Imagine the situation – you launch an ad campaign, carefully strategize, create attractive ads and set up targeting. But suddenly you get an ad rejected with “Malware” status. This can be a real headache for a PPC specialist, because ad blocking can negate the efforts made.
The problem of rejecting ads due to malware is relevant for all advertisers, regardless of the platform used to create the site. Even when there are no real threats on a resource, Google Ads may consider it suspicious and block ads.
According to statistics, about 20% of sites are recognized by the system’s algorithms as malware in Google Ads. And in half of these cases, the suspicions turn out to be false. That’s why it’s so important to understand the possible causes of blocking and understand how to solve the problem.
What does the “Malware” status in Google Ads indicate?
The “Malware” status in Google Ads is an alarm signal that indicates serious problems with the site in some cases. If such a message appears in the advertising cabinet, it means that Google has detected potential security threats and has decided to block displays.
The consequences of receiving this status can be very sad. Ads will no longer be shown to potential customers. This means that you will lose traffic, conversions and money invested in advertising.
If you find this status in your Google Ads account, you should not panic. In most cases, the problem can be solved – remove viruses, clean the code and send the advertising campaign for re-moderation. The main thing is to act quickly and follow the recommendations from Google Search Console.
Why does the “Malware” error appear during ad moderation?
As a rule, among the main reasons:
Suspicious links. When copying a product or service description from another site, the content manager may have accidentally transferred an embedded link to sites that spread viruses, engage in phishing or contain problematic content. Even if you have nothing to do with these resources, the very fact of having links to them can be a reason to block advertising.
Infected files on the site. When the system detects viruses, trojans and other similar files in the resource code, it may block ads or mark the site as suspicious. In addition, a “Malware” error will appear in Google Ads. This is a serious threat to both ad campaign performance and user security, so regularly check the website for infected or malicious code.
Using hosting with a bad reputation. If the resource is placed on a server that is often used by spammers to send questionable content, blocking ads – a matter of time. Google regularly scans most sites on the Internet, enters them into its database. And if “neighbors” on hosting are found to have threats, your ads may also suffer.
How to solve the “Malware” problem in Google Ads?
If ads are no longer shown to the target audience, don’t give up – in most situations, ads can be unblocked. To solve the malware problem, the algorithm of actions can be as follows.
Check for the problem in Search Console
You can learn more about the vulnerabilities found on your site in Google Search Console. The tool was created by the search engine specifically to analyze the indexing and current positions of the resource in the organic output. Google fully trusts its tool, so the results of its check can be referred to in correspondence with moderators.
When adding a website, it is better to specify the URL with the prefix https://. This will allow you to confirm ownership automatically through communication with Google Analytics. If automatic confirmation is not possible, you will need to upload a special file to the root folder of the hosted site.
After adding the site, go to the “Security” tab in the Search Console working panel. If Google has detected viruses or malware on your site, it will display a notification indicating the specific files that caused the suspicion:
Carefully study Google’s recommendations and delete these files yourself if you have sufficient technical knowledge. Otherwise, it is better to contact a specialist for professional cleaning.
In some cases, a comprehensive approach may be required to completely eliminate the error – changing passwords for access to the admin panel, FTP and hosting, checking the file system with antivirus, restoring the backup copy of the site. Sometimes you even have to manually change the CMS core files from the installation archive on the server, because the virus replaced them with infected ones.
Once the virus threats have been eliminated, click on the “Request Check” button in Search Console. The main goal is to get a green “No Problems” bar:
Contact Google Ads support
If Search Console cannot detect errors on the site, but ads still don’t work, you should send a request to remove the blocking to the support service of the advertising system. You can do this at the link https://support.google.com/admanager/gethelp.
In your request, describe the nature of the problem in detail and attach a screenshot from Search Console confirming the absence of threats on the site. Processing of the request usually takes up to 3 days. If no problems are found, support will remove the blocking and allow the ads to be displayed. Otherwise, moderators will point out the issues that need to be corrected.
It is important to note that in some cases, the support service may send a standard automated response to the first request with a link to the “Malware” error reference documentation. If the site is still blocked 2-3 days after the request, do not give up and write to support again or request manual moderation by phone.
When nothing helps
If the above methods did not help to remove the error “Malware” in Google Ads, there are two options left – change the domain to a new one or move advertising campaigns to a subdomain.
The problem is that sometimes after a series of consecutive checks, a website can get into a kind of “blacklist”, from which it is extremely difficult to get out. And the only solution in this case is to change the domain. Just make sure that the new site has no links to the old domain or other references to it. Otherwise, history may repeat itself.
Of course, for old businesses with an established client base and good positions in search, this option is unacceptable – you could lose all organic traffic. However, for young companies that have not yet managed to find a regular audience, changing the domain may be a good way out of the situation.
How to avoid the “Malware” error?
Choose trusted domain zones. When registering a domain, pay attention to the domain zone. Some registrars offer to buy cheap domain zones – .live, .xyz and so on. For low cost they are often used by spammers or creators of dorveys. Accordingly, their reputation leaves much to be desired. Therefore, it is better to overpay a little for the domain, but get rid of problems with passing moderation.
Use quality hosting. Never use free or too cheap hosting for important projects. They often suffer from poor performance, are unstable, and may also have security issues. As a result, the site can become easy prey for hackers and spammers.
Install an antivirus. Regularly scan your online platform for viruses so that you can fix a possible problem once it occurs and it has not had time to spread. Thus, many hosting sites have built-in antivirus software that can be run manually or on a schedule.
Update your CMS and plugins in a timely manner. If software is not updated for a long time, over time it will eventually develop vulnerabilities and security issues that can be exploited by malicious users. Developers of popular CMSs and modules try to release regular updates to maintain stable operation. That is why it is so important to install new versions of software from the appropriate repositories in a timely manner.
Create site backups. While most web hosts create backups of each project that are kept for up to 14 days, this usually doesn’t help when a virus is detected. Attackers often customize malicious code so that it starts appearing some time after the infection has started, affecting as many files as possible. Therefore, it is better to back up your site as soon as it is created and after important updates.
