This post was from a mom blog I use to write. Its content was too good not to share. Enjoy.

This morning, I woke up to something super duper fun.


Yeah.. for real.

After some digging, I found out the error was related to a JavaScript code placed on my site for IZEA Media network which is an advertising network. You see, a lot of bloggers belong to different advertising networks such as Google AdSense and IZEA Media. These advertising networks pay bloggers to put advertisements on their sites, like this one.

At approximately 9:20am ET this morning, I located the culprit (IZEA Media JavaScript code) and removed it from my site immediately. Then I began frantically searching the internet to figure out how to remove the big, nasty, red your site sucks box. I discovered that I was supposed to visit Google Webmaster Tools >> Health >> Malware and then click the “Request Review” button. Well guess what? I do not have a “Request Review” button. And after even more searching, I found that it can take a day or two just for this button to appear! Great.

I also stumbled upon a site called StopBadware and learned that I can request a manual review of my site which reportedly may speed things up, which I did also. And it’s still “in progress” since approximately 9:30am.

My next order of business? To contact IZEA Media by email and thank them for the wonderful day I’ve had. The conversation:

Me (9/21/12 10:33am):

I had to remove your ad from my site because Google reported my site as malicious due to your “desktop head tag” code. Thanks for that.. I’m very upset about this. My site is blacklisted now because of your code!

IZEA Media (9/21/12 10:34am):

We are aware of the issue, and we have since removed the offending advertiser but until Google does a diagnostic check (which they are in the process of going through) the warning will still appear. There is no threat of actually downloading malware or contracting malware to your device, the advertiser has been banned by our partner network. You will not need a new ad tag as this was an ad from our partner site and was not actually attached to the ad tag. As soon as Google has completed the diagnostic check the warning will go away.

Me (9/21/12 11:11am):

Thanks all fine and dandy however my site is now blacklisted by Google thanks to this ad. How did this ad get through in the first place?

I have been working on getting my site removed from the blacklist for 2 hours because of the ad IZEA allowed to display. I am extremely upset about this. My readers are now concerned that I am a scam site that places viruses on their computers.

IZEA Media (9/21/12 11:33am):

Unfortunately with online advertising there is always a risk of malware getting through. While we and our other third part networks put checks in place to prevent this from happening occasionally something can slip through. This is the case with any online advertising network. Once Google has completed the diagnostic scan the warning should go away unless you are working with the third party network in question in another one of your ad placements.

Me (9/21/12 12:26pm):

So are you providing Google with a list of all affected sites (like mine) so they can remove the blacklist that was placed on them? Otherwise my site, and all others, will remain on Google’s blacklist until they are notified of each individual URL that was affected by this malicious ad.

IZEA Media (9/21/12 1:00pm):

Google has a list of all of our sites since we partner with them. If you remove the ad tag completely from your site the malware warning will go away. You can then choose to place the ad tag live again when the malware warning has been lifted.

Me (9/21/12 1:05pm):

Yes, I did remove the script from my site by 9:20am ET. Unfortunately Google is still reporting my site as suspicious 4 hours later. See

IZEA Media (9/21/12 1:25pm):

Every other blogger that removed the ad tag has not had the malware warning once the ad tag has been removed. It is possible one of your other ad tags is hosting the malware as well. (which is a lie, see this blog post at IZEA)

Me (9/21/12 1:32pm):

I know that it is the only tag. It’s still has the same warning when I do a site scan. It’s because Google hasn’t released the block on my site. Hopefully you guys sent a list of all sites affected to Google so they can remove all the malware blocks set.

IZEA Media (9/21/12 1:47pm):

If you’re running any of the same ad networks as we are you could be experiencing the same issue we were. The issue was not with our network but one of our partner networks and we’re waiting in queue to be reviewed by Google. Since our network is so large it takes awhile to process but if you’d like to submit your own review you may do so by going here: and since it is only one site it could speed up the process for your site.

Me (9/21/12 2:17pm):

Yes I submitted my site for removal over 5 hours ago and I’m still waiting. What a pain in the butt this all is. So disheartening, and meanwhile my visitors still see that I’m a “spam” site. Lovely.

And that was the last response. It is now nearly 6pm and I have heard nothing back from the Director of Advertising Operations at IZEA Media.

Meanwhile, the “Request Review” link still hasn’t shown up from Google, and my site still has a malware warning. Not to mention, any sites that are “hot linking” to my images are receiving notices that this blog is a malware site. What a glorious way to ruin a site’s reputation. Today, my site has had one-third of the traffic that it normally has.

Thanks, IZEA.

I run a few WordPress blogs, one of which is this fine one you’re reading now, but I also author another blog which deals with multiple advertising networks. Today, one of those networks was affected with malware. Thankfully my site was not affected but several of my friends’ sites were. This post will serve as an information gateway for you to learn how to remove a Google malware warning.

izea-media-malwareToday’s impact was huge. As an example, I have 10 blogging friends that I absolutely adore. Of those 10, five were affected – that’s 50%! The Google malware warning removal process is not quick by any means, in fact, it’s slow as crap. They take their sweet time, even when it’s Google’s fault or a “fake” malware warning. And there’s nothing you can do about it except follow the steps below to speed up the process.

