Using Google Search Console to Find & Fix Security Issues
Google published a detailed explainer video that teaches site owners how to find and fix security issues with Search Console.
The video is another installment of Google’s Search Console Training video series on YouTube.
The video goes over:
- The main types of security issues that may affect a website.
- How to use Search Console to find the issues.
- What to do after the errors have been corrected.
Security Issues Report in Search Console
The security issues report in Search Console alerts webmasters about malicious behavior on their websites.
A security issue involves a website being hacked or used in ways that could potentially harm a visitor or their device.
These are some of the main types of security issues reported in Search Console.
A hacker might inject malicious code into pages to redirect users to another site.
Another common website hack involves automatically creating pages with nonsensical sentences filled with keywords.
If you can’t see hacked content on the URLs provided in Search Console this might be an example of cloaking.
Cloaking makes cleaning a website more difficult because it shows different content to users than it shows to search engines.
For example – Search Console might detect a specific page has hacked content which does not appear hacked to you.
This might lead you to believe there is no hacked content and that Search Console is sending you incorrect messages.
However, a search engine like Google might crawl the page and see hidden, spammy text and links.
An attacker might use a site to trick users into doing something dangerous, such as revealing confidential information or downloading malicious software.
That is kind of an attack is called social engineering.
When a site has been compromised to manipulate search rankings it can be labeled as “this site may be hacked” to warn users in search results.
When a site has been compromised to harm users, browsers enabled with Google safe browsing technology may display alerts when files are downloaded.
For example, an alert might be displayed to warn users when they are about to access malicious sites.
Google safe browsing is also responsible for displaying warning labels results in search, such as: “this site may harm your computer.”
Finding and Fixing Security Issues in Google Search Console
Google Search Console sends email alerts to verified site owners whenever security issues are detected on a website.
The alert will contain a link with more information on how to solve the issue, which should be addressed as soon as possible.
If you miss an email, or opted not to receive email alerts from Search Console, you can always check for security issues using the platform itself.
The Overview page in Search Console will notify site owners of any security issues that need immediate attention.
A banner will be displayed at the top of the screen like the one shown below:
Clicking the alert will bring you to the Security issues report.
The report contains a list of all security issues related to your website.
Here’s how to go about fixing the security issues listed in the report.
Fixing Security Issues
While you’re in the security issues report you can expand any of the panels to learn more about a specific issue.
Look for the learn more link which will being you to instructions on how to fix any of the detected issues.
Google advises fixing all errors listed in the security issues report.
When all issues are fixed on all affected pages, click on the Request Review button.
You’ll be asked to describe what was done to correct the security issues when submitting a request for review.
A good request, according to Google, does three things:
- Explains the exact issue on your website.
- Describes the steps you’ve taken to fix the issue.
- Documents the outcome of your efforts.
Most reviews take a few days to complete, but some can take up to a week or two. Google Search Console will send a notification when the review is completed.