How to Fix “Site ahead contains harmful programs” Error in WordPress

WordPress is one of the easiest, most straightforward website hosting and creation platforms around. But even WordPress isn’t impervious to those infamous “This site ahead contains harmful programs” errors.

These error messages can occur when there’s bad backend code, Google-flagged reports, and more. Suffice to say it’s imperative you, as the website owner, fix whatever the problem is ASAP, getting your site back up and visible to those who are searching for it.

Currently dealing with one of these errors or want to learn how to fix (and prevent) one in the future? Keep on reading to see how you can repair and safeguard your WordPress site from “this site ahead contains program” errors.

Scan Your Site for Malicious Code

One of the leading reasons why these messages pop-up is because there may (or may not) be lines of malicious, flagged code. These are particularly common when advertising with low quality, budget-based advertising networks.

Thankfully, this can be rectified. Use Google’s safe browsing analysis tool, which will comb through your website’s code and point out any malicious code.

Here’s the URL parameter to use the above-mentioned tool:

Simply add your site’s domain in the URL space titled “”  Afterward, if you have malicious code, take note of those lines. You’ll need to know those later to successfully remove them from your site and, thus, fix this critical error message.

Create a Backup of Your Entire WordPress Website

Before you go about removing lines of code from your website, create a complete backup.

When you start digging in the backend of your WordPress site and start deleting code, it’s all too easy to remove the wrong line—which, in some cases, could leave your website inoperable. But by creating a backup, you can easily come back from any accidental mistakes.

Also, creating a website backup is important to safeguarding user and customer information, as well.  Programs and plug-ins like BackupBuddy, UpdraftPlus, and BackWPUp are all well-reviewed, safe third-party providers that make doing this a breeze.

Remove Suspicious or Malicious Code

Now that your websites backed up and save from permanent error, let’s get into the business of finding and deleting that malicious code.

Using the code generated by the Google Safe Browsing tool, open-up your site’s Web Editor. This will display all your sites code. To save yourself time and future headaches, use the “Control-Find” option and paste in the line of code you’re looking for, which will show you the highlighted code you’re looking to delete.

For your own use, below is an example of malicious and/or suspicious. code:

function v78 FAX($vJOJJ7T, vRJ8WGX){$vM74216 = ''; for($i=0; $i < strlen($vJOJJT); $i++){$v74216 .= isset(vRJ8WGX[$vJOJJ7T[$i]]) ? $vRJ8WGX[$vJOJJT[$i]] : $vJOJJ7T[$i];}
return base64_decode($vM74216);}

Word to the wise: Maclious code often contains “base64_decode” somewhere in it. Also, malicious code will often include code that “redirects” or turns off “error reporting.” Below is an example of just that:

str_rev(edoced_46esab('ZXJyb3JfcmVwb3J0aW5nKDApOw0KJHRydW09aGVh = error_reporting(0); or error_reporting(E_ERROR | E_WARNING | E_PARSE); or ini_set('display_errors', "0");

Granted, all these lines of malicious code should appear when you run the Google Safe Browsing Tool. But, for future reference, it helps to know these to pinpoint chronic “This site ahead contains harmful programs” errors.

After you’re done removing the bad code, re-run your website through the Google tool. This will ensure there’s no more malicious code in your site, prior to doing the next step.

Have Google Remove Your Site From it’s Flagged Test

Once you’re 100 percent sure your site is free from malicious code, now you’ll need to have Google remove your site from its flagged list.

To do this, use Google’s Webmaster tools. After adding your page to the Webmaster Tool, check for any security issues associated with your website. And, again, once you’re absolutely sure you’ve recertified those issues, click on the “checkbox” and request your WordPress site be reviewed.

Upon review, should everything be squared away, your site will have the dreaded “This site ahead contains harmful programs” errors removed.

In Conclusion: Find the Malicious Code, Backup Your Site, Delete Said Code, and Ask for a Review

As you can tell by now, getting rid of these errors isn’t as straightforward as it might seem—but it can be done, nonetheless. Follow the above-mentioned steps in chronological order, and rest easy knowing your WordPress won’t throw any “This site ahead contains harmful programs” error messages, anymore.

Published by Hans Desjarlais

Founder @ Themely, entrepreneur and travel addict. Always learning, maverik at heart, speaks 3 languages and hope's to go to space one day.

Error: Please enter a valid email address

Error: Invalid email

Error: Please enter your first name

Error: Please enter your last name

Error: Please enter a username

Error: Please enter a password

Error: Please confirm your password

Error: Password and password confirmation do not match