We get cases where after the recovery and securing of a WordPress website, Google Ads still disapproves the website saying “malicious or unwanted software.” Even after contacting Google ads support, their response will be the same, with 2 sample links below.

Google ads response

The website was scanned and the team found some unsafe domains listed below:

mobiles-global-apps-storages[.]life/ powerletterdoor10[.]live/

Now, I will not be able to disclose the part of the website where you have these unsafe links, but I would advise you to rescan the entire website​ for​ malware and when you have cleaned it. You may let me know so that I can further review the ads.

Follow these steps to identify if those malicious links exist, how to resolve and get google ads approved again.

If you hired the Securewp.net team to recover & secure your WordPress website and facing these Google ads disapproving issues, please just let us know via a support ticket or live chat. We will get this resolved for you within seven business days.

First of all, contact Google Ads support, ask for details, ask for what they got on the website. You may get a reply within two business days. That reply email will contain links that Google Ads found on your website.

Step 2: Start finding the hidden links.

At first, try Securewp.net online security scanner to discover hidden links. In most cases, you will get those links under “external links.”

If you get nothing suspicious, proceed to these manual steps to be 100% sure.

Check your website’s HTML source code in any web browser like Mozilla Firefox or Chrome.

  • 1: Search your website in Google search (Don’t type URL in browser address bar directly)
  • 2: Click on any link from the google search result
  • 3: Once you get your website fully loaded on your web browser, press.”CTRL+U” on the keyboard or right-click on your mouse and select “View page source.”
  • 4: Press “CTRL+F” to find the string on HTML source, type the keywords you got from ads supports email, for example: “mobiles-global-apps-storages“, “apu” or “zoneid” in the search box.

That search keyword, links can be different for your website. Get your links from Google Ads support email.

injected-link If you can’t locate those links provided by Google Ads support email in your website source code, repeat this finding step in a different browser using another network or VPN.

Tried your best, and still nothing? Please skip to Step 5: Resubmit Ads

If you can identify malicious links in your website’s HTML source code, follow the next step to locate the source of those links and clean.

Step 3: Check website database

If those malicious links are hidden into the database, you may locate them by simply searching by the domain names or unique keywords. We used dolohen a search term in our example. Login into PHPMyAdmin >> Select appropriate database name >> click on search search-in-phpmyadmin Make sure that you have selected all database tables to search. If those links exist in the database, you will see the number of matches like this db-search-result Click on “browse.” browse-for-details You got your culprit hidden malicious links! Try different unique search keywords if the result returns nothing.

Step 4: Check website files

WordPress security plugins or any other malware scanner can’t identify those malicious javascript links in most cases. As we know, those links already from Google Ads support email. We will use the SSH terminal to grep search keywords using this command.

grep -Hrn 'dolohen' /var/www/html/wp-content

grep-serach-dolohen Once you got the source of those JavaScript links injections, get it clean. Verify again if those malicious JavaScript links still exist in the website HTML source by following Step 1: Check site source code

Step 5: Resubmit Ads

Once you get everything clean, resubmit your ads to Google by simply editing existing ads. If you make any simple edit in existing ads, like changing a word, the ad’s status will change to “Under Review.”

  1. Select the ads you want to resubmit for review.
  2. In the menu at the top, click Edit.
  3. Make any change. You can change a word.
  4. Click Submit.

Wait and see if the ads get approved, or you get disapproved email again.

Once your Google ads disapproved for malicious links or unwanted software, there is a high chance that Google ads won’t approve your websites again automatically.

Only manual review from Google ads support can resolve this issue and get the website approved again. To get a manual review from Google ads support, you will need to provide details of the actions taken to make the website clean and secure; a professional web security expert’s help will be required for that. Your effort won’t satisfy Google’s ads support if you are not a web security professional.

Once your security professional ensures that the website is clean and secure, we are good to go to the next step for manual review.

Step 6: Contact Google

I assumed that you already contacted Google Ads support and sent you some malicious links they found on your website.

Get the list of actions taken to clean and secure the website from your web security expert.

 

Now reply to that google ads support email by mentioning that you hired security professionals; they have already cleaned and secured your website.

Provide the document or simply the list of actions taken by your web security expert. Mention that the security professionals couldn’t locate those links anymore after taken those actions. But unfortunately, Google Ads is still getting those links on your website. You believe that Google Ads automated scanner results are not accurate.

Google ads support will raise a ticket for you and will arrange for a review.

After a few days, usually within 2-3 business days, you will get an update from Ads support. You may get your ads approved at this stage.

Or they may ask for additional information, for example, a screenshot of reputed web security scanner results, screenshot of your search console security page.

If your website is really clean, you will get good news this time! 🙂 ads-approved

Sample of hidden links we found

You can identify malicious links from HTML source code. Here are some samples we found in different cases we worked on in the past.

Want to skip all these steps and get your website approved again? Get help. We will make sure that your website is clean, secure, and google ads approved.