From https://search.google.com/search-console? my login.php page suppose to have problem as it can trick visitors…etc . Although the website is almost the same for more than a year now and i dont find any hacking activity. (I found only a bunch of backup files that i deleted. They were created from a php script that was running continuously.)
Adding your website to the search console, or if it is already added requesting a (re-)review is also generally a good way to get the false flag removed.
Like I said, Google Chrome has a big history of not blocking the real malicious websites but blocking the innocent ones. Your website works good on other browsers.
Thank you all for the help. Luckily I’ve made a request to google explaining that it’s a false alarm and the website was back to normal in about 12 hours…
UPDATE: Unfortunately the “Deceptive site ahead” notice returned. Now i’m thinking it’s a good idea to add Security Headers in case it will make it a permanent solution.
Even though i added the suggested snippet from here to my .htaccess file, i dont see any effect in this security scanner:
# Security Headers
<IfModule mod_headers.c>
Header set X-XSS-Protection "1; mode=block"
Header set X-Frame-Options "SAMEORIGIN"
Header set X-Content-Type-Options "nosniff"
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
# Header set Content-Security-Policy ...
Header set Referrer-Policy "same-origin"
Header set Feature-Policy "geolocation 'self'; vibrate 'none'"
</IfModule>
Is mod_headers.c enabled by default?
If my question is out of topic please let me know.
The security header check won’t work because of this system:
Also, I’d be very surprised if this helped. Having security headers make your site more secure, but not more trustworthy. A site that impersonates another brand is still deceptive, even if it has a CSP set and uses HSTS.
So, i understand that with free hosting a standard set of security features come out of the box, and also cannot be modified…
I cannot remember how i ended up to security headers. Maybe some websites are red flagged by google due to security headers, so that’s why it is suggested as solution.
By the way, the website again returned to normal. The question is how i prevent google from red flag it? Each red flag cause a big issue…