C CSP
Diagnosis
Google Ads Issues
Circumventing Systems Policy Malicious Software Policy Compromised Site Policy Counterfeit Goods Policy Copyright Policy Trademark Policy Destination Issues Misrepresentation Financial Services Google Merchant Center Issues
Case Studies Blog News Contact

Your Site Got Hacked. We Clean It and Get Your Google Ads Back.

Google's Compromised Site policy disapproves ads when your site has been hacked or hijacked. You have at least 7 days before account-level suspension. We use that window to find the breach, clean the site, clear Google Safe Browsing, and reinstate your ads.

Send us the disapproval notice. Within 24 hours you get a written diagnosis: where the malicious code lives, how the attacker got in, what the cleanup involves, and a timeline that beats the 7-day window.

Send Disapproval Notice Talk to a Specialist

Free diagnosis. No commitment. If your case actually falls under Malicious Software (a harder policy), we tell you on day one.

Confirm Which Policy Hit Your Account

Two Google Ads policies cover hacked websites and malware. Google enforces them differently:

Policy What it covers Enforcement
Compromised Site Your site was hacked or hijacked without your knowledge At least 7-day warning before suspension. Ads get disapproved immediately.
Malicious Software Intentional distribution of malware through your site or ads Immediate suspension. No prior warning. Classified as egregious.

The policy name appears in your Google Ads email and in Policy Manager. Check it before starting any cleanup. The appeal strategy and timeline differ.

If your email says Malicious Software, your case is more severe and your account may already be suspended.

Go to the Malicious Software Policy page

What Is the Google Ads Compromised Site Policy?

The Compromised Site policy disapproves Google Ads with destinations whose code has been manipulated to act for a third party without the owner's knowledge. The policy covers hacked sites that inject malicious scripts, install malware, redirect users, or steal data. Google issues at least a 7-day warning before suspending the account.

Source: Google Ads Compromised Sites policy (support.google.com/adspolicy/answer/15938376)

You Have Time. Use It.

Day 0
Ads disapproved

Google detects the compromise. Ads stop running. Account stays open.

Day 7+
Suspension risk

Without cleanup + Safe Browsing clearance, Google escalates to a full account suspension.

Day 14+
Reinstated

Cleanup complete, Safe Browsing cleared, Google Ads re-approves the destination.

Compromised Site enforcement runs on a delayed timer. Ads stop running on the day Google detects the compromise. The account itself stays open for at least 7 days before Google escalates to a full suspension. That window is the difference between a contained problem and a full account loss.

Three things must happen inside the window:

  1. 1 The malicious code gets removed from every location on the site.
  2. 2 The vulnerability that let the attacker in gets patched.
  3. 3 Google's Safe Browsing system rescans the domain and clears it.

The third step is the bottleneck. Safe Browsing reviews can take 24 to 72 hours after submission. Cleanup without Safe Browsing clearance leaves the site flagged, and Google Ads will keep refusing the appeal.

Start the Cleanup Now

What Google's System Flags

Google defines a compromised site as one whose code has been manipulated to benefit a third party without the owner's knowledge, often harming visitors. The examples below come from Google's published list.

Injected Scripts That Transmit User Data

Code added to the site that captures form data, login credentials, or payment information and sends it to an attacker.

Credit Card Skimmers

Specialized scripts that intercept checkout data on e-commerce sites. Common on hacked Magento, WooCommerce, and Shopify implementations with compromised third-party apps.

Malware Installation on Visitor Devices

Code that triggers a download or browser exploit when a visitor lands on the page.

Unwanted Popup Ads

Scripts that show popups on top of your site's content, usually pointing to scam or affiliate destinations.

Unauthorized Redirects

Code that redirects visitors to a different site, often after a delay or on mobile only. The site looks fine to the desktop reviewer but redirects mobile users.

Data Misuse Without Consent

Scripts that share visitor data with third parties in violation of the site's stated privacy practices.

