Don’t Panic! How To Fix “The Site Ahead Contains Malware”

by Jos Velasco
Don’t Panic! How To Fix “The Site Ahead Contains Malware” thumbnail

It’s rare that an error message spurs a wave of emotions. But when you open your WordPress site and see, “The site ahead contains malware,” it can feel like the world is spinning.

This scary notice isn’t just a deterrent for your visitors; it’s a big neon sign that your website’s security has been compromised. Oof!

But fear not! The great news is that we can rectify the situation.

Addressing the issue is about more than just removing the warning. It’s also about safeguarding your online reputation, protecting your visitors, and ensuring the integrity of your online presence.

In this guide, we’ll walk you through the process of identifying and removing malware, and protecting your site from future attacks. Take a deep breath — it’s time to get started!

What Does “The Site Ahead Contains Malware” Mean?

DreamHost Glossary


Malware is a type of malicious software that is specifically designed to cause harm to the victim’s computer or server. Most commonly, it’s used to access private information or to hold files at ransom.

Read More

When your browser throws up those dreaded words about malware, it means that a reputable online security service (like Google Safe Browsing, McAfee WebAdvisor, or Bitdefender) has detected something malicious lingering on your site.

This could be a virus, trojan, rootkit, ransomware, or any other nasty piece of code designed to cause chaos and wreak havoc on your digital life.

A red pop-up window shows the warning "The site ahead contains malware"

Google usually uses the warning message, “The site ahead contains malware.” Depending on the underlying issue, you may see one of these alternatives:

  • Deceptive site ahead: Warning placed on phishing websites.
  • The site ahead contains harmful programs: Google thinks the site might trick you into installing bad software.
  • This page is trying to load scripts from unauthenticated sources: The site isn’t secure.
  • Suspicious site: General purpose safety warning.

Some search engines display different warning messages based on how your site has been compromised. Depending on the severity of the threat, visitors may get the option to bypass this warning and proceed to your website anyway.

How A Malware Warning Affects Your Site

Obviously, this isn’t a good look for any website. Very few potential visitors will ignore the warning screen and click through anyway.

But there are even bigger problems to look out for.

Left unchecked, malware can infect your website visitors’ computers and mobile devices. It may attempt to steal passwords, credit card details, and other sensitive personal data. Some strains even allow hackers to seize complete control of your site to further their nefarious objectives.

Other downsides include:

  • Loss of trust: Few things erode a website’s credibility faster than a malware alert. Even if you quickly clean up the infection, the fallout from that lapse in security can linger and cast doubts in customers’ minds.
  • Tarnished brand: When visitors see security warnings, they assume you’re sloppy about security and indifferent to protecting user privacy. And word can spread quickly online.
  • SEO implications: Search engines like Google take malware issues very seriously and penalize infected sites in their search rankings until they remove the malware. This can completely undermine your search engine optimization (SEO) efforts.
  • Lost revenue: Ultimately, these side effects hit your balance sheet.

How To Remove A Malware Infection From Your WordPress Website

That’s enough with the horror stories. The quicker you start fixing the problem, the sooner you can forget about the whole thing!

Luckily, it can be a fairly simple process. Here are four easy steps to cure Google’s “contains malware” warning message and restore your site.

Step 1: Check Your Site Status In Safe Browsing

Many search engines have built-in mechanisms designed to help keep internet users safe. In addition to putting up a warning message, Google protects users by steering them away from infected sites. 
You can verify whether Google has blocklisted your website using the Site Status diagnostic tool.

Google's Safe Browsing site status diagnostic tool

Start by entering your WordPress site’s URL. The diagnostic tool will then run its tests and display a warning if it detects unsafe content.

If it does warn you about malicious content, your site has been denylisted. Given that Google accounts for 60% of U.S. desktop search queries, you need to take action swiftly.

Step 2: Track Down The Malicious Code

Once you’ve verified that malicious software has taken hold of your site, it’s time to track down the offending code and files.

While you can manually look for malware, it’s a time-consuming process that often requires technical know-how. Even if you know what you’re looking for, hackers always come up with new tricks — so it’s tough to manually identify every piece of malicious code.

If you miss some malware, search engines may continue to turn visitors away from your site. This means the hack will continue to impact your traffic, conversions, and search engine results.

In other words, you need to get it right.

Given the complexity of the task, we recommend using a professional malware removal tool or service. Our DreamShield add-on ensures your website is free from every trace of suspicious code.

Against a dark blue and black background, the words 'DreamShield: Keep Your Website Safe with DreamShield' appear in white font

When you add DreamShield to your plan, it immediately scans your site for malware. It then repeats this scan automatically every day. If DreamShield detects an issue, it notifies you via email and your DreamHost panel.

Thanks to this powerful tool, you could resolve a security breach before Google even realizes there’s a problem!

