Google Ads Disapproved For Malicious Software & Compromised Site [NEW]

Hello and welcome everyone to this amazing and long Google Ads suspension case study.

Where the account Google Ads was suspended for malicious software and it's what due to multiple repeated attempts of disapprovals which eventually turned into suspension.

The client basically had no idea that repeated ad disapprovals can go into suspensions.

And further on with the malicious software error, if this is not sorted around, you may also be liable to egregious violation policy, which is even a further violation.

And for those who don't know, we have been sorting out Google Ads suspensions, Google Business Profile suspensions, Google Ads disapprovals, Google Merchant Center disapprovals, we are a full-fledged digital marketing agency helping clients with Google Ads audit setup management.

And this was an issue which, you know, our client, one of our potential client faced and, you know, they reached around us, so let's get started to this long case study, guys, you have to watch this full because this is going to be very interesting and you may learn a lot of things in this, so let's get started on this.

So the client got an email, your Google Ads account 404-242-1870, you may remember it as well, was suspended for violating the Malware Software policy, suspended accounts cannot run ads in any location, automated and human reviews are used to ensure Google Ads policies are followed, content that violates policies is blocked and advertisers can be suspended for repeated or egregious violation, as I told you before.

Uh, so yeah, these were some of the insights, the client spending, few of the data, the client domain name, uh, the domain was hosted on Shopify, the theme was used being Ella theme.

Okay, so while doing the process, uh, a lot of communication was done in the group, WhatsApp group along with my team, so there are few of the things, you know, which I wanted to tell you, which we did, uh, physically ourselves, for, for instance, you know, the Shopify robots.txt file have some issues, so one of my developers sorted around, suggested few changes for the robots.txt file.

Apart from this, uh, there were a lot of errors on the Google Search Console, which we thought that could be a reason, we, uh, sorted around those, apart from this, uh, we used multiple softwares to determine or detect any possible errors or disapprovals or any third, uh, viruses, malwares on the website for the compliance with Google, although the Google team is very strict and they use ample of resources, but over the time we have learned a lot of things and we know how, uh, we can sort around and we have a checklist of 160 plus checklist, which we ensure for the compliance for Google Business Profile, Google Ads and Google Merchant Center, so which we used over here as well.

So I'm going to show you, uh, few of the things, these were the spendings of the account.

And, uh, with this, uh, you know, there are few things, you know, which I wanted to add over here, this was a comprehensive mail, you know, was, uh, it was done to the Google Ads team, hello Google Ads Policy Team, we recently received a disapproval stating that our website was flagged for "Compromised Site / Malicious Software", I would like to formally request a manual review, below is a complete, consolidated summary of the remediation and security-hardening steps we took to ensure our website is fully clean, secure, and compliant, so for a full malware cleanup and professional security verification, we used the SiteLock's Defend Plan, no malware was detected, no SQL injection threats were over there, no suspicious files or scripts were over there, no compromised software was done over there, I will also, uh, show you the attachment as well of the PDF security attachment of the SiteLock, but we also, uh, physically ensured the theme as well, the source code, we looked around for the deep insights for the compliance.

Uh, apart from this, uh, the second was, uh, confirmation from platform and hosting provider, so we reached out to the Shopify support, our domain and hosting provider, both confirmed that our website is not compromised, we have a valid SSL certificate, all customer connections are secure, chat transcripts confirming this will also be attached, I will also show you.

Server-level security enhancements, inside our hosting control panel (cPanel), we performed additional security measures: activated and configured all available cPanel security features, installed new SSL and TLS certificates, enabled Directory Privacy on sensitive folders, implemented Two-Factor Authentication (2FA) for cPanel access, verified via cPanel's Git Version Control Panel that there are no repositories associated with the domain, meaning no external backdoor access points exist, all changes are documented with screenshots, so you may see around over here that the compromised site and the malicious software were both over there and for them we worked hard.

Plus we looked around for the redirects and external links as well, to ensure no misleading or suspicious content, uh, content, all URL redirected were deleted, external links that may have triggered false positives were removed, website links were manually checked to confirm no hidden redirects or injections remain, although there is an important thing over here as well, even if you remove it right now, you need to wait for the cache update on the Google Search Console, which is very important for the compliance, so we also had to wait for that as well.

