If your website is compromised in any way (malware, phishing, unwanted software, hacked) – Google will likely blacklist it and display a warning to your visitors. This is not only bad for SEO reasons, but your visitors will also think twice about revisiting your website if it was compromised, so you need to act swiftly.
First, make sure that your website is clean, and that all traces of compromise, be it malware or phishing, are removed. Additionally, ensure that the same issue won’t happen again by patching your software, etc.
Google Search Console
Once that’s completed, set up your domain Google Search Console and verify the property, as explained in this article.
Next, log in to Google Search console here, and click the Security issues option under the Security & Manual Actions section:
In all cases (phishing, malware, hacks, etc.), you will find the security report in this section, which will show you warnings and sample infected URLs on your website.
Request A Review
If you’re sure your website is clean, click the Request a review button and provide more information to Google about what you did to remove the policy violation from your website.
Google will then process your review and proceed further, depending on the outcome. If it was phishing that was successfully removed – Google would remove the deceptive website warning from your site. In the case of malware, you can see the Google security team’s response in Google Search Console under the Messages option.
In all cases, review time depends, and it can take from a few days to a couple of weeks.
Submit Incorrect Phishing Review
If your website was incorrectly flagged for phishing, you can submit the incorrect phishing warning at the following URL.