Ask Sucuri: How long it takes for a site to be removed from Google’s blacklist?

If you have any questions about malware, blacklisting, or security in general, send it to us: contact@sucuri.net and we will answer here. For all the “ask sucuri” answers, go here

Question: My site was hacked and we cleaned and secured it properly. We also scanned it, and it is showing up as clean, however, it is still blacklisted by Google. How long until they remove us?

This is a very common question. In fact, every time we clear a hacked site, their owner asks us the same question: How long until that scary red warning sign is gone?

To give a solid answer to our clients, for the last few months we started to time how long it takes from when the review submission is requested, until the site is removed by Google. We have now timed more than 500 blacklist removals so I think we have some good numbers to back us up.

heree are the results:

  • Average time from submission to removal: 623 minutes (10 hours and 23 minutes)
  • Maximum time: 1412 (23 hours)
  • Minimum time: 140 (2 hours and 20 minutes)

So, in average, it will take Google 10 hours to clear your “bad” name from their lists. Some times, for our lucky clients, it happens in just 2 or 3 hours. Also, one important point that some people forget is that you need to request a review! Google will not automatically remove a site once cleaned.

How do you increase your odds of getting cleared faster? First, make sure to clean everything up! Second, do not remove the infected files, but fix them, since a 404 will delay the verification (even if you need to leave the file with a 0-size). Third, secure your site to make sure it is not reinfected in the middle of their verification.

That’s it. Let us know if you have any questions or comments.


is your site hacked? Blacklisted? We are here to help! We can get your sites cleaned up and secured right away!

Scan your website for free:
About David Dede

David Dede is a Security Researcher in the SucuriLabs group. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.