Hey Dev Community!
It's been a while since my last post, but I recently had a fun (read: terrifying) experience with Google Safe Browsing flagging my site as dangerous. If you've ever seen a big red warning telling users your site is "trying to trick them into providing personal information," then you know what I'm talking about.
In this article, I’ll walk you through exactly what happened to my site, how I dealt with it, and the steps you can take to fix your own site if you ever find yourself in the same situation.
Hopefully, this helps someone avoid the same headaches and speeds up the recovery process!
🔍 The Problem
So here’s the deal—Google flagged my site and gave the dreaded warning:
“This site may be trying to trick you into providing personal information (phishing).”
Ouch.
🛠 Step-by-Step Recovery Guide
1. Document Everything
Start by creating a file to track every fix and action you take. This is critical for transparency and for your review request later.
2. Scan for Malware, Viruses, and Embedded Links
Even if your site is still live, scan it for issues:
- VirusTotal – Detect malware and viruses.
- Sucuri SiteCheck – Great for malware detection and seeing security vendors’ flags.
- JSHint – Lint your JavaScript for errors or suspicious code.
- MalwareURL – Good for spotting dangerous URLs.
- Quttera – Deep scan including embedded links.
Tip: Take screenshots or note any findings.
3. Take Down and Re-Deploy Your Site
You don’t have to do this, but I did. I use Netlify, so I:
- Deleted the manual deployment
- Redeployed from a clean copy
4. Check Your Database and Auth System
If you use Firebase or any backend service:
- Authentication – Check for suspicious users or entries.
- Database – Look for unknown data or exposed user info.
- Rules – Ensure you have secure rules set up.
5. Scan for Malicious Code
If you have the original files on GitHub, use an AI assistant or static analysis tool to check for malicious code.
6. Standardize Your Authentication System
One thing I overlooked: I had multiple versions of my Firebase SDK across different parts of my site. Don’t do that!
Make sure your login/auth is consistent and secure across the board.
7. Remove Sensitive Pages (Temporarily)
If pages like dashboards or user profiles aren’t 100% secure yet, either:
- Disable them temporarily
- Replace them with demo data
🧾 Ready to Request a Review? Here's How:
1. Go to Google Search Console
- Add your site as a new property (choose URL prefix or Domain)
- Verify ownership using an HTML file, meta tag, or DNS record
2. Redeploy with Verification
Once verified, redeploy your site with the verification method in place.
3. Submit a Review Request
- Click to request a review
- Check the box to confirm you've fixed the issue
- Paste your documented fixes (remember that file you made earlier?)
📝 Keep your explanation simple and clear.
Note: Google won’t always confirm receipt, so be patient.
⏳ Wait Time
This varies based on the issue. Some people get cleared in hours, others in days or weeks. Keep checking the Search Console for updates.
✅ The Result
Eventually, I got the notification:
“Your site is no longer flagged as dangerous.”
Relief.
🎮 While You Wait...
Check out my game Black Market Protocol on Itch.io — I've been rebuilding it recently, which is why I haven't been posting as much.
👋 Final Thoughts
Security issues suck, but they’re also a great learning experience. Hopefully this guide saves you some time and frustration.
If you’ve been through something similar, drop a comment — let’s help each other out.
Be strong king and queens crush them goals.
Good luck out there!
— Creator X