Before, you know, submitting the appeal, plus independent malware scanner verification, we ran the website through multiple online malware scanners (Sucuri, VirusTotal, and others), all results indicate: no malicious software, no harmful scripts, no compromised URLs.

Additional monitoring tools added, to ensure ongoing protection, we implemented: Koality Site Quality Monitoring for uptime and security visibility, regular scheduled scans from SiteLock, weekly internal security reviews, daily automatic backups via hosting provider, these steps support long-term safety and compliance.

Uh, we also request for specific details, uh, so we asked the Google that if you have, uh, any idea, anything which is causing an issue, so please provide the specific URLs, scripts, or pages that is triggering the compromised site flag on the website, this will help us pinpoint any remaining issues and make adjustments immediately, we are fully committed to maintain a secure website and want to be 100% compliant with Google Ads policies, so you may see around over here that how detailed the instructions and we provided them.

Okay, I will also tell you few of the things, you know, which we used in the step-by-step procedure as well, and this is the website over here, so now this is an approved and running website, you know, and we had a lot of changes, a lot of things were done and I'm not sure that I will be able to show you all of the things because a lot was done in the group and a lot was done through the team efforts.

But I will tell you few of the things as well, I have already showed you regarding the initial suspension, so for a remap, we suggested adding few pages including the About Us page, Accessibility Statement, Billing Terms & Conditions, Contact Us, Cookie Policy, Copyright Notice, Disclaimer Notice, Do Not Sell My Personal Information, Frequently Asked Questions, so we customly designed those pages for the client, Return and Refund Policy page, Security Statement Policy, Shipping Policy, Terms of Service, Warranty Policy issues, so you may see around over here, a lot of work was done for the compliance of this one.

Okay, there is another audit done through the team, I will also show you over here, so for the, uh, another audit, we, which, uh, you know, which we look around, we look around for the context as well, the content as well, although the website was suspended for compromised site and malware, malware software, but eventually, you know, when it suspended, we may have to look for a deep down small things as well, so if you are looking for same day COD, cash on delivery, free shipping and are we delivering on weekends or not, so we had to sort around this, we had to look around for this as well, smaller errors, smaller issues, some UI UX landing page issues over there, some cookie issues over there, some business identity and consistency issue was over there, sometimes there was a lack of minor things over there as well, you know, a little bit changes, which we suggested, plus we suggested adding the product and feed alignment, product page shows SKU and price, but no visible confirmation of feed alignment with Google Ads or GMC, which is another critical error for suspension, so few other things, few small things, we also did a similar test checkout of the website to see all of the things are working well.

We look around for even the social media pages, small details, plus we looked for the Google Business Profile of the client, so if we have any license documentation, we also suggested adding that, also discussed regarding those as well through the Google team as well.

And the story doesn't end over here because I'm going to show you a lot more data as well, so let's, uh, bear with us.

Okay, so this is over here for the registration CleanTalk, over here, this was for, uh, verification, you may see around over here, the connection is secure, this is done by as per Shopify model.

This is another transparency report by Google Transparency Report and you may see that the website is no unsafe content found, so you may see how detailed this is that we looked around for no, uh, any content issues on the Google Transparency Report as well.

We also looked for the cPanel where there no recent web server errors exist for your domain, no recent suEXEC event exist for your domain, uh, we also looked for cPanel two-factor authentication for further verification.

We also looked for dead links as well, and once the dead links were resolved, you may see around over here, there was no dead links over here as well, so this was also sorted.

And we also deleted a redirect link that may have copied and pasted somewhere else, so we looked around for that and sorted around that as well, plus we deleted all the URL redirects which we think could cause, uh, disapprovals, uh, dead links, uh, you know, external dead links which we thought that can be removed or the part of maybe irrelevant, maybe, uh, they are not relevant or maybe, uh, you know, they are going to dead links, so that could be the reason for account disapprovals and eventually turning into suspension, we removed that as well.

Uh, also we removed the dead link site links, you may see around over here that the compromised site error is over here for the policy violation, which eventually turned into the account suspension.

And, uh, we looked for further directory privacy was also being looked, uh, GDPR compliance was also being done on the website, uh, you may see around over here that Git Version, the system could not find any repository over here, so this was also sorted.

