Deceptive site ahead

Website URL

my website is this

Error Message

Deceptive site ahead

Other Information

From my login.php page suppose to have problem as it can trick visitors…etc . Although the website is almost the same for more than a year now and i dont find any hacking activity. (I found only a bunch of backup files that i deleted. They were created from a php script that was running continuously.)

Please flag as false alarm


How can I flag as false alarm?

There should be a link towards the bottom of the red page. You may have to click “show details” or something related to that first


Adding your website to the search console, or if it is already added requesting a (re-)review is also generally a good way to get the false flag removed.


Like I said, Google Chrome has a big history of not blocking the real malicious websites but blocking the innocent ones. Your website works good on other browsers.

Still, Google Chrome has a large marketshare, so making sure its users can visit your website is a good idea.


Yea. That’s a good idea to talk with google about this a little bit. It owns the largest browser after all

Thank you all for the help. Luckily I’ve made a request to google explaining that it’s a false alarm and the website was back to normal in about 12 hours…


UPDATE: Unfortunately the “Deceptive site ahead” notice returned. Now i’m thinking it’s a good idea to add Security Headers in case it will make it a permanent solution.
Even though i added the suggested snippet from here to my .htaccess file, i dont see any effect in this security scanner:

# Security Headers
<IfModule mod_headers.c>
	Header set X-XSS-Protection "1; mode=block"
	Header set X-Frame-Options "SAMEORIGIN"
	Header set X-Content-Type-Options "nosniff"
	Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
	# Header set Content-Security-Policy ...
	Header set Referrer-Policy "same-origin"
	Header set Feature-Policy "geolocation 'self'; vibrate 'none'"

Is mod_headers.c enabled by default?

If my question is out of topic please let me know.

The security header check won’t work because of this system:

Also, I’d be very surprised if this helped. Having security headers make your site more secure, but not more trustworthy. A site that impersonates another brand is still deceptive, even if it has a CSP set and uses HSTS.


So, i understand that with free hosting a standard set of security features come out of the box, and also cannot be modified…

I cannot remember how i ended up to security headers. Maybe some websites are red flagged by google due to security headers, so that’s why it is suggested as solution.

By the way, the website again returned to normal. The question is how i prevent google from red flag it? Each red flag cause a big issue…

I really doubt that. “Deceptive website” means Google thinks your website is trying to trick people into doing something that they don’t want.

After all, a phishing page that implements all security best practices to make sure that data is transmitted safely, is still a phishing page.

Don’t make Google angry?


This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.