Most modern web browsers and search authorities like Google have a vested interest in protecting their users from malware. Warning messages like “This site may harm your computer” are a clear way for services to educate and protect end users from accessing malicious websites.
A hacked website can result in a plethora of headaches: unwanted redirects, SEO spam, backdoors, and even ransomware. But the fun doesn’t end there. If your site’s been hacked, you’ll likely be on the receiving end of these browser and search warnings — which in turn can affect your website’s traffic, reputation, and revenue.
Today, we’re going to look at how a hacked website can result in browser and warnings in Google search results. We’ll also outline the steps you can take to fix “This site may harm your computer” warnings and prevent it from happening again.
Contents:
- What is the “This site may harm your computer” notification?
- What causes warnings for my website?
- How to fix “this site may harm your computer” messages
What is the “This site may harm your computer” notification?
Google uses strict policies to protect search traffic from malware. If Google detects that a website is infected, they’ll serve a “This site may harm your computer” warning message in search results to warn potential visitors and deter them from accessing the domain.
By raising awareness about malicious websites, they reduce the likelihood that users will get infected by shady websites. Search authorities like Bing and Google may even eventually blocklist the website to prevent search traffic navigating to the hacked site.
And while it may be a minor inconvenience for a web searcher to come across this message, it’s an entirely different story for whomever owns the infected website.
So, let’s take a look at why your site might be getting this warning in the first place.
What causes these warnings for my website?
Website malware can lead to warnings in browsers and search results.
Bad actors actively target vulnerable websites to distribute their payloads. In many instances, their malware employ clever methods designed to trick victims into clicking and executing malicious software downloads onto their computer.
These infections are exceptionally dangerous for website visitors. They can allow an attacker to gain control of the infected system, harvest sensitive user information and credit card details, and perform other malicious activities.
To protect users, most search authorities and modern web browsers use automated processes to detect website malware. Data from a wide range of sources is aggregated to find websites that are involved in suspicious or harmful activities.
So if services like Google or Bing detect malware on your website, they’ll issue a warning to their end users to protect them until the problem is fixed.
Examples of website malware
Some examples of website malware that can result in “this site may harm your computer” warnings include:
| Malware type | How it works |
| SocGholish | Attackers serve fake browser updates from hacked websites that lead victims to installing remote access trojans and other malicious software. |
| Fake DDoS Notifications | JavaScript injections are used to serve fake DDoS prevention messages that lead victims to download remote access trojan malware. |
| Emotet | Web servers are infected with malicious PHP to deliver malspam, distributing ransomware and spyware to unsuspecting email recipients. |
| Unwanted Ads | Attackers inject malicious code onto a hacked website that serves malicious redirects and unwanted software downloads. |
| Malicious JavaScript | Hackers inject malicious JavaScript to silently install malware on a visitor’s computer or mine cryptocurrency on the computer of website visitors. |
If browsers or search engines suspect that your website may lead visitors to install malicious software, you’ll likely end up with a “This site may harm your computer” notification when navigating to your website or viewing search results for your domain.
And before I forget: Google doesn’t differentiate between sites that are intentionally serving malware vs. those who are hacked and not actually trying to harm website visitors. You’re not going to get off easy just because you didn’t mean to host malicious code on your site.
So, if you’re getting these warnings for your site you’ll definitely want to take steps to fix the issue and remove malware as soon as possible.
How to fix “This site may harm your computer” messages
There are a number of steps you can take to detect and remove malware from your website and fix the notification in Google search results and browsers.
1 – Check for recent changes to your site.
Scan your website to figure out if any changes were recently made to your website, server, or database. Check for any modifications to your website’s source code, core CMS files, plugins, themes and other software.
2 – Register your website for Google Search Console.
Next, verify and register your website in Google’s Search Console. You can check Search Console to find reports of any security issues or blocklisting.
You can refer to our Google blocklisting guide for more detailed information on what blocklisting is and how to fix it.
3 – Scan your website for malicious code.
A remote website scan with the SiteCheck tool can help identify any indicators of compromise. But you’ll also want to check your website at the database and server level, too.
WordPress users can leverage security plugins to help you analyze your website for malware, which is significantly faster than manually checking your code.
4 – Clean up the website infection.
Once you’ve found the source of the infection, you’ll need to clean up the malware and get your website back to its last known good configuration. Be sure to remove any malware on the server and database level too.
If you need help, reach out to a service provider to clean up the malware infection for you.
5 – Harden your website to prevent reinfection.
Website hardening is all about adding layers of protection to reduce the chances of getting infected with malware. There are a number of different techniques, settings, and configurations that you can use to enhance your website’s security and prevent attack.
First and foremost, be sure to keep your website software patched and updated with the latest security updates to prevent infection. You’ll also want to use strong, unique passwords for all of your accounts. And you can use a web application firewall to filter and stop malicious behavior on your website.
6 – Request a review of your website.
Navigate back to Google Search Console and go to the Security Issues section.
Next, click the Request a Review button.
You may need to provide an example of what you did to remove the violation.
For example:
“I removed the malicious JavaScript injection that was distributing malware to website visitors, updated my website software, removed unused plugins and changed my passwords.”
Finally, you’ll want to be sure that the problem is actually fixed before you submit your website for review. Resubmitting your website can result in longer wait times.
7 – Wait for the review results.
Reviews will take some time to process. You’ll see a response in your Search Console messages as soon as the review is complete.
- If Google doesn’t think that you’ve fixed the problem, they may provide additional context or offending URLs to help you troubleshoot and pinpoint the problem.
- If your website is deemed “clean” and free of malicious software, “This site may harm your computer” warnings in browsers and search results will likely disappear within 72 hours.
How to prevent “this site may harm your computer” notifications
The most common reason for a website to see this warning is due to a malware infection. To prevent your website from serving malicious software to visitors, implement hardening techniques to reduce the risk of a compromise.
Some steps to harden your website to prevent infection include:
- Isolate your website and use different cPanel and hosting environments to reduce the risk of cross-site contamination.
- Keep your website plugins, components, and software patched with the latest security updates.
- Use unique, strong passwords for sFTP, database, and admin credentials.
- Practice the principle of least privilege.
- Protect data in transit with SSL certificates.
- Regularly scan your website for indicators of compromise and malware.
- Restrict access to admin pages.
- Changes your default CMS settings.
- Use well-reviewed and regularly maintained plugins, themes, and website software.
- Create and maintain regular website backups.
- Use a web application firewall to filter malicious packets, block bad bots and prevent DDoS.
As always, if you’ve identified that your website already has malware and you need a hand cleaning it up, we’re here to help.
Victor Santoyo
Luke Leal
Denis Sinegubko
Juliana Lewis
Mohit Jawanjal
Antony Garand
Ben Martin