Google is providing more helpful information for site owners to understand why their site has been labeled in browsers and search results with malware warnings.
The new help resources have rolled out in an update to Search Console, the tool that site operators can use to understand how Google search sees their site, including when Google's Safe Browsing anti-malware platform detects that a site has been hijacked to spread malware.
If Google Safe Browsing does detect a security issue, such as a script that redirects visitors to a malicious web page, Chrome, Firefox and Safari may display a security warning advising users against visiting the site.
The warnings, which also appear in Search results, will persist until the site owner fixes the problem. Once the problem is resolved, site owners can use Search Console to request a review to have the Safe Browsing warning removed.
Now site owners will have more specific information in Search Console's Security Issues report, explaining what the security problem is and how to resolve it. The more detailed accounts are available for instances involving malware, deceptive pages, harmful downloads, and uncommon downloads.
The updated security issues section also offers "tailored recommendations for each type of issue, including sample URLs that webmasters can check to identify the source of the issue, as well as specific remediation actions that they can take to resolve the issue."
Google is encouraging site owners to register their site in Search Console, which the company uses to send notifications about security issues it detects.
Since April, Google's Safe Browsing has issued just under 60,000 browser warnings per week and between 30,000 to 40,000 malware warnings in search, according to Google's Transparency Report. It also issues warnings over phishing sites and unwanted software.
The study explored the best way to communicate issues with site operators, and found significantly higher recovery rates among sites registered with Search Console because they receive notifications from Google, compared with sites alerted via browser and search warnings alone.
However, the study also found 12 percent of sites were hijacked against within 30 days, suggesting some site owners weren't addressing the root cause of the hijacking. The risk for site owners is that persistent malware warnings can drive away traffic.
About half the hijacked sites in the study were running on popular content-management systems, such as WordPress, Joomla, Drupal, and VBullletin. Outdated instances of these platforms have been behind several large breaches over the past decade.