Google Transparency Malware check was because, you know, we got two errors, first it was compromised site, then into malicious software, compromised site, and then we looked around over here as well that no unsafe content is found over here as per even the Google Transparency.

You may see all clear over here, uh, then we also did Immunify scan to see, you may see around over here, no malware errors found, no malware error found, we looked around for all of these features.

Also there was a theme impact that have been sorted around as well, so you may see around no unsafe content, malware scan immunity, everything all clear, so you may see around we looked for the campaigns as well.

This is a certifications detail for the SSL TLS, uh, another place malicious, it's was not being found over here, uh, no compromised site error over there because the site was being checked for themes, issues, but still it's were showing this over there as well.

So we also used PC Risk for the malware scanner to figure out if there is any error they are claiming around.

We also looked for the policy manager and you may see that the ad had been issues with the eight disapprovals, four malicious software.

And the pop-up which we used, we turned off the pop-up for the compliance, we also looked around for other pages of the website for the compliance issues.

Uh, you may see around, we were looking for further pages for anything, any issue for repository warning, the things were being sorted around, the search console security issues as I told you were now sorted around and all were clear, this is a summary SiteLock, which, you know, which I started, stated in the, uh, start in the discussion.

Where pages scanned, malware found zero, links checked, malicious links found, all of these things were being sorted around, platform, vulnerability, plus SQL injection, pages scanned, XSS issues, pages scanned, so there is no vulnerable content on the website.

And this is also being Shopify chat communication was done and in the chat there was the, the Shopify team itself clarified and visited and personally checked for there is no any issue on the website.

Uh, so this is the transcript being attached and this was also being provided to the Google as well during our thing, uh, process, you may see around another site quality monitoring over here, content, performance, uptime, security, technology, where we got 100 out of 100 on cPanel.

Now SiteLock malware check also detected no malware detected, no vulnerable content is detected on the website, no CDN detected, so you may see no malware has been found.

No SQL injection has been, uh, injection vulnerable, uh, have been found on your website.

Uh, the SiteLock, SiteLock scan is complete and no evidence of cross-site scripting XSS vulnerable has been found on the website.

Uh, this is another over here, so you may see another page for any other issues, so you may see how detailed we have gone through over here.

Another Sucuri where the website is that there is no website malware or security error over here and the domain website blacklist status is no, uh, where on this, plus VirusTotal where we got all clean numbers over here, you may see around over here.

Apart from this, uh, the warranty code, everything was being sorted and you may see around all of the work, even extensive work done, plus additional to this, you know, I'm just sharing you the main points, plus a lot of work was done behind the shelters, behind the corners for the approval of the website.

And after this, uh, we finally got an email and after sorting it out, we got this email and I'm showing it with you, Hi advertiser, great news, your appeal was successful, thanks for waiting while your account 404-242-1870 was reviewed, based on your detailed appeal, your account has been reactivated, your ads should resume running within 24 hours, if some of your ads aren't running, try running ad preview and diagnostic tool, remember that some of your ads may still be disapproved if they do not follow Google Ads Terms and Conditions and advertising policies, reach out through the support center if you have any further questions, thank you for the time for running around, so yeah, this is how the, it, it has got approval.

And I will show you the account as well, so you guys can see practically yourself, so this is an account and you may see around, the account was into disapprovals and then now it's running, it's 10th December, it's 11th, so you may see around over here, so yeah, this is a successful case study for the account and I'm very glad that we were able to help this client and if you look around on the notifications, you may see over here, there is a notification which says that your account is unsuspended, your account has been reactivated and it's able to run ads again.

So guys, just for a revision, we can help clients with Google Ads disapprovals, Google Ads suspensions, and yeah, this is a great successful case study for the account which was suspended for malicious software and eventually compromised site, and I'm glad that my team was able to help it out, so if anyone needs any help with Google Ads suspensions, Google Ads disapprovals, Google Ads audit setup and monthly management, we are a Google Partner company and we are sure that we can help you in auditing, optimizing and improving your sales, quality score, plus protecting your account from any suspensions, so yeah.

So if anyone needs a professional Google Ads audit setup or management services, you can hire me and my team through the link in the description and we will definitely work, look forward in working with all of you and I hope you like it, I hope you like the case study, yeah, we look forward working with you guys and thank you for watching, good luck.