MY SITE HAS A SCAM ALERT ON IT FROM GOOGLE.

In September I had the same problem. Big pain in the ass fixing it! The site was listed as 'harmful' 7 days even though I fixed it the first day.

What happened...
I use WordFence free edition on all my sites (still do), but when I was setting up this new site, WF firewall went into "learning mode." During that time, the infection was added and WF just thought it was normal activity. I did not find out about it until Google gave me the alert. I could not use Chrome at all!

I searched the site, but the bug looked like a wordpress file, so I deleted all the 'ignore' files from WordFence and turned on full firewall coverage. Then, Wordfence found the files. There were about four of them in there. It cleaned them up. This was the first day I knew of the alert.

I searched google to see how to notify google that the site was clean and followed the instructions. It still took a week for them to give the OK.

Once I knew the site was clean, I pointed the domain to an empty folder with only index.html and a message that says, "I am clean give me access back to my site."

The hardest part was never hearing from Google or anyone else to know if it was being cleaned up. Firefox quit blocking the site after 3 days, but Chrome blocked the site all the way until the 7th day when Google reported that it was delisting my site from the scam alerts.

When you install WordFence it will give you suggestions. Save your .htaccess, etc. Do what it says. Every menu you choose to enter, you will be given a "tour". you have the option of clicking the dialog bubble or the top right corner. Click the bubble and follow the others. If you click the X it will give you the bubbles every visit until you follow them.

If you are not using it yet, install and activate WordFence. Then, go to the WF menu (bottom left corner) and choose "firewall". At the top left side of the page it should say "learning mode". Then scroll down below the message and the left most box should say "Web Application Firewall". Click on the link to "Manage WAF".

Scroll down till you see "Web Application Firewall Status" and change it from "Learning Mode" to "Enabled and Protecting".

Go back to the WF menu and choose "scan". Scroll down until you see "ignored results" and click it. Clean it out if anything is in there.

Click "Start New Scan" and have a lot of patience. If it tells you to clean up something you do not recognize, let it clean it. I use WPTwin for backups and it complains about them, so I put them in the ignored results.

When the scan is done, and you cleaned it up, start a new scan and have a lot more patience.

When it is done, you should be clean.

Now, go back to Google and search for how to report your site is clean and follow the instructions. I had to add my site to Google Search Center or some similar name. Then I reported it clean. Seven days later, Google finally told me it was clean.

When you follow all the settings in WordFence and understand a little more of how it works, you can add any files you manually ignore in a different box and they will not show up as "ignored" in every scan.

Two of my files were obvious and fairly easy to find, but the others looked like wordpress.


This is the only infection I have ever gotten using WordFence and I have been using it four years, I believe. The ONLY reason it got infected was that WF was in learning mode. I immediately change WF to protected mode when I install it on a new site now.

I have a domain that was once infected badly before I got WF and it must be on an attacker's list. It gets hundreds of attack hits daily. I have seen WF defend those attacks. I even watch live traffic hits sometimes and one day, I manually blocked more than 50 different IP addresses. WF was keeping them out, but I just stopped them from attacking.

In spite of my infection, I still use, trust, and depend on WF. I just don't let it "learn" anything anymore! LOL

BTW, I don't have any affiliate or other connection to WF except to have been using the freebie for all these years. They are probably not happy with me being a free customer all this time. But I have use it on every one of my sites and every one whose site I work on.

I hope you or someone else reading this will get helped by it.