It’s no secret that search engines drive the vast majority of website traffic. And with the time website owners put into perfecting their SEO, landing on the Google blacklist is near the top of the list for nightmare scenarios of any site owner.
Of course, Google is by far the world’s most used search engine. Because of this, Google utilizes a wide array of blacklist rules to make sure their users are landing on websites Google deems safe.
But what exactly is Google Blacklist? How do you keep your site from falling victim to the dreaded Google blacklist warning?
In this comprehensive guide, we’ll go over what the Google blacklist is and how it impacts Google’s behavior as it relates to your website. As you dive in, you’ll learn the steps you can take to avoid landing on the list.
Keep in mind that blacklisting is a very different situation than when Google deindexes a site.
But for the purposes of this guide, the focus will be on the Google blacklist and what you need to do to avoid it. And if your site has already landed there, we’ll let you know what to do to get off of the list.
1. What is Google Blacklist?
It’s a common misconception that when a user enters a search query, Google immediately searches the live Internet to find the best results for the query.
That’s actually not how the process works.
Instead, when a query is entered by a user, Google searches its own database, referred to as an index, for the most suitable results to the query.
The Google index is what drives every search result.
The Google Blacklist (or, as some call it, the “blocklist”) is a completely different kind of website database that Google maintains. This database is comprised of all websites that Google, other search engines, and even antivirus companies, all consider as unsafe to use for the general public.
Because of the sheer volume of websites filling the Internet, it would be impossible for Google to compile an index of unsafe sites with a manual process. Instead, it employs crawlers, bots, and other proprietary tools that independently explore websites and add dangerous ones to the blacklist index.
With the high number of cyber hacks and malicious attacks happening today, it’s no surprise that Google has been blacklisting (labeling as unsafe) around 10,000 websites every single day. One of the most common reasons a website will end up on the Google blacklist is when it’s hacked and filled with malware, spam, and spyware.
While the website owner may have not been responsible for the hack, they will most certainly be held accountable when their site is added to the Google blacklist.
Of course, there are other times that sites are added to the blacklist by mistake. Either way, there are some very specific steps you can take to prevent it from happening to your site. And if your site has ended up on the blacklist, there are also steps you will need to take to get it removed.
2. What’s the Result of Being Blacklisted By Google?
The simplest answer to what happens when Google blacklists your site is that it will not appear in any Google search results. And if that sounds like a nightmare scenario, it’s even worse when it actually happens.
A site that doesn’t appear in Google search results will immediately suffer from:
- A huge drop in organic site traffic
- A bigger drop in pageviews
- Loss of revenue that results from organic traffic
- A damaged or destroyed reputation
- Countless lost hours spent on SEO
But even worse than that, any user who attempts to reach the blacklisted site by typing the site’s URL directly into their browser won’t even be able to reach this site without a warning. Instead, when your URL is entered, the user will be greeted with an extremely dramatic warning screen telling the user that the site may be unsafe to access.
This screen will be displayed as soon as they type in your URL and hit enter.
When the average user sees this warning, they’ll immediately hit the browser’s back button and proceed on to a different website. Very few Internet users are brave enough to proceed to a website that Google has deemed to be unsafe.
3. How Can You Tell If Your Site Has Landed On Google Blacklist?
The first way to know if your site has landed on the Google blacklist is to navigate to your own URL on a browser that’s not logged in to your WordPress admin console. If the Google warning label appears saying that your site may be unsafe, it’s landed on the blacklist and it’s time to start working on getting it removed (details below).
Beyond that, there are some useful tools you can access that will let you know whether or not your website is blacklisted.
The first tool is Google Search Console (formerly known as Google Webmaster Tools). The Search Console is a simple way to research if your site is still being indexed by Google and showing up in standard user search results.
If you don’t have one yet, create a Google Search Console account. Then verify that the website you want to check is in fact your property.
After that’s complete, you’ll see that your security notifications are in the left-hand menu, located under Security & Manual Actions. This is the area that will alert you if your site has been Google blacklisted.
Now, if you’re already using Google Analytics (or another site traffic monitoring program like Jetpack), another good indicator that your site has been blacklisted is that you notice a sharp and abrupt drop in overall site traffic. This is because your site is no longer appearing in Google searches and users are being alerted to the dangers of your site when they try to access it.
When your site traffic drops without warning or explanation, it has probably been blacklisted.
To find out for sure, you can access any number of tools that will give you the blacklisting status of your site. These tools will even scan your site for blacklists that extend beyond Google:
- WhatIsMyIpAddress.com Blacklist Check
- Google’s Safe Browsing tool
For WordPress users, the best option is the iThemes Security Pro plugin. Not only is this the most powerful security plugin available on WordPress, which will help keep your site off of the Google blacklist to begin with, but it has a built-in blacklist checker in the Site Scanner.