Follow these steps to add and enable DreamShield to your account.

Step 3: Delete The Malware Files

DreamShield routinely scans your site and notifies you about any issues. These notifications tell you how to remove the detected malware. Simply follow the instructions to eliminate the “site ahead contains malware” warning.

If you don’t have the DreamShield add-on, you must remove the malicious files manually. The best approach will vary, depending on the nature of the infection. However, you can often get the job done by connecting to your site via Secure File Transfer Protocol (SFTP) using a client such as FileZilla.

DreamHost Glossary


Secure File Transfer Protocol (SFTP) is a safer version of the FTP protocol that uses a secure shell data stream.

Read More

Carefully work your way through all your site’s files and delete any compromised ones. To speed up the process, look for files with modification timestamps that occurred during the security breach. You might also want to examine ones where the timestamp seems suspicious — for example, files dated after you last edited your site.

Some hackers try to insert code into the .htaccess file. To sanitize this file, connect to your site using an SFTP client. Then, navigate to your public_html directory, which contains the .htaccess file.

A purple box shows where to click for .htaccess in the public_html directory

Delete this file, and then switch over to your WordPress dashboard. You can now navigate to Settings > Permalinks. Then, simply click on Save Changes at the bottom of the page.

A purple arrow points to the blue Save Changes button in the Settings page of the WordPress dashboard

WordPress will automatically generate a new .htaccess file that’s completely free from malicious code.

Get Content Delivered Straight to Your Inbox

Subscribe to our blog and receive great content just like this delivered straight to your inbox.

Step 4: Submit A Review Request

Once you’re confident that you’ve vanquished every trace of malware, you can ask Google and other search engines to rescan your site.

If you haven’t already done so, sign up on Google Search Console and verify that you own the website in question.

The Welcome to Google Search Console page shows two choices: Domain or URL prefix

After claiming your site, log in to the Search Console and navigate to Security & Manual Actions > Security Issues. On the next page, select Request Review.

A warning with a red exclamation mark indicates an issue in the Google Search Console

In the pop-up form, check the box marked All issues were fixed and make sure to explain:

  • What the issue was
  • The steps you have taken to resolve the problem
  • Some proof of your work

Finally, hit Submit Request to finish.

Google will now process your request and send a response to your Google Webmaster account or your Messages in Search Console. This can take a few days to a few weeks.

Assuming you’ve erased all malicious code, Google will remove the “site ahead contains malware” warning, and you can resume business as usual.

For instructions on requesting a review on other search engines, check the webmaster support documentation for those platforms.

How To Prevent Future “Site Ahead Contains Malware” Warnings

Now that you’re back in Google’s good books, it’s a good idea to perform a security audit. In other words, check the walls of your castle.

While no website can ever be 100% secure, there are some preventative measures you can take to strengthen your defenses and tie up security vulnerabilities. Here are some of the most important:

Upgrade Your Password

A strong password is your first line of defense for preventing unauthorized access to your dashboard. Even if you have multiple security mechanisms, a hacker who manages to guess or steal your login credentials can devastate your website.

To start, follow password best practices. Security experts recommend using a minimum of eight characters and a mix of upper and lowercase letters, numbers, and symbols. Then, consider using a password manager such as Dashlane or LastPass.

The top portion of the LastPass homepage asks "Need a Unique, Secure Password?" in black font on a white background

Implement 2FA

Two-factor authentication (2FA) makes your site far less susceptible to password-based attacks, including credential stuffing. If you have 2FA in place, a hacker must pass an additional security check before they can access your website. For example, they may need to enter a one-time PIN sent to your smartphone.

This can be enough of a deterrent to make malicious hackers move their attention to other sites.

Use Secure Hosting

DreamHost Glossary

Secure Hosting

Secure hosting is the practice of protecting your website server from unauthorized access. There are a number of ways to keep your site safe, such as using strong passwords and two-factor authentication.

Read More

Your choice of hosting provider affects the overall security of your WordPress website. Some providers offer excellent protection with extra security features, while others cut corners.

At DreamHost, we apply automatic security and core file updates to every WordPress site to patch any gaps in your defenses. We also enable mod_security by default; this Web Application Firewall (WAF) blocks known HTTP requests. And speaking of protocols, we support HTTP/2 on all managed plans.

For an extra layer of security, grab our DreamShield add-on. This malware scanner automatically checks your site weekly for malicious code.

Backup Your WordPress Site

Some malware infections wipe data from your website. To ensure you don’t lose any content, backup your site regularly.

You can perform backups manually via SFTP, your cPanel file manager, a specialist backup plugin, or your hosting provider. By default, we back up all DreamHost sites automatically every day.

No matter how you do your backups, keep them in secure, off-site storage. You should also test these backups regularly to ensure they can restore your site to full working order if needed.

