How to Fix Disapproved Google Ads? (Malicious software)

Last updated: June 24 2021

If your website was recently hacked and your Google ads stopped working, you’re facing hours, days or even months of downtime, which may result is a heavy financial loss. To minimise it, you’ll need to effectively plan your next steps.

Need help? Let us clean your site.

Depending on the service or product advertised, you may:

  1. Quickly resume your ads, using a temporary landing page – which will be associated with a distinct domain name. Works for service providers – counselor, accountant, plumber, etc.
    • You may signup with unbounce, leadpages or instapage in a combination with a fresh domain name.
    • Setup a landing page or a mini site, using your current hosting account – this will require technical knowledge.
  2. Keep your campaign paused and continue to address the main issue, making sure your website is malware free – recommended for ecommerce websites. The entire process should take approximate 3 to 7 business days.

Here are the steps required for the second option ( all covered by Magefix’s Platinum plan ).

1. Backup

Make sure web files and database are exported safely, on your local computer, to prevent further data loss.

2. Open a ticket with Google Ads

You may reach Google Ads support here: https://support.google.com/adwords/contact/approvals
On the last step, select “Email” as a contact option. This will buy you some time, while a cleanup will be performed.

2.a Perform a malware cleanup

Follow a cleanup guide, depending on the platform you’re using – WordPress, Drupal, Joomla or Magento. Each platform has a specific structure. Note: Consider rebuilding your site from scratch, making sure fresh core files and modules will be used – our most commonly used approach, especially for WordPress.

2.b Disable cache

Disable any CDN, local cache setting, plugin or cache setting provided by your DNS provider ( ex. Cloudflare ).
Make sure all visitors will get the current non-cached site version.

How to turn off caching using .htaccess: https://www.a2hosting.com/kb/developer-corner/apache-web-server/turning-off-caching-using-htaccess
Disable cache in Cloudflare: https://webania.net/disable-cache-in-cloudflare/

3. Take screenshots

Google Ads support often ask for screenshots, as a proof your site is indeed clean. Two screenshots from Sucuri SiteCheck and Google Search console should be enough.

Google search console screenshot ( example )
Sucuri Sitecheck screenshot ( example )

4. Review Google Ads first reply

If you 100% your site is malware free, ask Google support for a thorough site review, providing the screenshots as proof. Google Ads’s policy team is in charge with this analysis.
In case Google will provide a list with malicious links, research and perform a second cleanup. Note: I’ve often seen reports with malicious links, when in fact site was clean – make sure site cache is disabled.

5. Patiently wait for Google’s next reply

If you recently submitted a site check request, you should expect a reply in 24 to 48 hours. The first reply, which may include malicious links, may not reflect the actual site status – that’s why a thorough review should be performed. Note: Google Ads support will not reply during weekends. However, following a review request, ads may be automatically approved during weekends – so keep an eye on your campaigns.

Google Ads gets automatically approved after a review request

After the hard work, here are some phrases we love getting from Google Ads support team:
“We can confirm that the moderation of the site has shown that is malicious free.”
“Great news: your ads are now approved!”
“I just received a response from the security team in charge of your domain and they have told me that the domain is free of malware violations.”

Need help? Try our Free site check.