If your site ends up on the blacklist, the Site Scanner will immediately alert you to the issue and you can proceed to resolve it as quickly as possible.
4. Why Does a Website Get Blacklisted On Google?
The most common reason Google will blacklist a website is when one of their bots or crawlers detects suspicious or malicious code coming from the site. If this is happening, there’s a strong possibility that your site has been hacked and is currently spreading malware or other malicious code to your users.
You could also be blacklisted if one or more of your advertising links drive to content that Google deems as unsafe, such as other sites that distribute malicious code and malware. Even if you haven’t purposefully posted advertising links to unsafe sites, often this is exactly what hackers will do after they gain unauthorized access to your website.
For WordPress site owners, it’s important to understand that vulnerabilities in WordPress themes are plugins are the easiest ways for hackers to gain unauthorized access to your site.
Every time you add a new theme or plugin to your WordPress site, you’re adding software to the site that you’re not familiar with. Themes and plugins can harbor dangerous security vulnerabilities. No matter how careful you are with the themes and plugins you add to your site, issues can still arise.
For example, often a plugin or theme developer will abandon their product and stop putting out updates that shore up the product’s security. When this happens, it immediately becomes vulnerable to the attempts of a malicious hacker.
Furthermore, WordPress site owners that don’t continually run the available updates on the themes and plugins they use can also run the risk of coming under a cyber attack. Responsible developers put out new software updates every time a new security threat or vulnerability is detected in their product. Site owners who ignore these updates are putting their entire site at risk.
You may be asking yourself what the motivation is for these hackers to install malicious code on your site? In most cases, the answer is that they’re trying to exploit your site traffic to make money.
In the old days of website hacking, there was a perception that hackers’ goal was to take over an existing website and replace all of the content with their own. Sometimes this was done because a hacker didn’t approve of the content on a website, or they were trying to compete directly with what the site was offering.
In the world of hacking, that one is referred to as defacement.
But today’s hackers have taken things to a new level.
When a modern hacker gains access to your site, they may fill it with hidden links to dangerous sites, litter your comments section with spam comments, steal your data and the data of your users, or run brute force attacks that take your site down completely.
Other times, a skilled hacker will create a site template that looks identical to the site they’ve hacked. Then, they use their own contact forms to collect private data from site users that landed on a URL they thought they could trust.
This type of attack is called phishing. It’s an extremely dangerous type of scam because hackers use it to steal personal login information, bank data, credit card data, and other private information.
A phishing attack can quickly cause a lot of damage to the user who unknowingly gave their personal details to a hacker.
Some hackers will use hacked websites in an effort to trick site users into downloading and installing malware directly on their local workstations. This is often referred to as a Trojan horse because the end-user believes that the download will benefit them, or that it’s required by the site.
Any one of these attacks can be (and usually will be) detected by Google. When that happens, you can expect that the hacked website will quickly be added to the list of 10,000 daily Google blacklist sites.
It’s important to understand that not every issue of blacklisting is a direct result of malicious hacks and attacks, however. In fact, overdoing your SEO could land you on the blacklist as well.
If you’re familiar with SEO basics, you know what’s important:
- Using quality keywords strategically
- Linking to quality, authoritative websites
- Building quality backlinks
Some site owners try to skip steps in the SEO process by doing things like setting up multiple websites that link to each other to improve overall search rankings.
Others overload their content with popular keywords, hoping that Google will notice them and put them on the front page of search results for those keywords.
These practices are referred to as SEO spam, and Google has learned to quickly spot instances like these. Beyond hacks, engaging in SEO spam practices is one of the fastest ways to end up on the Google blacklist.
5. How Can You Avoid Getting On the Dreaded Google Blacklist?
If it’s not obvious by now, the last place you want your site to land is on the Google blacklist. For many site owners, being blacklisted quickly turns into the end of the road for their URL.
After all, even if you’re able to get your site removed from the list, the damage caused by landing there in the first place may be beyond repair. Remember, in any business, your reputation will precede you. And being blacklisted is the fastest way to lose your site’s online reputation.
With this in mind, there are some important steps you should take to avoid landing on the blacklist.
The first thing you need to do is to protect your site’s login form. The best way to do this is by adding CAPTCHA and using two-factor authorization (2FA) for every login to your site.
