"This site may harm your computer": how to remove the Google warning

If visitors see a red "Deceptive site ahead" screen, or your listing in search now carries a "This site may be hacked" label, the cause is almost always the same: the site was hacked and Google noticed before you did. There is no button that simply removes the warning: first you have to find and remove the malicious code, close the way in, and only then request a review. Below: what the message means, where to look for the cause, and how to pass Google's review correctly so the flag does not come back.

Contents
  1. What the message means
  2. Check your site now
  3. Why Google flags a site
  4. Mistake: review too soon
  5. Where the cause hides
  6. How to clean and prepare
  7. Requesting a review
  8. When to call a specialist

What this message actually means

There are several warnings and they are different things. It matters which one you have, because they are cleared in different ways:

  • The red "Deceptive site ahead" screen in the browser. This is Google Safe Browsing: it decided the site hosts phishing or tries to deceive visitors.
  • "This site may harm your computer" in search or on click. Usually means malicious code that infects visitors.
  • "This site may be hacked" right in the search results, under the link. Google found unfamiliar pages or spam on the site.
  • A message in Search Console, the "Security issues" section: malware, social engineering or unwanted software.

In every case the source is the same: something appeared on the site that should not be there. The flag is a consequence, not the cause.

Check your site right now

The tool opens your site from the outside the way a search engine and a mobile visitor see it. Very often it is them who are served the malware or the redirect, while the site looks normal to you. Defacement, a mobile redirect, cloaking and an outdated CMS show up at once. No access to the site is required.

I check: defacement, mobile redirect, cloaking, the CMS version and whether it is up to date.

Checking the site from the outside...

The exact Google Safe Browsing status is in the Google Transparency Report: enter the address and you will see whether the site is flagged.

Why Google flags a site

Safe Browsing constantly scans sites and sorts threats into a few types. A hacked site usually trips one of them:

  • Malware. A script was injected into the code that infects or attacks visitors.
  • Social engineering (phishing). Fake forms or pages appeared that harvest data.
  • Unwanted software and redirects. Visitors are pushed to casinos, pharmacies or dodgy file downloads.

Google rarely gets this wrong: if the flag appeared, the site almost certainly has a hack. False positives do happen, but the right first move is to check, not to argue.

The big mistake: hitting "Request review" straight away

The owner's first instinct on seeing the flag is to open Search Console and click "Request review". If the malware is still on the site, the review confirms it and the flag stays. Worse, repeated requests without fixes slow the review down.

The only correct order: first find and remove the cause, close the way in, confirm the site is clean, and only then request a review. A review is not a "remove flag" button, it is Google re-scanning the site.

Where the cause usually hides

The malware almost never sits in plain sight. The typical places to check:

  • Conditional redirect. The code fires only for mobile, or only for visitors coming from search. On a desktop the site opens normally, so the owner never notices.
  • Cloaking for Googlebot. The bot is served one page, the visitor another. This is exactly what Safe Browsing catches.
  • Injection in the template or database. The script is added to the active theme files or to template parameters in the database.
  • Rules in .htaccess. Redirects and conditions at the server level, with the files themselves clean.

That is why the hosting antivirus often says "all clean": it checks files against signatures, while the code sits in the database or in the server rules. A silent scanner does not prove the site is fine.

How to clean it and prepare for review

The order that actually removes the cause, not just the symptom:

  1. Change every password: admin, FTP and SSH, database, hosting panel.
  2. Check .htaccess, index.php and the active template files: injection is usually in the first lines.
  3. Check the database: in WordPress that is wp_options and wp_posts, in Joomla the template parameters in #__template_styles.
  4. Find and delete web shells: unknown .php files, often in the uploads or media folders.
  5. Close the way in: update the CMS and extensions, remove unused ones, check cron jobs.
  6. In Search Console open "Security issues" and look at the sample infected URLs Google itself provides. That is a hint on where to search.

Requesting a review in Google

Once the site is genuinely clean, you can request a review:

  • Search Console, the "Security and Manual Actions" section, then "Security issues".
  • Confirm that every issue is fixed, tick it, and click "Request review".
  • Briefly describe what you did: what you removed, where the entry point was, what you closed. This speeds up the review.
  • Timing: for malware usually a few hours to a couple of days, for social engineering longer. The red browser screen clears automatically after reclassification.
  • Do not resubmit the review every day: it does not speed things up, it slows them down.

If the site turns out to be infected again at the moment of the check, the flag will not be lifted. That is why closing the way in first matters so much.

When to call a specialist

It is worth calling in a specialist if:

  • you already cleaned the site and the flag came back;
  • the code is in the database or in .htaccess, and the hosting antivirus stays silent;
  • the site opens normally on your computer, yet Google still flags it (a conditional redirect or cloaking);
  • a review has already been rejected;
  • there is no working clean backup.

I find the reason for the flag, clean the site on any CMS, close the entry point and help you pass the Google review correctly so the flag does not return. Diagnostics are free. I work with site owners from Ukraine and Poland, and with Russian speakers across the EU. I do not work with legal entities registered in Russia: that is an EU sanctions restriction.

Details and request

Frequently asked questions

How long until the warning is removed after a review?

For malware, usually a few hours to one to three days. For social engineering (phishing), longer. The red browser screen clears automatically once Google reclassifies the site as safe. There is no button to speed it up.

I clicked "Request review", but the flag came back. Why?

It means the malware was still on the site at the moment of the check, or it was re-uploaded. A review is a re-scan by the bot, not a one-click removal. If the way in is not closed, the site gets reinfected and the review records it.

The warning only shows in Chrome. Do I have a virus on my computer?

No. This is Google Safe Browsing, a shared database used by Chrome, Firefox and Safari. The problem is on the site, not in your browser or computer. That is why every visitor sees the warning, not just you.

The site is flagged, but I visit it and see nothing wrong. How?

A common case: the malware is shown only to the search bot or only on mobile (cloaking, a conditional redirect). To you the site looks normal, while Googlebot and phone visitors get the infected version. That is exactly what Safe Browsing catches.

Can I speed up the removal of the flag?

There is no separate speed-up button. The only thing that truly affects the timing is for the site to be genuinely clean and the way in closed at the moment of the review. Otherwise the review is rejected and the cycle repeats, which only drags it out.

Telegram