What Can You Do to Fix Flagged as a Phishing Site in Google?
What you do to fix your site depends on what caused the phishing notice in the first place. If you take personal information with no encryption, you need to purchases an SSL/TLS certificate. Contact your host first. Most hosts offer a security certificate for their customers. It could be a free or paid upgrade depending on your hosting plan.
Once you install the certificate, you need to redirect your pages to the HTTPS version. You use a 301 redirect for moving from the HTTP to the HTTPS version. If you use WordPress, there are plenty of plugins that help you redirect. If you have custom applications, check with your developer. You don’t need to use HTTPS on all pages, but it’s recommended. Google announced that it uses encryption as a minor ranking factor.
If you’re using a GET form action, this is more difficult to fix if you aren’t a coder. You need to change the form submission process, which takes some coding from your end. If the forms you use are from a plugin, you can either contact the plugin coder or use a different plugin. If you hired a coder to implement forms, he needs to change the submission code. The processing page can remain mostly the same.
Finally, if the site is hacked, it’s also difficult to troubleshoot. However, with hacked sites you can usually disable the plugin causing the security breach and delete the malicious pages. To avoid the situation, always upgrade your WordPress version and any plugins. Don’t download plugins where the owner does not manage and support updates. Most plugins must be updated after a few WordPress updates, and WordPress disables incompatible plugins.
Request a Review
After you’re confident that the phishing pages were removed and any hacks were deleted, you can now request a review. The review process happens through Google Search Console (formerly Webmaster Tools). If you haven’t already signed up, take some time to sign up and register your site in Search Console.
In the Malware section of Search Console, click the “Request a Review” button. Explain what you did to fix the site in the text boxes. Google employees review the site and the review requests, so be as detailed as possible with what you did to remove the content.
Google is very fast with malware reviews (as opposed to their reconsideration requests that can take weeks). The alert should be removed within 24 hours, but it usually happens in only a few hours.
What You Can Do to Protect Your Site?
If your site was hacked, you must take precautions from it happening again. Change your site’s passwords, and update any WordPress plugins. If the hackers were able to access your site’s files, check your local computer for any security holes.
Chrome extensions are one way a hacker can gain access to your passwords. Malicious extensions can perform numerous logging events to get your information.
Finally, always rotate passwords for important applications such as FTP used to connect to your host. Keep antivirus running on your machine, and always update definition files to avoid being victim to new viruses.
Once you have a hacked site, you never want to go through the trouble again. It’s a good lesson for webmasters who aren’t serious about security. There are numerous scripts that can be downloaded on the Internet, so penetrating WordPress sites doesn’t even require advanced capabilities. Always upgrade your plugins and WordPress version to avoid falling victim to these scripts.
Thankfully, Google is quick to remove the warning provided you cleaned up the phishing pages. Your customer’s data and privacy should always be a top concern, so always follow best practices for your websites.