Security warnings in Google Search Console (GSC) can be scary. Your site can be flagged for hosting malware, unwanted software, or for being hacked. This can cause serious problems for your organization or business. Google Search Console security warning probably means your site is harming users, which can lead to Google taking action against your site, either algorithmically or manually. Your site can be labeled in the SERPS as being hacked or being a site that contains harmful software or programs. Users might see the red screen of death in their browser while trying to visit your site. This can create serious barriers between users and your website. Many users won’t attempt to visit your site again because of the buzz in the news about sites infected with malware, hackers, phishing and more.
When users are scared of using your site, it means you can’t convert them, which will affect your revenue growth. GSC security warning is an extremely frustrating, terrifying and confusing situation for many businesses, both large and small.
Google Site Suspension in Adwords
If your site gets flagged by GSC, your AdWords account can be suspended, so you won’t have air cover from paid search. The “Site suspended” message will show up in AdWords UI. This is pretty terrifying. To learn why your site was suspended in AdWords, click on the question mark icon, which will display the horrifying message “Malware.” From the warning in the “Policy details” column, you can click a link to learn more. The link leads to a page that explains all about malware and AdWords. The documentation provides some quick tips on how to handle that situation and provides a link to the GSC support documentation for cleaning a hacked site.
How to Deal with a Google Security Warning
Don’t panic. Stay calm, and gather your team to strategize a plan to counter the problem. Gather your IT team, your marketing team and SEO team. Inform them of the problem—be direct and move quickly to clean the malware situation as soon as possible. Have your search team call AdWords immediately to talk about the situation. The urgency here is to track down the security issues on the site. Involve the marketing team as well to get to the root of the problem fast.
The purpose here is to track down the core security issues of the site and rectify them as quickly as possible. GSC will provide URLs that are infected with malware, holds malicious content and so on. Work with your technical team to clean malware or malicious content from the site and to seal any security holes to prevent the problem from happening again.
Once you are sure that you have fixed the problem, request a review from the GSC, providing a step-by-step account of the situation—what you did to clean up the problem and any other relevant information you think might be of help. Be patient for a response as Google can respond after a couple of days. If your site is approved again, it can take up to 72 hours for security warnings to be removed from GSC, for messages to be removed from SERPs and for your AdWords account to be reinstated. As you can see, it is usually a several days process.
Google Security Warnings Can Affect Hostnames and Subdomains
If you are a large company, there might be some subdomains sitting out there, which you may not know about. When you receive a GSC security warning, your core site is not the only affected “site”. Any subdomain you have can be affected as well, and those rogue subdomains can bubble up to your root domain. Furthermore, hostnames related to your root domain can also be infected with malware. Your AdWords account can also be impacted by your rogue subdomains or hostnames that get infected.
It can be a really big challenge to you if the rogue subdomain or hostname is new to you, and if your team has no idea why it is there, and nobody doesn’t have an idea how it got infected or how to clean it. Some google malware warning can be out of a company’s control since the root of the malware can be on a number of hostnames, on a rogue subdomain or at cryptic URLs that had no linkage at all to the core website. Google malware warning can show up in every “site” related to the root domain, which would eventually affect AdWords account. Problematic URLS can be cleaned up but you find more URLs are being infected. It can be a hard problem to solve based on a site technical setup.
What to Do about Google PPC Suspension
Though it can be terrifying, your focus should be on how to act promptly and how to avoid this happening again. First, know your site and all the subdomains that are active. Do not get blindsided with malware on a rogue subdomain that nobody in the organization knows about. Confirm all variations of your site and subdomains in GSC. Doing so, you will receive a boatload of information directly from Google, which includes security warnings, messages and more. Have your IT and SEO team work together promptly to track down malware or problematic URLs. Have your paid search team contact AdWords directly. Promptly pursue the issue to solve as this way the more quickly your AdWords account can be reinstated. If you’ve faced a unique and problematic situation of affected hostnames and subdomains, work with your security team on both a short-term and long-term solution. The short-term solution involves getting the google malware warning cleared quickly and getting your AdWords account reinstated. To prevent the problem from happening, solidify your security team now to provide robust defenses now to prevent any future problems. Discuss with the team about the problem you just solved so everyone understands roles and responsibilities.
Companies can get blindsided when malware strikes since warnings can bubble up from hostnames and rogue subdomains to the root domain, and then to AdWords account. When it does, both organic and paid search traffic suffer. That is why it is important to prevent the problem before it strikes. Form a robust team, along with a protocol for handling security problems. This is the best way to avoid long-term problems associated with Google malware warning.