WP Thinker

The WordPress Playground

How to Fix “This site ahead contains harmful programs” Error in WordPress

This site ahead contains harmful programs

Saw the red screen of death in Google Chrome when visiting a WordPress website? It is among the scariest things that could happen, especially if you’re the website owner. It gets even worse when you realize that all of your visitors are seeing the same thing. Luckily, you can rebuild your reputation after you resolve the situation, invest in security, and start paying more attention. A silver lining is that you don’t necessarily need to find out who the culprit is, only remove the source of the problem. We also feel that the situation, although terrible, will be a wake-up call and benefit you. Here’s how to fix “This site ahead contains harmful programs” error in WordPress.

Other forms of Google Chrome red screen warning

Here are a few ways “The site ahead contains harmful programs“ WordPress error can look:

  • Deceptive site ahead
  • The site ahead contains malware
  • This page is trying to load scripts from unauthenticated sources
  • Continue to [site name]?
  • Did you mean [site name]?

Why does the “This site ahead contains harmful programs” error appear?

The most common cause of the “This site ahead contains harmful programs” error in WordPress is hacking. It can also be an attempted hijacking or that a backdoor was discovered. The warning is triggered when Google’s crawlers index your website or Google receives reports about dangerous activity on the website. There are 4 more relatively common reasons for the red screen of death:

  • Someone spamming malware or ransomware links if you don’t have WordPress comments disabled or regulated
  • Ads on your website are linked to low-quality or malicious advertising agencies that point to suspicious software or malware
  • Plugins, themes, or uploads folder that was compromised or has exploits waiting to be abused
  • You’re using an outdated version of a CMS (Content Management System) that is susceptible to exploits

How to use Google to get more information?

To get a more precise reason for the error from Google, you can do 3 things:

  1. Open the Google Safe Browsing page. Click on Site Status and enter your website URL.
  2. If you’re logged in to the Google Search Console, you’ll see a Safe Browsing notice. Google will specify infected URLs or files that contain malicious code.
  3. Click on the Security & Manual Actions sections of the Google Search Console. Then, select  Security issues to get more information.

Solving “This site ahead contains harmful programs” WordPress error

Fixing “This site ahead contains harmful programs” error in WordPress is done manually, by using a WordPress plugin or external app/website. The best results are achieved when all of those combined. Here are 4 main ways to resolve the “The site ahead contains harmful programs“ WordPress error:

1. Restore from a backup

If you are using one of the backup plugins for WordPress, you can roll back your WordPress website to the state it was before this occurred and skip straight to getting a Google to review it again.

2. Use a security WordPress plugin

We already made a list of the best security plugins for WordPress that you should be using. However, we can safely assume that you aren’t based on the circumstances you’re in. So, we’ll mention 4 that are best suited for this problem: MalCare, Wordfence, All in One WP Security & Firewall, and Sucuri Security.

Wordfence

Follow these steps to use Wordfence to get rid of malware or backdoors:

  1. Install WordPress plugin directly or via FTP using the link above.
  2. A Wordfence menu appears in the WordPress Admin Section sidebar.
  3. Click on it and select Scan.
  4. Click on the Start New Scan button.
  5. After the scanning is complete, look for the issues under Results Found.
  6. Click on Repair All Repairable Files or use method 4 below.

3. Use a scanning website

There are plenty of websites to do this. We picked the following one because it can be paired with a WordPress plugin. Here’s how to use Sucuri Security online to scan your website:

  1. Visit the Sucuri SiteCheck page.
  2. Enter your website URL.
  3. Click on Scan Website.
  4. Preview results of the scan.
  5. Keep the browser tab open and use it as a reference while following method 4.

4. Solve the error manually

There are some issues the methods above can’t resolve, especially if the hackers hid the code well. To check and eventually fix it, you’ll need to access your WordPress website via FTP. Obviously, we can’t know what the files are named. Instead, you should look for .PHP, .exe, .zip, or any files disguised to look like PHP. To clarify, they will have .PHP in the name, but won’t be of that file type. With that said, here are some of the places the backdoor code could be:

1. Plugins

Check the reviews of the last few WordPress plugins you’ve installed. Also, browse the wp-content/plugins directory for names you don’t recognize.

2. Themes

Hackers are smart – the malicious code likely isn’t in the active theme files. This is because a theme update can wipe them and give you an easy way out. So, look through the folders of currently inactive themes or default WordPress themes unless you disabled them.

3. Uploads

What better way to hide a single .PHP script than among hundreds, if not thousands of media files in wp-content/uploads? Even more convenient for hackers, website owners rarely check the folder unless they encounter the “Upload: Failed to write file to disk” error in WordPress. Instead, they use the Media Library in the WordPress Admin Dashboard.

4. Includes

Hackers commonly hide their code among other scripts needed to run WordPress. Once again, compare it to wp-includes of a fresh WordPress installation.

5. wp-config.php

Compare the contents of the default wp-config.php file with yours. Get rid of any changes you don’t recognize.

6. .htaccess

You can always delete the .htaccess file and let it regenerate itself. Check method 3 in our guide on fixing the 403 Forbidden error in WordPress.

Submit your WordPress website to Google for review

Google will automatically reject your review request if they find traces of malware or hacking. This will only prolong the time “This site ahead contains harmful programs” remains plastered on the frontend. So, before you go ahead, make sure your website is 100% clean. Also, ensure that it can be crawled by Google bots (check our guide on the “Googlebot cannot access CSS and JS files“ error). Here’s how submitting a WordPress website for a Google review works:

  1. Log in to the Google Search Console if you’ve signed out.
  2. Click on Security & Manual Actions > Security issues again.
  3. Put a checkmark in front of I have fixed these issues.
  4. Click on Request a Review.
  5. Explain the steps you’ve taken and click on Request a review again.
  6. Wait for a response.