Google Ads Disapproved Due to Malicious or Unwanted Software: How to Fix It
Google Ads, formerly Google Adwords, is a powerful digital marketing tool that can get your message, service, and products in front of a large audience online. With a carefully targeted Google Ads strategy, you could easily attract attention from customers or clients who are strongly motivated to convert.
Unfortunately, there are some major caveats and often a significant learning curve. One of the biggest concerns? Google's security policies. While these policies help ensure a safe user experience, it also means your ads may be disapproved if your landing page is flagged for malicious or unwanted software. Even unintentional violations can cause suspended ads, damage your SEO efforts, and harm your brand’s trustworthiness.
This guide will help you understand the reasons why your ads might be disapproved, how to identify and remove malicious software, the steps you can take to communicate effectively with the Google Ads Support team, and how to prevent future issues. Keep reading to discover why ads are disapproved and what it will take to maintain a secure, policy-compliant website.
Google Ads policies on malicious & unwanted software
Google Ads strives to be, above all else, useful, relevant, and safe. To achieve that, it has developed extensive policies to prevent abuse of its ad network. Malicious software (malware) or unwanted software on your landing pages are key factors that can lead to disapprovals.
What is malicious software?
According to Google, malware is any software that aims to harm or gain unauthorized access to a device or network. Common examples include:
Viruses, spyware, ransomware, and rootkits
Forced redirects to infected sites
Phishing schemes for credential theft
Automatic downloads without user consent
What is unwanted software?
This refers to applications or programs that, while not always outright malicious, behave deceptively or adversely affect the user’s browsing experience. Common signs include:
Not clearly explaining what the software does before installation
Bundling software without user knowledge
Making it difficult or impossible to uninstall
Misrepresenting what the software actually does
Google’s automated systems can flag any malicious or unwanted software associated with your site. Even small security oversights can trigger warnings and lead to the disapproval of your ads.
Identifying malicious or unwanted software
It’s best to proactively identify malware or unwanted software before it affects your Google Ads. Fortunately, there are several tools available to help you stay one step ahead of potential threats:
Google's Safe Browsing Tool: As the ultimate blacklist service, Google's Safe Browsing provides an extensive (and frequently updated) list of web resources that might contain malware or otherwise prove unsafe for everyday visitors. One of the easiest ways to determine where you stand with Google is to complete relevant searches and check whether Safe Browsing provides warnings. Examine the Transparency Report to get details about the various threats identified through Safe Browsing.
Google Search Console: Monitor your site's digital presence with Search Console, which provides not only traffic data but also relevant alerts when security concerns are detected. Known as the Security Issues report, this resource should reveal the presence of hacked website content, malware, and social engineering. While it may prove difficult to reproduce warnings, this is reliable as "the source of truth to verify whether any security issues exist for your site or if they have been fixed."
Third-Party Security Tools: Aside from Google, a variety of services provide security solutions that help you identify and deal with malware early on. While it's possible to manually scan for issues, a malware scanning service will expedite the process and can even run in the background to prevent future problems.
Common reasons for disapproval
When Google detects issues, it may provide only vague reasons for disapproval. Below are some of the most common triggers that can cause your ads to be rejected:
Embedded Malware or Malicious Scripts: Any code injected into your landing pages that harms users or their systems.
Unwanted Software or Forced Downloads: Bundling undisclosed software, prompting auto-downloads, or making it hard to uninstall.
Misrepresented Content: Ads or landing pages that promise one thing but deliver harmful or deceptive experiences.
If your ad is disapproved and you suspect malware or unwanted software, it’s time to dig deeper.
How to perform a comprehensive security scan
Before you contact Google Ads support or appeal disapproved ads, you need to verify that your website is clean. Below are the key steps you should take to perform a thorough security scan:
1. Check Recent Changes: Review code changes, recently installed plugins, or themes that coincide with the timing of your ad disapproval. Identifying when and what changed can help narrow down potential infection sources.
2. Use Google Search Console: Check if your site is blocklisted or has security warnings. If so, follow the steps provided in the Security Issues report to address these problems.
3. Run Malware Scans: Use a reputable security service to run deep scans of your files, database, and source code. Automated scans can quickly pinpoint known malware variants and suspicious behavior.
4. Review the Results & Identify Infections: If scans show infected files, malicious redirects, or unknown scripts, take note of them. Pay particular attention to obfuscated code or files modified recently without authorization.
