How to Fix “This site ahead contains harmful programs” Error in WordPress?

How to Fix “This site ahead contains harmful programs” Error in WordPress?

Are you stuck with “This site contains harmful programs” error on your website? This error commonly means that your website is hacked by bots and Google has listed it insecure.

In this article, we will tell you how to resolve “This site ahead contains harmful programs” error in WordPress.

Why “This site ahead contains harmful programs” error occurs?

There are two most commonly known reasons why this error occurs. These errors warns visitors to be careful.

1. Your Website is hacked or has a malicious code: This may lead to creating a malicious web all over the internet. The code will spread itself from the hacked website to site visitors and can spread to other websites.

2. Showing ads from low-quality advertising networks: These networks may sometime display ads linking to websites spreading malicious code.

How to scan your WordPress site for malicious code?

Here are the ways you can scan your WordPress website for any malicious code.

Free and Paid WordPress Plugins

There are both free and paid plugins available to scan your WordPress site for malicious code. It is always better to keep a safe side. Do check your website health on daily basis.

Here, we will show you a few tools that will help you scan your WordPress site for potentially malicious code.

1. Theme Authenticity Checker (TAC)

2. Exploit Scanner

3. Sucuri

4. Wordfence Security

5. Centrora WordPress Security

6. Anti-Malware Security and Brute-Force Firewall

Check your site using Google’s safe browsing analysis tool

Google safe browsing is a Google Service that lets website owners check their website against Google lists of unsafe web resources (phishing and deceptive sites). Google Safe Browsing do the following activity:

1. Check your page against the threats.

2. Warn users clicking any deceptive site.

3. Prevent users from posting links to infected pages.

All you have to do is add your domain name as the query parameter to the URL like https://www.google.com/safebrowsing/diagnostic?site=YourSiteDomain.com

Now you know why the error occurs, let’s fix the error.

Fixing “This site ahead contains harmful programs” error

Removing bots and recovering a site can be a very fuzzy task. You will find the malware keep coming back to your site and this is because of the backdoor placed on your site. You have to completely remove the backdoor placed on your site so that it will not come back again and again.

Note: Before you start, just make a complete backup of your website.

What is Backdoor?

Backdoor is the process of bypassing the authentication and trying to access the server remotely while remaining undetected. Now, finding the backdoor is a task in itself.

How to Find a Backdoor in a Hacked WordPress Site and Fix It?

Backdoor on a WordPress install are most commonly stored in the following directories:

1. Themes

2. Plugins

3. Uploads Directory

4. wp-config.php

5. Includes folder

In all the cases, the backdoor was altered to look like a WordPress file. For example: In one site, the Backdoor was in the wp-includes folder, and it was called wp-user.php ( there is no file called wp-user.php in wp-includes folder ). There is user.php, but no wp-user.php in the /wp-includes/ folder. You may check for the names like wp-content.old.tmp, data.php, php5.php.

It can also be a .zip file. Mostly, these files are encoded with a base64 code that performs all sort of operations like add spam links, add additional pages, redirect the main site to spammy pages etc. Cleaning a Backdoor is as simple as deleting the file/folder or removing the code. However, the difficult part is to find it.

Plugins Directory

The easiest or you can say the best thing to get rid of it is delete your plugins folder, and reinstall your plugins. Yes, this is the only way you can be completely sure unless you have to spend a lot of time on fixing it manually.

wp-config.php file

Compare your wp-config.php with the default wp-config-sample.php file. If you find anything out of place, then resolve or get rid of it.

.htaccess File

Sometimes the hackers usually add redirect code in the .htaccess File. You Just need to delete the file, and it will recreate itself. If you are facing any issue creating the .htaccess File. Go to your WordPress admin panel. Choose Settings >> Permalinks. Click the Save button there. It will recreate the .htaccess File.

Delete Inactive Themes

Mostly inactive themes are targeted by the hackers. The best thing to do is delete them. If the Backdoor was there, then it is gone now. Be Happy! You just saved yourself from a big crash.

Database Scan for Spam

Hackers are smarter in their job, they never have just one safe spot. Targeting a database is a very easy trick. They can easily store their code( malicious code ), may be any kind of PHP function, any administrative account, spam links etc in your database.

If you are not familiar with the SQL Commands, then you probably use one of the scanners plugins to do the work for you. Once you are successfully done with removing the Backdoor, you will still need to check all your files and database for any wicked code.

Getting The Warning Removed by Google

Once you know that your site is clean, then you can ask Google to remove this warning from search results. You will need to use Google’s Webmaster tools for that. If you have not already added your site to webmaster tools, then add your WordPress site to Google webmaster tools.

Google Webmaster Tool Dashboard

You need to click on the security issues in webmaster tools. This will show any security issue Google may have found on your site. Once there, you need to click on the security issues section in webmaster tools. You will get a warning about the Harmful content.

It also tells you about all the details and page URLs for which your site was actually phishing. Once you have fixed the issues, click on the checkbox and request a review.

It will take about 48 to 72 hours to complete the review and take action on your site. You will receive an Email from Google about the successful review. In case you do not see any security issues in Google Webmaster tools, then you should Report Incorrect Phishing Warning.

Report Incorrect Phising Warning

Hope, this article helped you in fixing the issue.