Most responsible website owners would never consider creating phishing pages. Google actively scans the web for potential phishing sites and flags websites that appear to host malicious content. Some website owners wake up to a message in search results stating that their site has been flagged as a phishing portal. Honest website owners may not be aware of what classifies a site as phishing, causing panic and an immediate desire to have the site reviewed. While having your site flagged isn’t a catastrophe, you do need to clean up any problematic pages before you can successfully request a review. A successful review will remove the warning from Google search results, making it critical to act swiftly. In this article, we’ll explore why your site might be flagged as phishing, how to address the issue, and what steps you can take to fix a phishing flag on your website.
Understanding What Constitutes Phishing
It’s possible that you may not even realize your pages are being flagged as phishing sites. To begin, you should understand what makes a website a phishing portal. The primary red flag is a site that doesn’t use SSL or TLS on its web server but collects personal information. SSL (and now TLS) certificates are installed on your web server and enable encryption between your website and the user’s browser. SSL certificates allow your site to use HTTPS as the protocol, providing protection against eavesdropping.
Examine your web pages to identify if any of them request personal information. If a user lands on your page using HTTP, they should be automatically redirected to the HTTPS version of the page before entering any private information.
Another potential issue to consider is how you process data. When you submit data from a web page form, it can be sent using a form POST or GET action. The GET action sends data in the browser’s query string values. You’ve probably seen web pages with a question mark and variables appended at the end of the page name. Query string values look like this:
Mysite.com/?firstname=john&lastname=smithThe query string is everything after the question mark. If it contained a social security or bank account number, it’s considered insecure. Phishers are often careless in setting up their pages, making poorly secured or programmed sites appear suspicious and get flagged.
Another common, yet more challenging, problem is a hacked website. Hackers who gain access to your site can place phishing pages on your domain without your knowledge, making it much harder to detect and identify the phishing content.
You can use a web crawler that specifically searches for hacked content. For instance, AWSnap is a website that crawls specific pages, identifies suspicious code, and provides recommendations. Another tool is Securi.net, which allows you to subscribe for a fee and automatically scan your site at a specified interval. If any suspicious files are found, Securi will notify you.
If you can’t locate the hacked pages, you may need to hire a professional. Google won’t remove the warning until all phishing site content is eliminated from your domain.
In rare cases, your site may be incorrectly flagged. In such instances, you can request a review and explain the situation. Google also provides this URL for reporting incorrectly flagged sites:
google.com/safebrowsing/report_error/
It’s important to note that Google issues different types of warnings. The most common phishing site notification is “Deceptive site ahead,” displayed in Chrome and Firefox browsers. If Google suspects that your site hosts malware, the warning indicates that the site may harm a computer or contains malware.
What Can You Do to Fix Your Website?
The steps you take to fix your site depend on what caused it to be flagged as a phishing site in the first place. If you collect personal information without encryption, you should consider obtaining an SSL/TLS certificate. Start by contacting your web hosting provider, as most hosts offer security certificates for their customers. The cost may vary based on your hosting plan.
Once you’ve installed the certificate, you’ll need to redirect your pages to the HTTPS version using a 301 redirect from HTTP to HTTPS. If you use WordPress, numerous plugins can help with the redirection. If you have custom applications, consult with your developer. It’s recommended to use HTTPS on all pages, as Google uses encryption as a minor ranking factor.
If you use a GET form action, fixing this issue can be more challenging if you’re not proficient in coding. You’ll need to change the form submission process, which requires some coding on your part. If your forms come from a plugin, you can reach out to the plugin developer or consider using a different plugin. If you had a developer implement the forms, they need to modify the submission code, while the processing page can remain mostly the same.
Finally, if your site has been hacked, troubleshooting can be more complicated. However, you can often disable the plugin responsible for the security breach and delete the malicious pages. To prevent this scenario, always keep your WordPress version and plugins updated. Avoid downloading plugins from owners who don’t maintain and support updates, as most plugins need to be updated after several WordPress updates, and incompatible plugins are disabled by WordPress.
Requesting a Review
Once you’re confident that the phishing pages have been removed and any hacks have been resolved, you can request a review. The review process takes place through Google Search Console (formerly known as Webmaster Tools). If you haven’t already registered, take the time to sign up and register your site in Search Console.
In the Malware section of Search Console, click the “Request a Review” button. Provide a detailed explanation of the actions you’ve taken to rectify the site’s issues. Google’s staff will review the site and the review requests. Therefore, be as comprehensive as possible in describing the steps you’ve taken to remove the problematic content.
Google is generally swift with malware reviews (in contrast to reconsideration requests, which can take weeks). The alert should be removed within 24 hours, often happening in just a few hours.
What You Can Do to Protect Your Website
If your site has been hacked, it’s essential to take precautions to prevent it from happening again. Change your site’s passwords and update any WordPress plugins. If the hackers were able to access your site’s data, check your local computer for security vulnerabilities. Chrome extensions can be a point of entry for hackers to obtain your passwords. Malicious extensions can perform various logging activities to capture your information.
Lastly, always rotate passwords for critical applications like FTP used to connect to your host. Keep antivirus software running on your machine and regularly update definition files to avoid falling victim to new viruses.
Utilizing your web hosting provider for support and security is an excellent starting point. Once you’ve had a hacked site, you never want to go through the trouble again. It’s a valuable lesson for webmasters who aren’t serious about security. Various scripts available on the internet make it relatively easy to breach WordPress sites, and maintaining regular updates is crucial to avoid falling victim to such scripts. Fortunately, Google is prompt in removing warnings provided you’ve cleaned up the phishing pages. Always prioritize your customers’ data and privacy by following best practices for your websites.
WebHostingPeople hosting customers can always reach out to our support department for assistance in resolving any issues. We’d be happy to provide you with more information on how to address this type of challenge.
