The Security Issues Report is a dedicated tool within Google Search Console that notifies site owners if their website has been compromised or displays harmful behavior. It identifies risks such as malware, phishing, and hacked content that could damage a visitor’s computer or steal their data. Keeping this report clear is essential for maintaining site traffic and user trust.
What is the Security Issues Report?
Google uses the Security Issues Report to communicate findings from evaluations that determine if a site is unsafe for users. The report categorizes issues into three primary themes:
- Hacked content: Unauthorized content or code placed on your site due to existing security vulnerabilities.
- Malware and unwanted software: Programs designed to harm devices, engage in deceptive practices, or negatively affect the user experience.
- Social engineering: Content that tricks visitors into performing dangerous actions, such as sharing passwords or downloading malicious files.
Why the Security Issues Report matters
Ignoring security issues often leads to immediate and severe consequences for your site's visibility and reputation.
- Warning labels: Google may place a warning label next to your site in search results, deterring users from clicking.
- Browser interstitials: Users may encounter a full-page warning in their browser before they can access your site.
- Traffic loss: Safety warnings naturally drive users away, leading to a significant drop in organic traffic.
- Brand reputation: Visitors who see security warnings may lose trust in your business or product security.
How the Security Issues Report works
The tool acts as a "source of truth" for your site’s health within the Google ecosystem. If your site is clean, you will see a green check mark and a message indicating no issues were found. If problems exist, the report provides a count of specific issues at the top of the interface.
To help you troubleshoot, the report offers samples of affected URLs. By expanding an issue description, you can see these specific examples, the date Google first detected the issue, and a brief explanation of the problem. However, these lists are often just samples; you must address the root cause across your entire site rather than just on the pages listed.
Types of Security Issues
Google classifies these problems as either "Errors" or "Warnings," depending on the nature of the threat.
- Hacked: Malware: A hacker has infected your site with software designed to harm users or their devices.
- Hacked: Code Injection: Malicious code has been added to your pages, which may trigger redirects or run cryptocurrency mining software in the background.
- Hacked: Content/URL Injection: New, spammy pages or links have been created on your site, often featuring unrelated terms like pharmaceuticals.
- Deceptive Pages/Resources: Content or ads that mimic trusted entities to trick users into sharing confidential data.
- Harmful/Uncommon Downloads: Offering software that is identified as malware or has not been verified as safe by Google Safe Browsing.
- Unclear Mobile Billing: Failing to inform users sufficiently about charges they might incur while using the site on a mobile device.
Best Practices
Address the entire site. Do not simply fix the sample URLs provided in the report. Google requires you to clean the issue everywhere before they will restore your status in search results.
Use specialized tools for diagnosis. Avoid visiting infected pages directly in a browser, as this could damage your computer. Instead: * Use the URL Inspection tool to view the page as Google sees it. * Use command-line tools like cURL or Wget to identify redirects or hidden code.
Verify your fixes thoroughly. Before requesting a review, use antivirus software to scan your site files and check for unauthorized changes in your server configuration files like .htaccess or httpd.conf.
Document your recovery steps. When you are ready to submit a review, [describe the exact quality issue, the steps taken to fix it, and the final outcome] (Search Console Help).
Common Mistakes
Mistake: Buying a site with pre-existing issues and expecting them to clear automatically. Fix: You must manually fix the issues listed in the report and state in your reconsideration request that you are the new owner.
Mistake: Resubmitting a review request while a previous one is still active. Fix: Wait for a final decision via email. Multiple submissions can increase turnaround time or lead to a "repeat offender" status.
Mistake: Only fixing the sample URLs shown in the Search Console. Fix: These are only examples. You must audit your entire site and server for similar vulnerabilities or injected code.
Mistake: Assuming you are safe because you cannot reproduce the warning. Fix: Google Safe Browsing displays warnings based on the user's context. Always rely on the report findings as the definitive source.
Examples
Example scenario (Code Injection): A hacker modifies a PHP file to inject a JavaScript redirect. This script checks if the visitor came from Google and, if so, sends them to a malicious site. The site owner uses the URL Inspection tool to see the redirect that is normally hidden from direct visitors.
Example scenario (Social Engineering): An ad network displays a rotating banner on your site that looks like a system update notification. Google flags this as a deceptive resource. You must refresh the page multiple times or check different mobile views to identify and remove the specific ad network causing the violation.
Security Issues Report vs. Manual Actions Report
| Feature | Security Issues Report | Manual Actions Report |
|---|---|---|
| Primary Goal | Protect users from harm (malware, phishing). | Maintain index quality (spam, manipulation). |
| Visual Indicators | SERP warning labels and browser interstitials. | Usually no visual warning for the user. |
| Search Impact | Pages may be labeled or blocked. | Pages are ranked lower or omitted entirely. |
| User Risk | High (potential device or data damage). | Low (usually just irrelevant search results). |
FAQ
How long does a security review take? [Most reconsideration reviews can take several days or weeks] (Search Console Help). You will receive an email confirmation when the review starts and another when the decision is made.
What should I do if I can't find the source of the malware? If the technical work is outside your comfort zone, you should build a support team of security professionals. These experts can help read code and review server configurations to find hidden exploits like obfuscated JavaScript or header redirects.
Can "Uncommon Downloads" affect my search ranking? No. An "Uncommon Downloads" warning will not prevent your site from appearing in search results. However, users may see a warning in the Chrome browser when they attempt to download the file. These warnings are often lifted automatically once Google verifies the file's safety.
How do hackers hide their content from site owners? Hackers often use cloaking techniques. They may only show malicious links or text to Google’s crawlers or to users coming from specific referrers, such as Google Search. This is why using tools like cURL to mimic a Google referrer is necessary for diagnosis.
What is the difference between an error and a warning in this report? Errors generally represent immediate threats like active malware or phishing. Warnings may indicate potential risks, such as downloads that Google has not yet verified or login pages where password reuse might be dangerous.