Exploited CMS Vulnerabilities

The site runs WordPress, Magento, Joomla, or another CMS with a known vulnerability that an attacker used to inject any of the above.

All examples paraphrased from Google's Compromised Sites policy. Google's list is non-exhaustive.

How Honest Sites Get Compromised

Nine out of ten Compromised Site cases trace back to one of the entry points on the right. The attacker rarely targets the site by name. Automated bots scan the internet for known vulnerabilities and exploit any site running outdated software.

The disapproval is a downstream symptom. The actual problem is the unpatched entry point. Cleaning the injected code without closing the entry point guarantees reinfection within days.

Common entry points we find
  • Outdated WordPress core, themes, or plugins with public exploits
  • Abandoned plugins no longer maintained by their developers
  • Weak admin passwords or reused passwords leaked in unrelated breaches
  • Compromised hosting accounts shared with other hacked sites
  • File upload forms without proper validation
  • Unsecured staging or development environments left accessible
  • Third-party scripts loaded from compromised CDNs
  • E-commerce platform plugins that were themselves compromised upstream
  • Forgotten admin accounts created by previous developers

How We Clean Your Site and Reinstate Your Ads

  1. 1

    Diagnosis within 24 hours

    We pull the disapproval reason from your Google Ads Policy Manager. Google sometimes names the compromised domain or script in the disapproval detail. We run the Safe Browsing site checker, review the Search Console Security Issues report if you grant access, and run independent malware scans. You receive a written report identifying the infection and the likely entry point.

  2. 2

    Honest Verdict

    If the case is a clean Compromised Site issue with a clear cleanup path, we quote the work. If our scan reveals the issue actually involves intentional distribution (rare, but it happens when a site owner is unknowingly hosting affiliate malware), we explain the escalation risk to Malicious Software before any work begins.

  3. 3

    Source Cleanup

    We remove every malicious file, database injection, and configuration change introduced by the attacker. We close the entry point: software updates, password resets, file permission corrections, removal of unused plugins or themes, security hardening at the server level.

  4. 4

    Safe Browsing Review

    After cleanup, we submit the site for review through Google Search Console. Google's Safe Browsing system rescans the domain. Until Safe Browsing clears the site, Google Ads will not re-approve the destination, regardless of any appeal language. This step is what most DIY cleanups skip.

  5. 5

    Google Ads Re-Approval

    Once Safe Browsing clears the domain, we use the appeal pathway Google recommends for Compromised Site: either "Made changes to comply with policy" if the destination was the only issue, or "Dispute decision" through Policy Manager. Google allows up to 72 hours for the system to re-crawl and re-evaluate the landing page.

  6. 6

    Post-Reinstatement Hardening

    We deliver a written security checklist covering ongoing monitoring, update schedules, malware scanning, backup hygiene, and access control. Reinfection within 90 days converts the case from Compromised Site to Malicious Software in many cases. Prevention is the work that matters most.

What You Get When You Work With Us

Diagnosis report identifying the infection and entry point
Safe Browsing status check
Search Console Security Issues review
Full site cleanup at file, database, and server level
Vulnerability patching and security hardening
Search Console Safe Browsing review submission
Google Ads re-approval through the correct appeal pathway
Reviewer follow-up handling
Post-cleanup verification scans
30-day check-in and written hardening checklist

Pricing

Compromised Site cases scale with site size and infection complexity. Diagnosis is free.

Diagnosis Only

Free
No commitment
  • Safe Browsing and Search Console review
  • Infection and entry point identification
  • Cleanup scope and quote
  • Honest verdict on case complexity
Start
Most Common

Single-Site Cleanup + Re-Approval

Single domain, single CMS, single infection

Starting at
$250
  • Full cleanup and entry-point patching
  • Safe Browsing review submission
  • Google Ads re-approval
Start

Complex Cleanup + Re-Approval

Multi-domain, large CMS installation, user-generated content, e-commerce with checkout compromise, or reinfection cases

Starting at
$350
  • Everything in Tier 2
  • Deep server-level audit
  • Extended hardening implementation
Start
Start With a Free Diagnosis

Cases We Will Decline

Some Compromised Site cases fail at re-approval or fall outside our intake policy. We tell you within the free diagnosis if your case lands here.

