steps above.
What can I do to prevent my website from getting hacked?
If you’re a victim of a malware attack on your website and have taken the steps above to clean up your website, or are a website owner who hasn’t taken steps to secure your website yet, then the following steps will be important for you.
Performing website and database backup
One way to safeguard your website is to keep an up-to-date backup of your site and database. That way, if something wrong happens to your website, you can quickly restore your website to its previous state.
You can take a manual backup of your website using cPanel.
Performing security reports
It’s wise to use plugins or tools that can help you easily scan your website’s vulnerabilities. Performing security scan and reports can help you spot issues and vulnerabilities that you had no idea existed. This way you can address and resolve the issue immediately. This task would be helpful if you have a security plugin installed like Wordfence, Sucuri, All In One WP Security, etc.
Updating the WP Core and plugins
Outdated versions are the most common and easy ways for the hackers to gain access to your website. Though, there is a fix package or plugin that prevents malware but plugin, themes, or eCommerce vendors are regularly providing updates to fix whatever vulnerabilities that may be present in their code packages. Thus, keeping your core, plugins, and themes updated are vital in ensuring your website’s security.
Removing unused themes and plugins
Keeping plugin and themes files that are not being used can cause some issues on your website. It can make your site bigger as a result it will make the site slower, and if not being used it can also be vulnerable to hackers as it can be their gateway to inject something to your website.
Tightening the file permissions levels
Being too lax on your file permissions can be a risk for website breach. It should be a practice to regularly check file permission to prevent unwanted changes and modification that can result in vulnerabilities.
Retest the website
Once you have performed all clean up activities on your website, it is best to retest various key functions of your website including the submissions of forms that your website has. This way, you can check that submissions are correctly going to your inbox.
It is also recommended that your forms have preventive mechanisms like Captcha or honeypot mechanisms that can detect, filter or prevent spam entries.
There are several ways and methods for removing malware and malicious code on your websites. You can perform the clean up process manually if you have the necessary technical knowledge and time or you can opt to consult an expert who can help you resolve the problem or who can provide you with the solution.
If your website is using WordPress, there are several security plugins that can help you speed up the process and tighten the security of your website.
Regardless of your preferred ways and methods, this problem should be addressed and resolved as soon as possible. Compromised websites not only harm your website system but it can also harm your ranking and brand’s reputation if left unattended.
With that, if you want to focus on managing your online store, creating blogs or the likes instead of worrying about maintaining your website’s security, you can give us a call or send a quick email to reach out to us. Let us handle all updates and maintenance to your website.