You've made every effort to build a secure website that engages visitors. Unfortunately, all that effort can quickly be undermined by a simple yet alarming message from Google: "This site may harm your computer."
The "may harm your computer" prompt functions as an important warning from Google to potential website visitors: all signs suggest that malware is a current concern for your website.
This message is displayed directly beneath Google search results. Upon observing this warning, most search engine users will avoid visiting your site and opt for a competitor without a warning message instead. As such, it is absolutely imperative that you determine the cause of the warning — and resolve those issues — as quickly as possible so you can return your search results back to normal.
Determining the source of any given warning message can be incredibly difficult, for when it's displayed in search engine results, this warning may appear incredibly vague. While other warnings may specifically tell users that they're about to encounter malware or phishing attacks, "this site may harm your computer" acts as a blanket statement meant to caution users against a myriad of potential concerns. It's wise to watch for these key issues:
Google's Search Help resource explains that the "harm your computer" warning is most likely to appear when there are clear indications that the site in question will "allow programs to install malicious software on [the user's] computer."
Google's experts add that these unwanted programs may steal credit card numbers, passwords, or other sensitive information — or, at minimum, slow down the user's computer. Chances are, if this catch-all warning appears, Google has detected malicious code on your site.
While Google has a specific warning message meant to address phishing attempts, it's possible for the general "harm your computer" prompt to appear when these are at play. Blacklisting is common when redirects on your site send users to phishing sites or if users report your page on Google Safe Browsing.
Phishing is just one of many issues that can prompt users to report websites via Google's Safe Browsing resource. Issues such as social engineering are also common causes for concern.
As Google notes, there are also occasions in which a "legitimate page where Safe Browsing is incorrectly displaying a warning." Either way, the result could be a generalized warning for future users that the website in question has been deemed unsafe to browse.
Warning messages can have a devastating impact on your SEO results and general website traffic or conversions. The sooner you get these warnings resolved, the better.
You'll also want to take a close look at any underlying issues that may have prompted the warning in the first place, as these could prove devastating for any users who do ultimately end up at your website. Follow these steps to get started:
Have you noticed any concerning developments on your website? Did you recently implement any themes or plugins that may have caused problems? Any changes — whether you regard them as positive or not — should be viewed with a healthy dose of skepticism.
Verifying your website grants you greater control as you troubleshoot concerning messages or otherwise monitor how your page is displayed in search results.
To begin the verification process, create a Google account. You can use this to sign into the Google Search Console. From there, follow these simple steps:
Use the "Add a Property" button to enter your website's URL.
Visit the "Recommended method" tab and download the highlighted HTML verification file.
Use an FTP client to access your website's server. Upload the file to the root directory.
Finally, click "Verify" on Google Search Console.
When in doubt, website scanning is the best option to reveal the central problem behind most "harm your computer" messages. Daily scanning is important even when you don't suffer such messages, as it can promptly reveal malicious code before it causes excessive damage. Look to a trusted website scanning solution to determine where hidden problems may exist.
Once your malware scanner has uncovered infections or vulnerabilities, it's time to take action. Malware removal services can stop infections in their tracks, ensuring that suspicious items are removed not only from your website but also, from the publicly visible source code.
The removal process can be surprisingly complex, as it may call for the identification of specific syntax. What's more, the vulnerabilities that underscore the malware must be addressed, or it will become an ongoing issue.
Before it removes warnings, Google will need clear indication that you have addressed underlying concerns. Once these have been fixed, you can request an additional review. You'll need to submit extensive details about how, exactly, the problems have been addressed.
Keep in mind that, in the process of reviewing your website, other issues could be detected — so it's important that you address all concerns, not just those specifically highlighted by Google in the past.
Keep an eye on Google Search Console, where you will find updates on your website security concerns. Positive feedback doesn't necessarily mean you're safe; it will still take a concerted effort to prevent future issues from damaging your search engine presence. Continue to use Google Search Console to gain insight into general security and performance.
Once you have removed "this site may harm your computer" messages and other warnings, you will want to take the steps needed to avoid these in the future. Thankfully, prevention can be a lot easier than mitigation, particularly when you have security services on your side. Follow these best practices to keep your search results pristine:
Prepare for the worst-case scenario with regular backups, which allow you to restore your site to previous versions. This provides an expedited approach to dealing with security concerns, which can be helpful if you're determined to find a timely solution to a "this site may harm your computer" warning.
Outdated plugins and themes are often to blame for malware infections. Ensure that these are consistently updated to address the most recent security developments.
Strategic selection is also important; avoid nulled themes and plugins whenever possible, as these will make your site a lot more vulnerable. Your content management system (CMS) also calls for frequent updates, as infections can strike the core. Automatic updates should keep you on track — daily scanning is the gold standard these days.
SSL and TLS certificates verify website ownership while also providing powerful protection for users. Designed to establish encrypted links between browsers and servers, these should not be overlooked as a key tool for keeping your website secure and in Google's good graces. As you seek these essentials, be sure to opt for a trusted certificate authority — and to seek a sufficient level of validation for your website(s).
Should your website suffer an infection, you will want a prompt solution to reveal hidden issues and get them taken care of quickly. Antivirus and anti-malware protection provide a strong layer of security against spyware, Trojans, and all kinds of other issues.
Scans should run in the background to keep your web page in great shape — and to ensure that you are aware of any new concerns. Skip the anti-malware plugins, as these can also become infected. A website security plan is a preferable alternative that provides strong protection without compromising your site's resources.
A web application firewall (WAF) is a must for modern digital security. This functions as a powerful filter, capable of monitoring and assessing traffic — and blocking it, when needed. Upon implementing a strong WAF, your website will be better protected against injection and DDoS attacks.
Hosting providers are an oft-forgotten source of security issues. The desire for an affordable provider is understandable, but this is the ultimate example of "you get what you pay for."
Shared hosting can leave you vulnerable to the very malware infections that plague the server's other sites. If, despite implementing the strategies highlighted above, you continue to encounter malicious content or receive warning messages from Google, it may be time to switch to a better provider.
The right security plan can make a world of difference for your site. If you're concerned about warning messages from Google or determined to keep hackers and bots out of the picture, it's time to up your security game. SiteLock offers a variety of solutions that deliver the layered protection you need.
Start off on the right foot with your new site - learn how to build a secure website.