This website uses cookies

Our website, platform and/or any sub domains use cookies to understand how you use our services, and to improve both your experience and our marketing relevance.

🔊 Web Growth Summit is here! Learn from industry experts on July 17-18, 2024. REGISTER NOW→

How to Use Google Search Console to Find and Fix Security Issues

Updated on August 3, 2021

6 Min Read

The handy Google Search Console gives web admins actionable insights into their sites’ performance, and offers clues on areas that could use improvement. However, the SEO bells and whistles under its hood might eclipse a useful feature whose importance should not be underestimated. This is the Security Issues report.

Originally introduced in late January 2019, this functionality hinges on automated checks to identify security problems on your website, such as malware injection, dodgy scripts, hacking, and social engineering. You do not have to activate this feature – it works by default to give you a heads-up whenever suspicious activity is spotted.

How It Works

There is quite a bit of overlap in the security issues your website faces and its SEO health. Malware-riddled or compromised resources appear with a warning label in Google Search results. In severe attack scenarios, visitors are brought to a scary looking in-between alert page that warns you “The site ahead contains malware,” which strongly advises against going to the site.

Either way, your organic search traffic takes a nosedive, and therefore it is in your best interest to take care of the quandary as soon as possible.

If Google’s algorithms pinpoint malicious behavior, the “Overview” screen on the Google Search Console will send you an alert banner stating how many security issues have been detected. Once you click the “Open Report” button next to the warning, the service will display a breakdown of these problems by category, the date they were found, the affected URLs, and recommendations on addressing the predicament.

Every entry in the report is also backed by a brief description of the issue and includes a “Learn More” link. The latter leads to a comprehensive overview of the specific problem and methods to tackle it.

In some cases, the report might miss out on listing sample URLs that need fixing. This does not mean that the alert is a false positive, so you will have to do your homework figuring out what pages are exhibiting this type of sketchy activity.

You won’t miss these alerts even if you do not frequent your Search Console. Google sends the relevant notifications to the email address enrolled in your webmaster account.

What Kind of Security Issues Raise a Red Flag?

Any security problem Google detects on your website falls into one of the following generic clusters:

1. Hacked Materials

If a threat actor finds a loophole in your content management system (CMS) installation, or brute-forces your admin credentials to gain a foothold in your website, they may deposit arbitrary content behind your back. Google will let you know if its crawlers spot such foul play. This overarching category can be further broken down into several spin-offs:

i. Code Injection

An attacker who gets elevated privileges on your website may alter the server configuration file (e.g., the .htaccess document) so that specific pages redirect users to shady resources. Another technique is to inject JavaScript code that automatically reroutes visitors to pages under the crook’s control.

ii. Content Injection

To set this form of exploitation in motion, an adversary will typically piggyback on a vulnerable outdated version of a CMS plugin or theme you are using. On a side note, many of these third-party components are notoriously insecure and easily hackable. Content injection is a common method to poison a site with spammy links that land users on knock-off drug stores or other junk resources whose owners pay accomplices for unique leads.

iii. URL Injection

Malefactors can take the abuse further by adding new pages to your website without your awareness. These pages are usually chock-full of keywords and hyperlinks pointing to other sites. This tactic is a part of black hat SEO schemes aimed at boosting the search engine positions of other resources.

2. Malicious Code

This category spans harmful software that, when downloaded by a site visitor, affects their device, promotes other malware, or charges them for services they don’t need. Scareware, ransomware, keystroke loggers, and stealth crypto miners are a few common examples. The Security Issues report will use one of the following labels to categorize a problem like that:

i. Harmful Downloads

This one is self-explanatory: an attacker may pull off a privilege escalation trick to pollute your website with software that exhibits malicious behavior. To prevent your audiences from falling victim to digital pests, Google informs you of the danger via the Search Console.

ii. Links to Harmful Downloads

Even if your website does not host any dodgy downloads, it might include links to other URLs that contain unwanted software. This mechanism adds an extra layer of obfuscation to an attacker’s evil plan, but the Google Safe Browsing technology is potent enough to unveil it in a snap.

iii. Uncommon Downloads

This sub-type covers software on your website that is not yet documented as malicious but has hallmarks inherent to mainstream malware. To err on the side of caution, the Security Issues report will draw your attention to such potentially unwanted apps. If a visitor tries to download such uncommon materials using the Chrome browser, they will encounter a message alerting them to possible danger.

3. Social Engineering

Perpetrators may surreptitiously embed ads leading to phishing pages that hoodwink visitors into handing over their sensitive information such as account credentials, credit card details and email addresses.

