Over my 15+ years as a webmaster, I‘ve seen my fair share of sites hacked and infected with malicious code. And few things make your heart drop faster than seeing the big red "This site ahead contains harmful programs" warning when visiting your own site.
Rest assured – this infection can be cleaned up. In this comprehensive guide, I‘ll share the steps I take to fully restore sites and get them off Google‘s naughty list for good.
Contents
- Why Google Shows the Harmful Programs Warning
- Step 1:Restore Your Site from a Recent Backup
- Step 2: Scan for Malware and Security Issues
- Step 3: Eliminate Any Backdoors
- Step 4: Update and Harden Security
- Step 5: Ask Google to Review in Search Console
- Symptoms Your Site May Be Infected
- Avoiding Harmful Program Warnings Altogether
Why Google Shows the Harmful Programs Warning
Before we dig in, it‘s important to understand what causes this in the first place.
Google displays the "harmful programs" or "deceptive site" error when their algorithms detect your site contains or is distributing malware, viruses, or other suspicious software.
This often happens when:
- Your site is hacked and the attacker injects malicious scripts, iframes, or other code.
- A plugin or theme has a vulnerability that allows scripts to be installed.
- Your hosting gets compromised at the server level, affecting multiple sites.
- You unwittingly include scripts from a low-quality ad network.
I‘ve seen infections skyrocket on WordPress sites in particular. Sucuri data shows over 1.7 million WordPress sites get hacked every year.
The chart below shows the percentage of infected sites running different platforms:
| Platform | % Infected |
|---|---|
| WordPress | 66% |
| Joomla | 23% |
| Other (Magento, Drupal, etc) | 11% |
With so many ways sites can become compromised these days, it‘s no wonder harmful program errors have become common.
The good news is these infections can be cleaned up properly if you use the right approach.
Step 1:Restore Your Site from a Recent Backup
The first step with any hacked site is making sure you have a complete, recent backup you can fully restore from if needed.
Ideally you already have daily automated backups being created and sent off-site. If not, immediately backup your entire site – WordPress files, database, media, everything.
There are quality backup plugins like UpdraftPlus which make this easy. For beginners, I recommend a managed backup solution like BlogVault which handles everything automatically.
With a backup in hand, you have the freedom to thoroughly inspect your site and clean things up without fear of causing harm. Think of your backup as an insurance policy. I never attempt to repair an infected site unless I have a solid backup ready.
Step 2: Scan for Malware and Security Issues
Next, scan your site for anything malicious. Don‘t rely on just your eyes – use a hardened security tool designed to identify infections.
The gold standard here is Sucuri. Their SiteCheck scanner will thoroughly inspect your site for malware, blacklisting status, hidden redirects, unauthorized code, and other issues.
Here‘s an overview of what Sucuri SiteCheck looks for:
- Malware in files, databases, and traffic
- Blacklisting by Google, Norton, etc.
- Modifications to .htaccess files
- Added user accounts
- Strange redirects
- Vulnerable software versions
- Invalid certificates
- Code injections
- Compromised DNS settings
The scan takes about 5-10 minutes and gives you a full report. It finds issues regular site owners would never spot on their own.
I use SiteCheck to audit sites after any suspected hack or infection. It gives me confidence a site is 100% clean before restoring it from a backup.
Step 3: Eliminate Any Backdoors
Hackers often leave backdoors in sites to allow future access even after a cleanup. You need to fully audit your site for potential backdoors including:
- Added user accounts
- Changed FTP credentials
- Files with incorrect permissions
- Strange SFTP rules
- Hidden malicious files
Also change all WordPress passwords, check for unauthorized admins, and look for code that seems out of place.
Sucuri‘s cleanup process typically deactivates backdoors, but it‘s smart to still double check yourself. Don‘t leave any way back into your site open.
Step 4: Update and Harden Security
Once you‘re certain the infection has been eliminated, take measures to further harden security and prevent repeat attacks:
-
Update WordPress, plugins, themes, and PHP – Out of date software contains vulnerabilities hackers target.
-
Limit user accounts – Reduce potential points of compromise. Many hacks happen via weak or stolen admin passwords.
-
Use strong passwords + 2FA – Strong unique passwords and 2FA make it much harder for attackers to pivot from a compromised account to full site access.
-
Remove unused plugins/themes/files – Get rid of anything not essential. Less code means less potential security holes.
-
Switch to managed WordPress hosting – Hosts like WP Engine or SiteGround have layers of security like web application firewalls, hourly malware scans, and auto-updates. This acts as your first line of defense.
Harden your environment as much as possible. Don‘t leave the door wide open to repeat infections!
Step 5: Ask Google to Review in Search Console
Once your site is clean, head to Google Search Console and request a review of the harmful programs warning:
- Go to Security Issues
- Click the checkbox next to any warnings
- Click Request a review
This tells Google to re-crawl your site and check if the issues are resolved. Ideally the warning will then be removed after another round of analysis.
Note this process can take 1-2 weeks. Be patient. As long as your site stays clean, the warnings will eventually disappear from search results.
Symptoms Your Site May Be Infected
Sometimes the harmful programs warning in Chrome is the first red flag something is wrong. But there are other symptoms of a potential infection:
- Sudden drop in Google rankings
- Strange new popups or browser redirects
- Spike in bandwidth usage
- Emails from your host about malware
- Antivirus software blocking site access
- Spam comments and signup forms appearing
Pay attention for any shady behavior on your site. The quicker you catch an infection, the easier it is to clean up and limit the damage.
Avoiding Harmful Program Warnings Altogether
An ounce of prevention is worth a pound of cure when it comes to site infections. Here are powerful proactive measures:
-
Daily automated offsite backups – Quickly restore your site if an attack happens.
-
Managed WordPress hosting – Companies like SiteGround, WPEngine, Kinsta include layers of security like malware scanning, firewalls, auto updates and more.
-
WordPress hardening – Limit plugins/themes, strong passwords, 2FA, file permission audits. Reduce your attack surface area.
-
Website security monitoring – Sucuri SiteCheck will alert you about infections and blacklistings as they occur.
-
Quality themes/plugins – Only use well-supported software from reputable vendors. Avoid nulled or pirated options.
-
Common sense – Don‘t install random scripts. Research plugins and code carefully before adding to your site.
Hacked sites are often easy targets running outdated software with weak passwords. By taking proactive measures, you make yourself a much less desirable target.
But sometimes bad luck strikes anyway. Use the steps in this guide to fully clean up and restore your site if you see the "deceptive site ahead" or "harmful programs" warnings. And please reach out if you need help getting back to a happy, healthy site free of infections.
