Two days ago we posted a new blog on a site with the aim of being picked up for the search term "live comedy in chippenham". It’s been indexed by Google and we’re now 2nd in the results for the search query. The bad news is that for some reason the post has been indexed as a https URL so all browsers give a warning when the link is clicked.
Firefox gives this error:
The owner of www.neeld.co.uk has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
The host has confirmed that it's not a server config error and we have other posts and pages on the site that are being indexed correctly. We're using WordPress and the Yoast plugin. I can't see anywhere in Webmaster Tools that could be causing the problem.
Can anyone offer any advice please? If you search Google for "live comedy in chippenham" you'll see the issue (it's the link https://www.neeld.co.uk/live-comedy-in-chippenham/)?
It's a really strange one but something I've experienced before.
It has mostly likely been caused by an external link to the page using https protocol which Google has followed before indexing the page. Google are very keen to index https pages at the moment so we might start seeing this kind of issue more often.
There's not a lot you can do other than wait for Google to realise their mistake and list the correct URL in the SERPS. You can help speed this along with a canonical link (which I can see is there), XML sitemap (which you've got) and a server level redirect of https to http.
Do not try to remove the page in Webmaster Tools as this won't have the desired effect and will stop Google reindexing the page properly.
Hope this helps.
Related
The website is a wordpress site and it was been attacked by xss attack. Ive already installed wordfence and malcare to scan and remove the malicious code and files. but still the google search results are show spam links under the main result. I most of the pages direct to 404 webpages and i was told the google bot will remove it automatically but the issue still remains after 4 days. if any expert regarding this have any solutions and advice i would much appreciate.
You can try resubmitting you sitemap to Google in the Search Console.
Otherwise, similiarly try using the Google Removals tool to temporarily these links, hopefully the will be cleared from the search results by the the time the links are restored.
Tutorial: https://support.google.com/webmasters/answer/9689846?hl=en
I have created a website using WordPress. After some days, Chrome is showing Deceptive site ahead warning. But Firefox, Opera, Edge don't show any warning.
I have added my site to Google Search Console. In Security Issues tab, it says No issues detected. But google chrome is still showing the warning.
How can I fix this issue? Is there a way to submit my site for a review?
UPDATE:
I followed this link provided by #scytale and followed the following steps. But it is still the warning.
Scan Website for Malware or Threat: I have scanned my website using Sucuri, ReScan, VirusTotal, and Quttera. None of the scans detected any malware in the website.
Install SSL Certificate Properly: I am using AutoSSL from cPanel Inc. If I click on the alert icon at the left of warning, it shows the certificate is valid. So I guess my SSL is okay.
Redirect the Website From HTTP to HTTPS (301 Redirections): I have enabled in just like the example they provided. All http requests are being redirected to https.
Remove Mixed Content Warning: I have tested each individual page and haven't found any Mixed content.
The issue is, google search console is not showing any warning. So there is not option to request a review. Is there any other way I can ask google for a review? What else can I do?
According to Google the warning appears when "The site you try to visit might be a phishing site." However, if this were the case I would have thought it would be identified in Google Search Console.
dZone (a reputable security site) says the warning can appear for these reasons:
your website contains malware i.e. you've been hacked. However as
Google and other browser don't report issue this is unlikely.
issues with your site's SSL certificate (for HTTPS requests) maybe
installed incorrectly or not issued by an "approved" certificate
authority
Website traffic is not redirected to HTTPS (for fix see dZone article)
Mixed Content warning i.e. your https page "includes" content
obtained by HTTP (no S) URLs e.g. images, CSS, your or 3rd party
scripts. However, I'm pretty sure some of my pages use 3rd party
http affiliate scripts and I don't get this warning.
To fix check these issues and correct accordingly.
Its some time since I've used search console/webmaster tools but if Google has completed indexing of all your pages I would have thought it would also identify issues like mixed content. N.B. https://example.com and http://example.com are treated as "different sites" and you have to select appropriately in console. This Chrome extension claims to identify causes of mixed content for you (I've not used and have no idea as to its reliability).
Edit following request from Zakaria
I've no personal experience of this but I've done a bit of Googling:
Does the warning also explain why site is "dangerous" e.g. does it mention Phishing?
If you provide your domain name in the question then someone maybe able to identify why. I may not have time to check quickly, but others might be better qualified than me to check and comment.
Do you trust the theme and plugins you are using on your site? Google them for issues.
Chrome safe browsing, as well as using downloaded lists of dodgy sites; also locally analyses the properties of each page you visit and if it thinks suspicious forwards to Google for further checking. In which case it may be possible to find out which part of the page or script Chrome finds suspicious. See this Chrome Help Page.
Enter your domain here to see if you are on a "Google Blacklist"
Is your domain name new to you? Perhaps it was used for Malwre/Phishing in the past?
I'm having a few issues with making our site shareable on linked in and I'm at a loss. The og: meta tags all look fine, the facebook scraper picks it up fine, but the linkedIn scraper does not... and the img etc are not on a protected folder or anything like that.
When inspecting the developer tools the get request to the url-preview?url= link shows that the img etc.. aren't there.
The image is less than 1mb, all og: meta tags are obeyed. The only think that may not be 100% is the image ratio is not 1/4 or 4/1 (it's 2/1)... But that is only a recommendation and not a hard and fast rule.