Get An SSL Certificate

We always recommend installing a Secure Sockets Layer certificate (sometimes referred to as an SSL certificate or secure certificate). This ensures you transfer data via Hypertext Transfer Protocol Secure (HTTPS) instead of Hypertext Transfer Protocol (HTTP). 

Encrypting your data makes it much harder for an attacker to obtain information they can use against you. That’s why all our hosting plans come with a free SSL/TLS certificate.

Install Security Plugins

Just as you might run antivirus software on your PC, you can protect your WordPress site using specialized security plugins.

These tools introduce features like secure login, firewall protection, and security auditing. Many are free to install, with advanced tools tied to a premium plan. Check out our list of must-have WordPress plugins to see your best options.

Practice Safe Browsing

As a general rule in life, avoid clicking on questionable links. At best, they might take you to the dark side of the web. At worst, they could harbor infected files.

While harmful software can’t directly affect your WordPress site, a virus could give hackers an entry route to your site. The same goes for browser extensions and harmful content distributed through links in phishing emails.

Choose your Wi-Fi connection carefully to manage your WordPress site away from home or the office. Many public networks are insecure, and some are even set up by hackers to collect sensitive information. If you have to use an unknown network, run a VPN to keep your connection secure.

Use Plugins And Themes From Trusted Sources

Some third-party vendors offer WordPress plugins and themes for free. While these offers might sound tempting, malicious websites occasionally spread malware through such downloads.

It’s safer to stick with the official WordPress Plugin Directory and Theme Directory, or trusted sources of third-party plugins and themes.

In addition, look for products that receive regular updates and have good user reviews. These are both indicators of reliability and security.

Track User Activity

Ideally, you want to stop hackers from gaining access to your site at all. But this isn’t always possible. The next best thing is to detect unauthorized access before the damage occurs.

Using plugins like WP Activity Log, monitor login attempts and user activities for warning signs. For instance, an unusual spike in login attempts from foreign IP addresses could indicate a brute-force attack or some other malicious activity.

The WP Activity log plug-in screen shows a green banner and a blue download button

Early detection allows you to respond swiftly, potentially preventing attackers from injecting bad code or creating backdoors. At the very least, you can set your malware removal service on the case.

WordPress Malware FAQs

Cybersecurity is a complex subject. If you still have questions about malware, warning messages, or WordPress security threats, we have answers.

What does the “deceptive site ahead” warning mean?

The deceptive site warning is an alternative to “The site ahead contains malware.” Along with malware, spam links, suspicious downloads, pages linked with phishing attacks, compromised SSL, and other deceptive content can trigger this warning.

How do I get rid of advanced malware?

If your security scanner hasn’t effectively removed all malware from your WordPress site, you can attempt manual removal. (Note: Be careful here. It’s easy to mess up your site!)

Search the files on your site for lines of code starting with script=> or iframe src=URL>. These are telltale signs of malware, particularly when the URL links to somewhere you don’t recognize.

As a last resort, consider reinstalling WordPress. To do this:

  1. Grab a fresh copy of the CMS from WordPress.
  2. Unzip the download file.
  3. Delete the wp-config.php file and the wp-content folder.
  4. Upload all the other files to your server via the cPanel File Manager or your FTP client.

You could also contact a professional recovery service. This is always the safest approach if you aren’t confident about what you’re doing.

Why is my computer saying every website is unsafe?

There are two common causes of this problem:

  1. Your device’s time or date is incorrect, triggering certain security checks. Check your system settings to fix this.
  2. Your device’s security software is interfering with your browser. To troubleshoot this issue, check the support pages of your chosen browser.

Secure Your Site With Better Hosting

Any warning message on your site is likely to set the alarm bells ringing in your head. The “site ahead contains malware” screen is one such warning.

As we have established, this alert isn’t a reason to panic. If you follow four key steps, you’ll clear the message quickly and your site will ride high once again:

  1. Check your site status
  2. Use a malware removal tool
  3. Delete the malicious files
  4. Submit a review request

If you want to reduce the chances of your site falling victim to malicious hackers, we’re here to help. At DreamHost, all our plans come with key security features, and our in-house team of experts is available 24/7 to help with technical issues. And WordPress plans start at just $2.59 per month.

Sign up today to start unlocking the benefits of secure, reliable hosting.

Ad background image

Power Your Website with DreamHost

We make sure your website is fast, secure and always up so your visitors trust you.

Choose Your Plan

Jos Velasco is a WordPress Professional Consultant at DreamHost. His responsibilities include helping with advanced WordPress cases, creating training material, and identifying trends impacting the WordPress community. In his free time, he enjoys climbing mountains, eating healthy, and watching drama movies. Follow Jos on LinkedIn: