How to fix the Ads Disapproved due to malicious or unwanted software in Google Ads
How to fix the Ads Disapproved due to malicious or unwanted software in Google Ads
Malicious software or “malware” that may harm or gain unauthorized access to a computer, device, or network
Below are some examples
Examples (non-exhaustive): Computer viruses, ransomware, worms, trojan horses, rootkits, keyloggers, dialers, spyware, rogue security software, and other malicious programs or apps
and/or
Examples (non-exhaustive): Failure to be transparent about the functionality that the software provides or the full implications of installing the software; failing to include Terms of Service or an End User License Agreement; bundling software or applications without the user’s knowledge; making system changes without the user’s consent; making it difficult for users to disable or uninstall the software; failing to properly use publicly available Google APIs when interacting with Google services or products
The error might be caused by the following scenarios
Malicious advertising: You are using any script/code which is showing an advertisement on your website (like Adsense or similar) or any script that can show two different things on the same spot/page to two different visitors that open the same landing page from two different locations. It might be possible that your website is hacked and some potential script is hidden in server pop-ups or advertising.
Poor code or outdated script. Any poorly coded or outdated script might compromise the security of visitors visiting your website or steal any data by injecting something.
There might be some piece of code that is false-positive but actually not malicious code. Some examples are pop-ups on the landing page for subscriptions or fly-out in the lower right or left corner or something similar activity on the website.
Your website has some download buttons/links for some file/report/book/music/software with some strange file extension that is flagged by some browser as malicious.
Your website may be flagged by any antivirus software running on any visitor’s computer. Most antivirus companies have their own online database for malicious websites or websites lacking basic security. Your website might be in that database.
It might result from using some nulled plugin/theme/code/script from an unknown source. It might be possible that you are using some outdated plugin/theme/script that might be used by some hacker to hack your website by exploiting the vulnerability of that plugin/theme/script/code.
You are using any content management system (CMS like WordPress, Joomla, Shopify) plugin(s) or script code that is deemed malicious by Google or any other company.
Custom scripts added to the landing page are referencing external content deemed malicious by Google.
You might be loading the content from another website by using some script/plugin.
Sometimes, a browser will automatically search for a favicon on your landing page. A favicon is an icon image or tab icon that’s associated with your website. If your browser does not detect a favicon installed on your page, this can return a 404 error within the browser console, and Google Ads may flag this 404 as malicious.
You have included automatic downloads on the landing page. According to Google’s Unwanted Software Policy, “download of [a] software should only begin when the user has consented to the download by clicking on a clearly-labeled download button.”
Solution
Scan your website with
https://wpsec.com/
https://geekflare.com/tools/wordpress-security-scanner
https://scanner.pcrisk.com/
https://sitecheck.sucuri.net/
https://quttera.com/website-malware-scanner
*It would be best to scan your site will all of them.
If the site scan[s] returns positive results, you will have to manually find and replace the corrupted files and/or malicious software.
After you have completed that task you will have to clear the cache and start the scan again.
If the site scan[s] still shows corrupted files and/or malicious software, then you will have to restore your website to a previous version. Then you will have to re-scan the website.
If the site scan[s] doesn’t show corrupted files and/or malicious software but your ad destinations are getting flagged, then you will have to contact Google Ads support.
It would be best to provide some documentation of the negative scans.
Top posts in Google Ads
How to audit Google Ads campaigns