Another “classic” trick is to show a pop-up that instructs the user to install the latest version of some popular software, which turns out to be a predatory program in disguise. The following issues exemplify this category:

i. Misleading Content

This alert appears in the Security Issues report if your site contains pages that try to manipulate users into sharing their passwords, contacting rogue tech support, or downloading software that will harm their devices.

ii. Phishing

With these social engineering attacks being hugely widespread, Google will definitely notify you whenever its algorithms detect bogus forms or other dubious materials that instruct visitors to reveal their confidential information. Content like this typically pretends to emanate from a reputable entity such as a financial institution, operating system, or a trusted service provider like Microsoft or Apple.

iii. Concealed Mobile Charges

This hoax could not possibly fly under Google’s security radar. If it determines that your website is not fair and square about mobile billing information, the Search Console will display this entry in the Security Issues report.

How to Fix Security Issues Listed in Google Search Console?

Knowing the security problems on your website is half the battle. Once you scrutinize the report, the next thing on your to-do list is to address those issues. Not only is this the key prerequisite for regaining your previous positions in search results, but it is also a sign of proper site maintenance practices and a way to keep your audiences safe.

One more thing to keep in mind is that the Security Issues report does not provide any automatic fixes. Instead, it points you in the right direction with your cleaning efforts. Assuming that you have already familiarized yourself with the detected issues, here is what you need to do next to remedy your site:

1. Decide if You Can Address the Issues on Your Own

If you are certain that you have enough expertise to fix the problem, good for you. But some situations require third-party assistance. Make that decision before you move on with your spring cleaning.

2. Pinpoint the Troublemaking URLs

Expand each category to view sample pages affected by the problem. Visit these pages and identify the content that makes Google frown. Be advised that the list may be incomplete (or sometimes even blank), so you will have to go the extra mile looking for similar issues on other pages.

3. Fix Every Single Affected Page

This can be tedious, especially if the report omits too many URLs impacted by the issue. A specially crafted security plugin might be the silver bullet here. For example, if your site runs WordPress, you can install the Wordfence Security or Sucuri Security plugin that will thoroughly scan your WP installation and identify all instances of the problem. That is a great shortcut worth considering.

4. Test if Things Are Back to Normal

Audit your website manually, or use a security plugin tailor-made for your CMS to verify that the issues are no longer there. This is important, so you should take your time and be scrupulous with your inspection.

5. Request a Reconsideration

Once you have made doubly sure that your site is in the clear, click the “Request Review” button in the Security Issues report. This will open a window where you will need to write a summary of the problems you have encountered, the measures you have taken to fix them, and the final result of your cleaning steps. The review process may take up to two weeks. When it is completed, you will receive a message with the final verdict.


Google Search Console combines SEO perks with useful security recommendations that help get your website back on track after compromise. Bear in mind, though, that the logic of the Security Issues report is to keep you aware rather than fend off exploitation, and it is not a replacement for vigilance and safe webmaster practices

Disclaimer: This is a guest post by David Balaban is a computer security researcher with over 17 years of experience in malware analysis and antivirus software evaluation. David runs and; both projects present expert opinions on contemporary information security matters, including social engineering, malware, penetration testing, threat intelligence, online privacy, and white hat hacking. David has a strong malware troubleshooting background, with a recent focus on ransomware countermeasures.

Share your opinion in the comment section. COMMENT NOW

Share This Article

Jamil Ali Ahmed

Jamil is an Organic Search Manager at Cloudways - A SEO friendly hosting Platform. He has 14 years experience in SEO, and is passionate about Digital Marketing and Growth Optimization. Jamil is a Minimalist, Observer, Loves Nature, Animals, Food, Cricket & Mimicking :)


Get Our Newsletter
Be the first to get the latest updates and tutorials.

Thankyou for Subscribing Us!


Webinar: How to Get 100% Scores on Core Web Vitals

Join Joe Williams & Aleksandar Savkovic on 29th of March, 2021.

Do you like what you read?

Get the Latest Updates

Share Your Feedback

Please insert Content

Thank you for your feedback!

Do you like what you read?

Get the Latest Updates

Share Your Feedback

Please insert Content

Thank you for your feedback!

Want to Experience the Cloudways Platform in Its Full Glory?

Take a FREE guided tour of Cloudways and see for yourself how easily you can manage your server & apps on the leading cloud-hosting platform.

Start my tour


  • 0


  • 0


  • 0


  • 0



For 4 Months &
40 Free Migrations

For 4 Months &
40 Free Migrations

Upgrade Now