Request a review

You must request a review from Google to have your page or site unflagged as dangerous or possibly deceptive to users.

You'll need the following:

  • Knowledge of shell or terminal commands

What you'll do

1. Prerequisites

Before requesting a review, confirm that you've taken the following steps:

  • Verified ownership of your site in Search Console
  • Cleaned your site of the hacker's vandalism
  • Corrected the vulnerability
  • Brought your clean site back online

2. Double-check that your pages are available and clean

To be safe, use either Wget or cURL to view pages on your site, such as your homepage and a URL modified by the hacker. These pages should now be clean. If they are, and you're confident that the rest of the pages on your site are also clean, it's time to request a review.

3. Request a review

Before requesting a review:

  • Be sure that the problem is truly fixed; requesting a review if the problem still exists will only prolong the period of time that your site is flagged as dangerous.

  • Double-check where you should request a review; the review process will take place in a specific tool, depending on the issue your site is facing. Refer to the following channels:

A. Hacked site

If you received a hacked site notification in the Security Issues report in the Search Console:

  1. Now that you have gone through the successive steps of the clean-up process, return to the Security Issues report report and find the issue either as a site-wide match, or as a partial match.
  2. Select Request a review. To submit a review, we recommend that you provide more information on what you did to clean your site. For each category of hacked spam, include a brief explanation of how the site was cleaned (for example, "For Content injection hacked URLs, I removed the spam content and corrected the vulnerability by updating an out-of-date plugin.").

B. Unwanted software (including malware)

If you received a malware or unwanted software notification in the Security Issues report in the Search Console:

  1. Open the Security Issues report again in the Search Console. The report might still show the warnings and sample infected URLs you saw before.
  2. Select Request a review. To submit a review, we recommend that you provide more information on what you did to remove the policy violation from your site. For example, "I removed the 3rd-party code that was distributing malware on my website and replaced it with an updated version of the code".

If you didn't receive a malware or unwanted software notification in the Security Issues report in the Search Console, but you received a notification in your AdWords account, instead request a review through the AdWords support center.

C. Phishing or Social Engineering

If you received a phishing notification in the Security Issues report in the Search Console:

  1. Open the Security Issues report again in the Search Console. The report might still show the warnings and sample infected URLs you saw before.
  2. Select Request a review. To submit a review, we ask you to provide more information on what you did to remove the policy violation from your site. For example, "I removed the page that was asking users to enter personal information".
  3. You can also request a review at google.com/safebrowsing/report_error/. In addition to serving as a reporting tool for site owners who believe their page was incorrectly flagged for phishing, this report will trigger a review of phishing pages that have been cleaned to lift warnings.

4. Wait for the review to be processed

  • Hacked with spam review process time: Reviews for sites hacked with spam can require up to several weeks to process. This is because spam reviews can involve manual investigation or a complete reprocessing of the hacked pages. If the review is approved, Security Issues will no longer display hacked category types or example hacked URLs.
  • Malware review processing time: Reviews for sites infected with malware require a few days to process. Once the review is completed, the response will be available in your Messages in the Search Console.
  • Phishing review processing time: Phishing reviews take about a day to process. If successful, the user-visible phishing warning will be removed and your page can surface in search results.

If Google finds that your site is clean, warnings from browsers and search results will be removed within 72 hours.

If Google determines that you haven't fixed the problem, the Security Issues report might display more sample infected URLs to assist your next investigation. Malware, phishing or hacked with spam site warnings will remain in search results and browsers as a caution to protect users.

Final steps

If your request was approved

Verify that your site works as expected, that pages load properly and links are clickable. To keep your site safe, we encourage all site owners to implement the maintenance and security plan created in Clean and maintain your site.

If your request was not approved {not-approved}

Reassess your site for malware or spam, or for any modifications or new files created by the hacker. You can also request more help from specialists on your support team.