Blacklisting is a practice that flags websites with malicious content to prevent users from accidentally downloading malware. However, search engines and antivirus vendors could blacklist your site as a result of a cyber attack. This can have a negative impact on your site’s reputation and visibility.
On the internet, credibility is everything. If visitors can’t trust your site, they won’t risk using it for fear of accidentally downloading malware or putting their information at risk. When your site is ‘blacklisted,’ visitors will have good reason to believe they should steer clear.
However, blacklisting doesn’t have to spell doom for your website. There are a number of steps you can take to get back on the web’s good side if a search engine or antivirus vendor has flagged your site.
In this post, we’ll discuss what blacklisting is and what purpose it serves for website users. Then we’ll share steps on what to do if your website is blacklisted. Let’s get to it!
An Introduction to Blacklisting and Its Purpose
Blacklisting is the practice of maintaining a list of websites believed to contain malware. Search engines (such as Google and Bing) and antivirus vendors (including McAfee, Norton, and others) keep blacklists so they can warn users when they’re visiting a potentially harmful website:
Normally, this is a helpful practice. It protects innocent internet users from accidentally wandering onto a site that downloads malware onto their device or steals personal information. However, there are cases when well-meaning sites also end up on a blacklist.
Usually, this occurs when a website has been hacked. If the attacker has placed malware on a website without the site owner’s knowledge, the site could become blacklisted even though the owner has done nothing wrong on a technical level.
This is problematic for a few reasons other than the obvious. Firstly, visitors will see warnings when they access your website advising them to leave. This increases your bounce rate and hurts your site’s reputation.
Additionally, search engines tend to penalize blacklisted sites, lowering their visibility. This could have lasting negative effects on your organic traffic level and conversion rate. As you can see, blacklisting can quickly ruin a site.
If your site is on a blacklist due to a cyber attack, these repercussions may seem unfair, though they’re ultimately in place to protect end users. The best thing you can do is implement solid security measures to prevent hackers from planting malware on your site.
What to Do If Your Website Is Blacklisted (5 Recovery Actions to Take)
Unfortunately, if your site has been blacklisted, its reputation and Search Engine Optimization (SEO) have probably already taken hits. Rebuilding after suffering these negative effects can be extremely difficult. However, it’s entirely possible to rescue your site from failure.
Step 1: Determine Your Blacklist Status
If your traffic levels have dropped for seemingly no reason, or your search engine rankings have dropped, it’s worth checking whether your site is blacklisted. A quick and easy way to do this is using Google’s Safe Browsing site status tool:
Simply type in your URL and run the test. However, this tool only checks Google’s blacklist. For a more complete evaluation of your site’s status, you might want to look into VirusTotal:
This tool checks your site against 67 blacklists to determine your status. If one or both of these tools return a warning that your site has been flagged, you know you’ve found the source of your problem.
ManageWP users also have the advantage of our free Security Check feature. You can check whether any of your sites are blacklisted by navigating to Security > Web Trust on your site’s dashboard:
Here you’ll see a list of authorities with blacklists and your site’s status with each of them, and it’ll be obvious if there’s an issue for you to solve.
Step 2: Remove Malware from Your Site
Assuming there’s work to do, you’ll firstly want to remove any malware present. Fortunately, there’s a great solution that can help you with this task.
Sucuri is a popular and effective WordPress security plugin that also powers our ManageWP Security Check feature. As such, you can use the plugin or your ManageWP account to conduct malware scans on your website:
The free version also includes blacklist status monitoring and some basic post-hack resources. If you sign up for a premium account – starting at $199.99 per year – you’ll also gain access to more advanced malware removal features.
Alternatively, you may be able to remove the malware manually by simply restoring an uninfected backup or replacing affected files with fresh copies. However, this can get tricky, and you might end up worse off trying to fix the problem on your own. If you can afford it, you may be better off hiring someone to remove the malware for you.
Step 3: Submit a Report and Wait for Your Site to Be Whitelisted
Once your site is clean, you can submit a report to the search engine or antivirus vendor that blacklisted you. This may vary depending on which authority’s blacklist you’re on, but we’ll use Google as an example.
In order to put in your request, you’ll need to have a Google Webmaster’s account and have verified your site in Search Console. Log in, then navigate to the Security Issues section.
Here, you’ll see notifications regarding any hacker attacks, malware, or other issues Google has detected on your site. If you’re sure you’ve fixed the problem, you can click on the Request a Review button in the relevant notification.
You can also navigate to Manual Actions and request a review there instead. However, you’ll need to include a detailed explanation of how you’ve fixed the problem, and how comprehensive you make it could affect whether it’s successful or not.
Once you’ve submitted your report, all you can do is wait. In some cases, it may take as long as a month for a search engine or antivirus vendor to remove your site from their blacklist.
Step 4: Increase Your Security Measures to Prevent Future Blacklisting
While you’re waiting for a decision, it’s wise to start implementing some tougher security measures to prevent future attacks. If you used Sucuri or ManageWP as outlined earlier, you’ve already added helpful security features to your site.
However, there’s more you can do. First, make sure to always update your WordPress installation, plugins, and theme as updates often patch vulnerabilities and can prevent hacks.
You might also consider looking into installing a Web Application Firewall (WAF) for your site. This can help deter malicious traffic from your site to prevent attacks. Many popular WordPress security services have a WAF, although very few are of the preferable ‘server-side’ variety – Sucuri is.
Finally, make sure you’re following standard WordPress security best practices, including:
- Using secure passwords.
- Logging out of your admin area when it’s not in use.
- Requiring Two-Factor Authentication (2FA) from users who create accounts.
- Changing your WordPress site’s settings to log out idle users.
- Maintaining strict permissions to avoid file editing or other changes.
- Monitoring your site with an activity log.
Getting off a blacklist isn’t productive unless you stay off of it. If a cyber attack is what got you onto one or multiple blacklists, improving your security is a must.
Step 5: Rebuild Your Site’s Reputation and Visibility
The hardest part of recovering after your site has been blacklisted is rebuilding your reputation. This is key if you’re going to restore your traffic levels and regain lost users.
The best approach in this situation is to be open and honest about what happened. Take to social media, your blog, and any other outlets you have and explain how you learned you’d been blacklisted, hacked, and infected with malware.
You’ll also want to share what you’ve done to solve the problem, and how you plan to prevent it from happening again. If you’re upfront about your situation, people will likely be understanding and willing to give your site another shot.
If it’s possible that users were negatively impacted by the cyber attack, make sure to reach out and make amends as well. Reassuring them that their data is safe with you going forward – and following through on that promise – is the best thing you can do to repair your relationship.
As far as visibility goes, you’ll want to pull out all the stops when it comes to SEO. It will likely take time to get your rankings back up, but high-quality performance, keyword research, avoiding spam, and other best practices can go a long way.
Conclusion
Blacklisting isn’t a bad thing. It helps keep internet users safe when they’re browsing. However, if your site is put on a blacklist as a result of a cyber attack, you could suffer severe consequences despite having done nothing wrong.
This post has looked at how to cope if your website is blacklisted. Let’s recap the steps quickly:
- Determine your blacklist status.
- Remove malware from your site.
- Submit a report and wait for your site to be whitelisted.
- Increase your security measures to prevent future blacklisting.
- Rebuild your site’s reputation and visibility.
Do you have any questions about blacklisting or what to do if your site ends up on a blacklist? Let us know in the comments section below!
Feature Image Credit: Pexels.
Gabriele
For information, there is an error, step two is indicated twice, it is double. 🙂
Marko Tanaskovic
I’ll jump in to fix it right away. Thanks for reporting Gabriele. Appreciate it!