Google ads disapproved due to malicious or unwanted software means either your website may have been compromised with security issues or Google may be chasing something that may not be the real threat but the scan algorithm may be flagging it red.
Malicious software or ‘malware’ may harm or damage a computer, device or network and hence Google is very strict on this. You must ensure your website provides a safe user experience.
There are many reasons for Google Ads disapproval but malicious software is purely related to security.
How to fix Google Ads disapproved malicious software?
In order to solve the Google Ads disapproval due to malicious software you need to follow a series of steps to pinpoint exactly what may be making Google unhappy. Generally speaking, troubleshooting involves website code checking, reviewing files and hosting permissions etc. Technical knowledge is key here.
Table of contents:
- Google Search console warning or alert
- Use a third-party website scanner
- Make sure file and directory permission is right
- Page with mixed content of live & dev
- Files hosted on third-party sites flagged suspicious
- Plugins treated malicious
- All looks clean but Google Ads is not happy
Related: Google Ads disapproved destination not working
It is important to note that, the scanning system used by Google Search Console and Google Ads may be different. With our test in the past, all appeared OK in the search console but the Google Ads scan system was chasing for something else.
Google Ads is previously known as AdWords.
Check for any warning in Google Search Console
Go to: Google Search Console >> Security & Manual Actions >> Security Issues
You are basically looking for the green tick (No issues detected).
If you are not already using the Google search console then visit the official guide of Google.
If any issue is detected here then you would need to clean up your website to ensure it is safe. Once the cleaning is done then submit it to Google Search Console for review before approaching the Google Ads team.
Use third-party website scanner
By using a third-party website scanner you may be able to find any specific security issue on your website.
Note: Different tools check for different parameters, meaning an issue identified by a specific tool may not get detected by other tools.
Here are some website security scanner tools:
- McAfee webadvisor: It will alert you if the scanner may have detected an issue with your website.
- Sucuri: You can scan your website by entering your website address.
- Quttera: Here also you can scan for malware.
Make sure file and directory permission is right
Not having the correct file and folder permission right on your server is one of the easiest ways for your website to get infected by malware.
Learn how to assign the correct permission on a cPanel hosting.
You can also SSH your cPanel hosting and change the permission in bulk – Do with caution.
find . -type d -exec chmod 0755 {} \;
find . -type f -exec chmod 0644 {} \;
Ref: https://stackoverflow.com/questions/19737525/find-type-f-exec-chmod-644
Page with mixed content of live & dev
Google may not like a website or page with mixed content of live and dev references. This is very common when Google Ads ad is disapproved.
Make sure to check the website source code and ensure there is no reference to the dev or staging site reference.
You should also check any references in your JS files.
How to check:
- Open the site in the browser
- Then over the source of the page (CRL + U)
- Then use the find tool (CTRL + F) in the browser to locate any dev reference
- Do the same for JS files.
Files hosted on third-party sites flagged suspicious
If some of your website files are hosted on third-party sites and if they are flagged suspicious then that may have an impact on your website safety.
Meaning, Google may check the source site to ensure all is OK.
Always, host website images and other files on a safe and secure hosted platform.
Plugins treated malicious
These days plugins are integral for many website-building platforms. WordPress is one of the leading CMS platforms where plugins are extremely popular.
Always, download and install plugins from a safe source and check the reviews.
A plugin may have a certain script that can trigger it to be malicious and hence your website will be picked by the Google Ads system and eventually, your Ads will be disapproved saying malicious or unwanted software.
All looks clean but Google Ads is not happy
With the malicious software warning and disapproval by Google, when you will content the support they will provide with the reason what possibly Google Ads system not happy with.
They may find something in the HTML code, header, and JavaScript code and they are generally very specific.
The scan bot may see something specific as a threat but in reality, it may not be the actual threat you still need to clean it and re-submit it to Google.
Tip: Instead of saying it’s all good in the search console, it’s best to clean as per their log and re-submit for faster AdWords Ads approval.
Related: See Google’s guide on malware and unwanted software.
Need help?
Let us help you with malicious software diapproval, book a consultantion with one of our Google Ads experts in Melbourne, we provide holistic online marketing with best practices.
Visit our Google Ads Cost in Australia page for monthly packages and a general pricing guide.
