2 min read

Google Rejecting Ads for Malicious or Unwanted Software

Closeup of womans hand gesturing thumbs down against chalkboardMalicious is such an ugly word. Am I right?

If you’re reading this, then you’re probably having issues with your Google Ads being rejected by Google on the grounds they contain “Malicious or unwanted software”. *shudder* That sounds bad, right? It can be…but also sometimes it’s not. Are you confused yet? Great! Let’s move forward.

What is malicious or unwanted software?

According to Google: “Malware and unwanted software are either downloadable binaries or applications that run on a website and affect site visitors.”

Here are the two main Google Support pages that discuss this in further detail:

The thing with Google is that most of their processes are automated (including their process to identify unsafe websites and malware) which leaves room for error from time to time. So, the probability that your site actually has malware is low (but not impossible, so please make sure you take the appropriate measures to check it out).

What can you do when your website is mistakenly flagged by Google Ads as malicious?

  1. Check out the Google Support page to troubleshoot malicious software Follow the suggestions on that page and make sure everything with your website is as it should be. IF you don’t find any errors there then you know it’s probably a false error that Google is flagging.
  2. Re-submit your disapproved ads. If there’s not anything wrong with your website, update the URL that the disapproved ad links to and re-submit the ad for review. If it’s a system error on Google’s side this might do the trick. It can be time consuming if you have a large number of disapproved ads, but it’s an easy fix otherwise.
  3. Contact Google Ads Support. If you re-submitted your ads and they got disapproved a second time, then you need to contact Google Ads Support. We recommend selecting the chat option – it seems to be the quickest and most thorough way to go about this, in our experience. They will take a look at your account, scan your website for malware, and either send you the URL’s that are scanning as infected, OR they will see there is no malware and re-submit your ads manually on the back end.

If Google Ad Support finds an issue when they scan your site, but you know your site is clean, here are some things that could possibly be causing Google to flag your site:

  • If there are outgoing links on your landing page that go to a website that is not secure – meaning it starts with http and not https.
  • Some WordPress plugins are flagged as malicious by Google.
  • If there are redirects on the domain name or URL of the landing page your ad links to.
  • Some image hosting software can get flagged as malicious by Google.
  • If your landing page has any automatic downloads on it, it can be flagged. According to Google, downloads are only allowed when “the user has consented to the download by clicking a clearly labeled download button”.
  • If your ad is misrepresenting the expected content – like a button that says “Play” but leads to a download, or an ad that mimics another website and content offer, but really links to something unrelated.
  • If your landing page has a submit form that asks for sensitive information (like banking info) without appropriate encryption.
  • If your landing page has custom scripts that are referencing external content that’s being flagged as malicious by Google.