  1. You’ve been affected and you’re getting the big nasty red Google malware warning shown above. Bummer… I’ve totally been there. The first thing you need to do is figure out what is causing the warning and remove anything related it. For example, today’s malware warning was from and is affecting all WordPress widgets, iframes, and images hosted by
  2. Request a Malware Review with Google Webmaster Tools. The process is as follows:
    • Log in to Google Webmaster Tools.
    • From the Tool’s home page click on the link to the site that is being flagged to go to the site’s Dashboard.
    • There should be a large red banner across the top of the dashboard that says “This site may be distributing malware.” Clicking on the link that says “More Details” expands the dashboard to reveal a list of pages on the site that were found to be malicious. (You can also check Health -> Malware.)
    • Below this list is a link that says “Request a review.” Fill out this form and click the “Request a review” button to initiate the review process.
    • NOTE: It may take 24-48 hours just for the warning to show up in Google Webmasters Tools. This is the most frustrating and time-consuming part of the entire process.
  3. Sit back and wait. Normally, after you’ve completed step 2, things go pretty quickly from here. Try not to get too irritated while you wait.
  4. Periodically check Google Webmaster Tools to see if the error is gone. You can also use this link to see if your site is currently clean (according to Google), just replace YOURURLHERE with your URL:
  5. Once your site no longer shows a Google malware warning, you need to request reconsideration of your site by Google. Rumor says they stop indexing your site when you have malware so you’ll want to make sure they start checking it again.

Four helpful links to check your site’s health and speed up the malware removal process:

I hope this post provides you with a step-by-step process for getting rid of a Google malware warning. If you’ve found this useful, please share it with a friend. 🙂 Good luck against the Google giant!

PS. Want to read my Google malware horror story? You can find it here.

wordpress securityI’ve come across several WordPress blogs that have been hacked recently. But this is an unusual hack and you may not even know that your blog has been affected. You see, this hack occurs only when people are visiting your blog when coming from a search engine. When a visitor clicks your blog link from a search engine (i.e. Google), they are redirected to (with XXX varying from blog to blog). But if you simply type the URL of the hacked blog in the browser, the redirection does not occur. Sneaky.

How to Know You’ve Been Hacked

A simple way to find out if you’ve been hacked is to search for your blog on Google and click a link to any of your blog pages. If you have been hacked, here is how to fix it.

  1. View/edit your .htaccess file located in your root WordPress directory. If you don’t know how to find this file or don’t have access to your files, then download and install the plugin WP Htaccess Editor. Warning: You can seriously mess up your blog if you delete or add something incorrectly to your .htaccess file. Please only mess with this file if you know what you’re doing or have explicit instructions on what to do (like I have provided below).
  2. Find and delete the entire hack (shown below) which is usually located at the top of the .htaccess file:
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteOptions inherit
    RewriteCond %{HTTP_REFERER} .**$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .*google.*$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .**$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .**$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .**$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .**$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .**$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .**$ [NC,OR]
    RewriteCond %{HTTP_REFERER} .**$ [NC]
    RewriteRule .* [R,L]
  3. If you’re using the WordPress plugin, save the file. If you’re editing the file on your server, you will need to save and/or upload the file.

Why You Were Hacked

You didn’t do anything wrong; don’t worry! The problem lies with a vulnerability in timthumb.php which is a component of some WordPress themes that is used to generate thumbnails. An unpatched timthumb.php file can allow code to be executed in the timthumb cache directory or can inject code into other WordPress files. If you’re concerned about this, ask your theme developer if your theme uses timthumb.php. If it does, make sure you have the newest version.

How to Prevent Your Blog From Being Hacked Again

If you don’t protect your blog, you will be hacked again. To prevent this, download and install the plugin BulletProof Security. I will walk you through the steps to setup BulletProof Security since this plugin may appear a little overwhelming.

  1. Navigate to BPS Security in your WordPress admin.
  2. Click the Backup & Restore tab, select the radio button next to “Backup .htaccess Files” and click “Backup Files.” (This is a security measure should you need to restore from your original backup.)
  3. Click the Security Modes tab. Click Backup .htaccess Files. Then click Backup .htaccess Files.
  4. Select the radio button next to the first “BulletProof Mode” and click “Activate.” Repeat this process for the other three “BulletProof Mode” radio buttons (one at a time) and click “Activate” after each one.
  5. Click the Backup & Restore tab, click the radio button next to “Backup BPS Master .htaccess Files” and click “Backup BPS Master .htaccess Files.”

If you’d like to check the security status of your blog, click the Security Status tab. All items should be green. If they aren’t green, you should fix them. If you don’t know how, tell me and I’ll try to help you.

Happy blogging!