Does LinkedIn provide something similar to FB (https://developers.facebook.com/tools/debug/) where you can test the scraper and re-run it? Or is there another way to debug this? Any help appreciated.
https://www.hipla.co.uk (is the page i'm trying to share).
cheers
It transpires linked in doesn't offer a similar facility to FB or twitter to test the OG meta tags and re-scrape the page. They cache a page for 7 days and then re-scrape again. However, you can refresh the linkedIn crawler cache simply by appending GET params to the URL, i.e. https://www.hipla.co.uk?123.
I eventually figured out what our issue was. We were using a wildcard cert (for multi domain, so we could have a single ssl cert for multiple subdomains) which meant we had to set the server name in the apache default-ssl.conf file, but we had a typo in it for the www instance ... which meant it gave an SSL error (for the linkedIn crawler) which isn't debuggable (if that's a word) using linkedIn but was spotted as we got an SSL error when testing the twitter metadata tags using the twitter card validator. Hope this helps anyone else who has a typo in their ssl settings. Note that the ssl error was not visible using a browser(s) as all looked fine.
I recently built and published my Wordpress site at www.kernelops.com and submitted it to the google index and webmaster tools. Today I logged into webmaster tools and found 60 URL errors all with the same type of issue. The base domain address www.kernelops.com is being appended to all my sites page, category, and post URLs. An example of the failed URL looks like this:
http://www.kernelops.com/blog/www.kernelops.com
Google Webmaster Tools indicates that this weird link is originating from the base url "http://www.kernelops.com/blog" which obviously means the issue is on my end. My Wordpress permalink settings are set to use the post-name; I'm not sure if that could be causing this, i.e.:
http://www.kernelops.com/sample-post/
I can't seem to find any help resolving this weird issue with google searches and thought someone here may be able to point me in the right direction.
The Wordpress plugins that would potentially affect the site's URLs are the following:
All in One SEO
XML-Sitemap
But I can't see any sort of setting within these plugins that would be causing this type of issue.
Any ideas would be greatly appreciated - thanks in advance!
This is a long shot, but it may be happening if the Google crawler picks up a link that seems like a relative path and attempts to append it to the current directory. It's highly unlikely that Google would have such a bug, but it's not impossible either.
The closes thing I could find that may be considered a relative path is this:
<div class="copyright">
...
Kernel, Inc.
...
</div>
I doubt that this is the problem, but it may be worth fixing it.
Now, there is yet another possibility and that's if the website serves slightly different content depending on the User Agent string. When Google presents your website with a User Agent string, the SEO plugins detects it and tries to optimize things in order to improve your ranking (not familiar with that plugins, so I don't know what it does exactly). There may be a bug in the SEO plugin that will cause the www.kernelops.com URL to look like a relative path or to actually construct that faulty URL somehow.
You can possibly test this by setting the user-agent string in your browser (e.g. FireFox's user-agent switcher) to Googlebot's user-agent string and test what happens when you visit your website. Look at the page source that you receive and look for any links that might look like the one Google is finding.
However, if the SEO tool is smart enough, it will "realize" that your IP doesn't match one of the valid IPs for Googlebot and it will not make the modifications.
An issue was brought to me involving malware on a WP environment. When I search the brand in Google and click the corresponding link, I'm redirected to a 3rd party spam site.
This has been happening for a while (over a week), but my site hasn't been put on Google's blacklist. Additionally, site scanners like , Norton Safeweb, etc. all claim the site isn't compromised.
Additional details:
I found and deleted some suspicious PHP eval() functions and then did a search and replace in my pages and database for any remaining code. After the site cleared into un-blacklisted status with Google I thought it was all over, ran updates and took numerous measures to protect the site from future infection.
However the issue still persists.
Were the nameservers ever changed by the malware or attackers? Google could have the wrong DNS information for your domain and thinks its hosted at said spam site? Resubmit your site to Google or report the issue to them to resolve (may also be resolved automatically next time Google tries to crawl your domain)?
It is a strange issue I have not seen before either, have you looked at your .htaccess file in the root directory? It is also possible that this has a rewrite condition that if the referrer is Google to redirect you to the spam site.
Solved this issue. At the time when this happened, this redirect attack was fairly new.
HTTP requests from visitors who passed referrer data from Google Search or Bing were being redirected, some of the time.
By targeting only those coming in from search, the webmaster or site owner is less likely to see the issue (until informed by a third party), while still manipulating a decent amount of the traffic (50% of traffic for most sites comes from search engines).
When I originally posted this question in 2012, this attack was new and because the redirect was being served server-side (directly in a lone PHP file, not via .htaccess), malware signatures from scanners didn't detect this.
Running Maldetect (with an updated database) was the best way to quarantine this issue and analyze the extent of the damage caused by malware.
This issue seems due to wp-vcd Malware that creates rogue WordPress admin users and injected spam links. I faced the similar issue and it got resolved after following these steps.
The files you should check for and delete:
wp-feed.php
wp-vcd.php
wp-tmp.php
Multiple copies of class.theme-modules.php, and
remove a bunch of code from the start of all the functions.php files.
For details you can find on this issue at following links...
https://wordpress.org/support/topic/wp-feed-php/
http://labs.sucuri.net/?note=2017-11-13
http://labs.sucuri.net/?note=2017-11-13