Chrome shows a "Dangerous site" warning on my website
What this is
Visitors hit a full-screen red page, "Dangerous site", "Deceptive site ahead", or "The site ahead contains malware", before your site even loads. That's Google Safe Browsing: a blocklist consulted not just by Chrome but by Firefox, Safari, Edge, and most of the internet, so a flag effectively takes your site offline for real visitors.
Two things to understand before fixing it: this has nothing to do with your VPS, DNS, or certificate, it's a verdict about your site's content, and Google is usually right. The overwhelming majority of flags mean the site really is serving something bad, typically without the owner knowing, because the site was compromised.
Step 1: see exactly what Google flagged
- Google's Transparency Report, paste your domain, get the current Safe Browsing verdict and the category, no account needed. The wording maps to the cause: "deceptive" = phishing pages, "malware" = malicious downloads or injected scripts, "unwanted software", or "hacked with spam".
- Google Search Console, this is the essential one. Verify ownership of your domain (a DNS TXT record does it), open Security Issues, and Google lists the specific example URLs it flagged and why. This is also where the review request happens later, so set it up now.
- To see what's actually on those flagged URLs without infecting yourself, scan them with VirusTotal (URL tab) or Sucuri SiteCheck rather than opening them in your browser.
Step 2: clean the actual problem
What you found in Security Issues decides the depth of the cleanup:
- Injected content on a compromised site (the usual case, spam pages, redirects to scam sites, phishing kits in a subdirectory, malicious JS in your theme): this is a web-application compromise. Find recently changed files (
find /var/www -mtime -14 -type f | sort), look for PHP in upload directories, unknown admin users in the CMS, and edited theme/plugin files. Restore the site from a clean backup, update the CMS, plugins, and themes that let it happen, and change every application password. Check for cloaked spam too: search Google forsite:yourdomain.comand look for pages you never wrote. - Signs it went deeper than the web app, unknown system users, cron entries, processes, or SSH keys: assume root-level and follow the full compromise recovery routine, a flagged site is frequently how a deeper breach first becomes visible.
- You host user-generated content? The flag may target something a user uploaded or an open redirect being abused, remove it and close the mechanism, or you'll be re-flagged by the next abuser.
Don't skip to Step 3 with the malware still in place: reviews that fail because the site wasn't actually clean make subsequent reviews slower.
Step 3: request the review
In Search Console → Security Issues, tick "I have fixed these issues" and Request Review, describe briefly what you found and fixed. Reviews typically complete within a day or two (malware checks are often faster, deceptive-content ones can take longer). When it passes, the warning disappears from all browsers on its own, there's nothing to clear on our side or yours.
While you wait, resist the urge to move the site to a new domain: the flag follows the content, and a clean review is faster than rebuilding reputation from zero.
Keep it from coming back
The flag was the symptom; the entry point was the disease. The securing basics (updates above all, WordPress plugins are the #1 web-compromise vector), nothing exposed that shouldn't be, and real backups so "restore from a clean copy" is a ten-minute step instead of a fantasy. Keeping the Search Console property verified is also worth it: Google emails you the moment a new security issue is detected, which beats hearing it from a customer.
Still need help?
You can open a support ticket. So we can help on the first reply, it's worth mentioning:
- the domain being flagged,
- what Search Console's Security Issues page lists,
- what you've cleaned up so far, and whether you've requested a review.
Related questions
- "Why does Chrome say my website is dangerous?"
- "How do I remove the deceptive site ahead warning?"
- "How long does a Google Safe Browsing review take?"
- "How do I find what Google flagged on my site?"
- "My site was hacked and now shows a red warning, what's the order of fixes?"