Communicating with the Google Ads support team
If your site is flagged and you need more clarity, reaching out to Google Ads support can provide additional insights. Here are a few ways to get in touch and what to prepare before contacting them:
Google Ads Help Center: Start at their help center for general information and to access community forums.
Contact Options: Reach out via the “Contact Us” feature on the Help page, engage in a LINE chat with an account manager, or call Google Ads support directly at 1-855-607-0431.
Before contacting the Google Ads support team, make sure you’re ready to explain all of the steps you’ve taken to secure your site. The more information you can provide, the easier it will be for Google’s support team to guide you through the reapproval process.
Effective ways to remove malicious software
Once you’ve identified the issues, the next step is complete removal. This process may be manual or automated, depending on the complexity of your site and the type of malware you’ve encountered.
Immediate Steps to Take: Before you dive into cleanup, place your site in maintenance mode to minimize exposure. Create a backup of your current configuration in case you need to revert. Look for suspicious code, odd file names, or anything that doesn’t belong on your server.
Manual Removal: If you’re comfortable working with files, you can use cPanel’s File Manager or an FTP/SFTP client to remove or replace infected files. Be thorough and methodical. Malicious software is notorious for being installed on systems in highly conspicuous ways so checking for hidden backdoors that attackers could use to reinfect your site is crucial.
Automated Services: If manual cleanup seems daunting, consider using an automated malware removal service. Tools like SiteLock’s scanner and removal features can identify and delete malicious code. We also offer security solutions for WordPress and other top content management systems to achieve real-time malware detection and protection.
Utilizing backups & preventing reinfection
Once the malware is gone, you’ll want to make sure it doesn’t return. Implementing a solid backup strategy and hardening your website are crucial next steps.
Use Backups: If you have clean, recent backups, use one to restore your site to a previous state. After restoration, run another scan to confirm it’s now safe. Regular, off-site backups ensure you can quickly roll back to a stable version of your site if it’s ever compromised again.
Harden Your Website: Taking the time to secure your site after a cleanup helps prevent future problems. Consider these best practices:
Keep Software Updated: Regularly update your CMS, plugins, and themes.
Use Strong Passwords & Limit User Access: Enforce strong credentials and remove unnecessary accounts.
Install SSL/TLS Certificates: Encrypt data and increase user trust with SSL/TLS certificates.
Prevent Directory Browsing & Hotlinking: Restrict access to sensitive files and reduce exposure to the user’s browser.
Run Regular Scans & Use a WAF: Daily scans, automatic backups, and a web application firewall help you stay vigilant.
Getting your Google Ads approved after cleanup
Once you’re confident your site is secure and compliant, it’s time to request re-approval of your ads. Follow these easy, step-by-step instructions in Google Ads:
Log In & Go to Disapproved Ads: Find the affected ads within your account.
Review the Disapproved Status: Hover over the “Disapproved” label to see details and confirm the reason.
Submit an Appeal: Select the ads you’ve fixed, click “Edit,” then “Appeal policy decision.” Indicate that you’ve made changes to comply with the policy.
Wait for Review: Most appeals are reviewed within one business day, though complex cases may take longer.
Ensure your site is clean and policy-compliant before appealing. Multiple failed appeals may limit how often you can request reviews in the future.
Proactive measures to prevent future disapprovals
Staying ahead of attackers and compliance issues ensures that your Google Ads stay active and effective. Consider these proactive steps:
Implement Automated Security Services: Utilize tools for real-time scanning, patching, and WAF protection.
Maintain Routine Maintenance: Update software, review file integrity, and continuously monitor for vulnerabilities.
Practice Transparent Download Policies: Ensure downloadable content is clearly labeled, legitimate, and doesn’t bundle unwanted software.
By following these guidelines, you’ll not only keep your ads running smoothly but also maintain a safe, trustworthy website that visitors can rely on.
Proactive measure to prevent Google Ads disapproval
Consider partnering with a trusted website security provider like SiteLock to strengthen your cybersecurity protocol. Our automated services include malware scanning, vulnerability patching, web application firewalls, and website backups, enabling you to respond swiftly and effectively to any Google Ads alerts.
Proactively implementing our security solutions can also minimize the risk of future Google Ads issues. Vigilance is essential, and SiteLock helps you maintain it. Explore our full range of security services to learn more.