A Word on 'Deceptive Site Ahead' Warnings

What Is the Deceptive Site Ahead Warning?

Deceptive Site Ahead is a warning message that generally users find when accessing a website on Google Chrome browser. It halts the user from accessing the website, as it is infected with malware or a threat that the browser definition finds dangerous for the user to access. It processes the website as a big chance of a data breach or cyber-attack.

Chrome is considering the Deceptive site as a Phishing site.

Other Browser Response

Check for your website in other browsers as well (like Firefox, IE, Safari, etc.). If they don’t show any warning or error message, you do not need to get panicked as it takes a little effort to fix it. But, if they show a warning or error, it a call of a serious issue and you need to get it solved ASAP.

Why Deceptive Site Ahead Warning?

Chrome shows the Deceptive Site Ahead warning for a website that carries the following possibilities of errors/mistakes.

• The website carries malware or threat files
• SSL Certificate not installed properly
• Website traffic is not redirected to HTTPS
• Mixed Content warning

Fixing the Deceptive Site Ahead Warning

1) Scan Website for Malware or Threat

The first reason for the warning is that the website is infected with malware or a threat. To fix this issue, first, scan your website through an online malware scanner or use any anti-malware software to find out the error file or page.

Once you find the file or page, delete it or remove the malware or threat and upload the file/page again.

Chrome will no longer show the Deceptive Site Ahead warning.

2) Install SSL Certificate Properly

• If you have installed a Self-signed SSL Certificate in your server, the browser will not able to find the Certificate Authority or its roots, hence, it will show you the warning message.
• If you have not installed SSL Certificate properly in your server, sometimes, the browser will show you the Deceptive Site warning as the browser is not able to communicate securely with the server.

Solution:

• As the browser only accepts SSL Certificate from CA/B Forum verified Certificate Authority, you must install the trusted SSL Certificates like Comodo, GeoTrust, RapidSSL, Thawte, etc.
• As the proper SSL Certificate installation is necessary, you can follow this SSL installation guide that contains the quick SSL installation process for the different web server.

3) Redirect the Website From HTTP to HTTPS (301 Redirections)

Admin installs the SSL Certificate into the website server, but sometimes, they forget to apply the redirection code that turns the HTTP users into HTTPS. If the redirection method is not applied, the browser considers both URL (HTTP and HTTPS) as an individual, which makes a conflict and it turns into a deceptive site ahead warning.

If you are using a WordPress, you can use the following HTTP to HTTPS redirection code in your .htaccess file.

<IfModule mod_rewrite.c>
RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
</IfModule>

If you are using other Content Management System or website development platform, you can use their own redirection methods.

4) Remove Mixed Content Warning

If everything works fine with your website, you scanned for malware, SSL is installed properly, 301 redirections were applied, but still, you face the warning message in the browser, there might be "mixed content" in your website.

A mixed content in technical language is the mixture of HTTP and HTTPS pages in your website. If a website carries the mixed content, the browser will not consider your website as an encrypted source and shows the warning message on the screen.