How To Fix “This Site Ahead Contains Harmful Programs” WordPress
Last modified: February 4, 2020
If you’re site is being blocked to users and the error message “This site ahead contains harmful programs” is coming up, then you need to fix it. In the short term, your site isn’t getting traffic, but it will also lose ranking on search engines fast.
This issue comes up when malware has been placed on your website, often by hackers. So the trick is to remove the malware to make your site secure again.
Here is how to fix this issue.
Step One: Backup Your WordPress Website
The first action should be to backup your WordPress site. There are numerous options for this, including plugins and manual backup. Be sure to have a local copy of the files in a secure area which can’t infect your computer, like an external hard drive.
Step Two: Delete The Backdoor
The malware was uploaded when a hacker created a backdoor into your website, a way in to make changes. You need to find that backdoor and shut it for good. There are two options for this. First is to delete your site and restore it at a point where you know the hack wasn’t there. If you don’t know where that is, you have to try something else.
First of all, check the uploads file. See if there are any .php files in there. If there are, delete these. This is the likely cause.
The next step is to delete your plugins directory (yes every single one) and re-install them with clean versions. At the same time deactivate any themes and re-install only the one you’re using. Most advisors won’t recommend deleting your current theme as it is often the inactive ones that are targeted. But if you’ve changed themes between two, then when the active theme was deactivated, it could have been targeted.
Next, delete your .htaccess file from your website using an FTP client. You can regenerate a new copy of the file by now accessing your WordPress backend. Go to the Permalinks page in the settings menu within your WordPress dashboard. All you need to do then is to click on the ‘Save Changes’ button at the bottom of the page and a new .htaccess file will be generated.
Then check the wp-config.php file with the default wp-config-sample.php. If there is something that seems out of place, replace the wp-config.php.
Now you need to scan the database and spot for spam. This is probably best done by an experienced person, so speak to a web host or other legitimate web developer to see if they can help you here. However, if you’ve done the above tasks, you’ve already done half the work.
Step Three: Get The Warning Removed By Google
Now that you’ve cleaned your site, you can speak to Google about getting the warning removed.
You will need to log into your Google Webmaster tools. Click on ‘security issues’ and you should see the security issues that Google has found on your site. You can click on the checkboxes to request a review.
Don’t Delay Fixing This Error
Remember that without fixing this issue, your website will suffer from lower levels of traffic. Your reputation might also be ruined if it is not fixed quick enough. Therefore, always resolve this as soon as you can.