It’s also critical that your site doesn’t allow weak passwords. Weak passwords are considered any password that uses words that can be found in a dictionary, or that relate to things in people’s personal lives such as:
- Social Security numbers
- Passwords used on other websites
Passwords that are weak can be easily cracked by malicious hackers or even cracked by anyone who has access to your account or your user’s personal data. Always use strong passwords on your WordPress admin account, and make sure you don’t replicate passwords across different websites or WordPress databases.
Password managers are a great tool if you don’t like writing down or trying to memorize strong passwords.
The iThemes Security Pro WordPress plugin features powerful built-in tools that help you easily employ CAPTCHA, 2FA, and enforce strong passwords for all of your site users. These are powerful security features that will help keep your site from being hacked and ending up on the Google blacklist.
The next thing to do to avoid the blacklist is to keep everything updated, at all times. As stated earlier, obsolete or out-of-date themes and plugins are an easy way into your site for hackers. To stay safe from hackers and avoid the blacklist, make sure that all of your plugins and themes have been tested with the current WordPress core version. Then make sure every single one of them is updated to their latest version.
Of course, it’s also important to keep WordPress core up-to-date when new releases are made available.
After this is done, it’s time to start paying close attention to content that your site users are uploading. Your site may end up on the blacklist if it hosts malicious links or other types of spam in your user comments, for example.
Beyond that, sites that allow users to upload their own files may be open to hacks if they don’t limit the file types that the site will allow.
Again, iThemes Security Pro is your best line of defense for these issues. While it’s certainly possible to spend your days combing through your own site looking for hacks and security breaches, why not let your security plugin do that for you?
Lastly, avoid the practice of SEO spamming. Never set up pages or sites that are specifically used for the purpose of linking to a page you want to promote. Follow good SEO practices and your site will rise in Google search results organically.
And of course, you should avoid keyword stuffing at all costs. This includes the use of hidden keywords. All of your links need to be genuine and your keyword use should always be organic.
If you follow these guidelines, you should successfully remain free of the dreaded Google blacklist.
Finally, avoid SEO spamming. This means that you should avoid setting up websites and pages specifically for the purposes of linking to a page you wish to promote, and you should absolutely avoid keyword stuffing and using hidden keywords (outside of the normally visible part of your website). Make sure your links are genuine and your keywords organic.
6. How Can You Get Your Site Off the Blacklist?
Some of you may have landed on this article because you’re already on the Google blacklist. What are you supposed to do now?
The answer depends on the reasons your site was blacklisted. To find out the exact reason, access the Google Search Console and log in to your account. Under Security & Manual Actions >> Security Issues, you’ll be told the reasons your site was blacklisted.
The reason for blacklisting will be one or more of the following:
- SEO spam
- Injected SQL code
Now you know what you need to fix to get the site removed from the list.
If SEO spam is the issue, you’ll be given a clear indication of how to remove the spam links.
If the problem is malicious code, there are two different actions to take.
- Check your site for unfamiliar users or users that have corrupted/compromised accounts. You’ll be able to find them in the Users area of your WordPress dashboard. Remove any users that appear suspicious, then have your genuine users change their passwords by submitting them through 2FA.
- Disable and delete all obsolete themes and plugins. Find suitable, reputable, and up-to-date replacements if they are tools you need.
If you’re dealing with an infected SQL database, you’ll need to manually clean the infected database tables. Make sure you use a WordPress backup plugin like BackupBuddy before you proceed with this process, just in case something breaks.
Lastly, look over your site with a fine-toothed comb to see if you notice any unfamiliar or unauthorized changes. Remove any changes that you didn’t make to the site.
After you’ve performed these actions, return to the Google Search Console’s Security issues table and click on “I have fixed these issues.” then Request a Review.
If you pass Google’s review, your site will be lifted from the blacklist and reindexed in Google search results.
Avoid the Google Blacklist By Using iThemes Security Pro
Most WordPress site owners don’t have the time or resources to constantly monitor their sites for security issues that could land them on the Google blacklist. That’s why it’s so important to use a tool that will do the work for you.
If you’re not yet using iThemes Security Pro for your WordPress security protocol, there’s no better time than now.
Hackers are currently scouring the web at breakneck speeds, looking for vulnerable sites to exploit. iThemes Security Pro is your best line of defense against a malicious attack that will land your site on the Google blacklist.
Get iThemes Security Pro today!
Protect your website, your business, and your customers with iThemes Security.
Download today and protect what’s important.
Each week, the team at iThemes team publishes new WordPress tutorials and resources, including the Weekly WordPress Vulnerability Report. Since 2008, iThemes has been dedicated to helping you build, maintain, and secure WordPress sites for yourself or for clients. Our mission? Make People’s Lives Awesome.