Google has rolled out more detailed explanations for why a site has been labelled as risky to visit by Safe Browsing and better answers for how to fix the problem.
After nearly a decade of Google Safe Browsing, most website operators know what happens if their site has been hijacked; their listing in Google search with Chrome and other browsers that use Safe Browsing get slapped with a malware warning that discourages users to proceed.
Given Google’s dominance of Search, the consequences of that labelling can be dire for traffic. At the same time, Google is in a prime position to tackle malware threats delivered via hijacked websites.
Yet, while these warnings are meant to encourage site owners to fix a malware problem, a recent study by Google of nearly 800,000 hijacked sites found that a significant share of site owners don’t understand why the site was marked as a malware risk and don’t know how to remedy it. For the site owner, that means an extended period of fewer referrals to from Google, and a persistent malware problem that may affect Google’s users.
Site owners can already find some answers by using Google’s Search Console, however it’s likely become more complicated as Google has expanded Safe Browsing beyond outright malware warnings to include sites that have been abused for phishing, and distributing irritating software, such as adware.
To help explain the problem to site owners, Google has come up with what it says are “more specific explanations” for security issues flagged by Safe Browsing that provide more context and detail about what the service has found. The more detailed accounts cover Safe Browsing classifications for malware, deceptive pages, harmful downloads, and uncommon downloads.
“We also offer tailored recommendations for each type of issue, including sample URLs that webmasters can check to identify the source of the issue, as well as specific remediation actions webmasters can take to resolve the issue,” Kelly Hope Harrington from Google’s Safe Browsing Team wrote in a blog post on Wednesday.
This type of help should be useful to all site operators, but in particular for less technical site owners who, in Google’s study, were more likely to have their sites hijacked again even after appearing to have cleaned up a malware problem, only to discover they hadn't resolved the root cause, such as a vulnerable web content management system.