  • Sites where the "compromise" is actually intentional content the operator placed (rebrands the case as Malicious Software, which we may still take depending on circumstances)
  • Sites that refuse to update outdated CMS, themes, or plugins after cleanup (guaranteed reinfection, not a service we offer)
  • Sites where access to the server, hosting, or admin credentials is not available to perform cleanup
  • Repeat-compromise cases where the operator declines security hardening after the third cleanup
  • Sites running on hosting providers that themselves serve malware at the network level, where individual cleanup will not stick

Compromised Site Policy — Common Questions

What is the Google Ads Compromised Site Policy?

It is the policy that disapproves Google Ads when the landing page or destination has been hacked. Google defines a compromised site as one whose code has been manipulated to act for a third party without the owner's knowledge. The policy covers injected scripts, credit card skimmers, malware installation, unwanted redirects, and exploited CMS vulnerabilities.

Will my Google Ads account be suspended?

Not immediately. Google issues at least a 7-day warning before account-level suspension. Ad disapprovals appear at the moment of detection, but the account itself stays open during the warning window. Cleaning the site and clearing Safe Browsing inside that window prevents the suspension.

How is Compromised Site different from Malicious Software?

Compromised Site covers honest operators whose sites were hacked. Enforcement comes with a 7-day warning. Malicious Software covers intentional distribution of malware and triggers immediate suspension with no warning. The disapproval email names which policy applies. The appeal pathway differs for each.

How do I know my site has been hacked?

Four signals usually appear together: Google Ads disapproves the ads with a Compromised Site reason, Google Safe Browsing flags the domain at transparencyreport.google.com/safe-browsing/search, Google Search Console shows a Security Issues report (if the site is verified), and visitors report popups, redirects, or unexpected behavior. Any one of these signals justifies a full malware scan.

How long does the cleanup take?

Most single-site cases close within five to ten business days. The cleanup itself takes one to three days. The Safe Browsing review after submission takes another 24 to 72 hours. Google Ads re-crawl takes up to 72 hours after Safe Browsing clears the site. Complex e-commerce or multi-domain cases run longer.

Can I clean the site myself?

Yes, if you know how to find the actual infection point. Most DIY cleanups fail in one of two ways: they miss the injection point because the malicious code is hidden in the database or in scheduled tasks rather than in obvious theme files, or they clean the visible files but leave the vulnerability open and the site gets reinfected within days. If the site is on WordPress and you can access the server, the cleanup is possible. If you cannot identify how the attacker got in, professional help is faster.

Why are my ads still disapproved after I cleaned the site?

Two reasons usually apply. First, Google Safe Browsing has not refreshed the site status yet. Safe Browsing maintains its own threat database, and Google Ads checks that database during re-approval. Submit the site for review through Google Search Console to trigger a Safe Browsing rescan. Second, the cleanup missed something. Google's automated rescan during the appeal sometimes catches malicious code in locations the human cleanup overlooked.

Do I need Google Search Console?

For the fastest cleanup, yes. Search Console gives you direct access to the Security Issues report, which sometimes shows the specific files or URLs Google flagged. It also gives you the Safe Browsing review submission pathway, which is the fastest way to clear the threat-list status. If the site is not verified in Search Console, verify it before the cleanup starts.

What if my hosting provider says the site is clean?

Hosting provider scans usually catch known-signature malware but miss custom injections, database-level compromises, and configuration-level backdoors. Run an independent scan with at least one external tool. A clean Safe Browsing report on the domain matters more than any single scanner.

Can I just change the destination URL on my ad to fix this?

Google's policy lets you update the ad to a new, clean destination. The disapproval clears for the new URL. The compromised site still has the problem, so any future ad pointing back to it will be disapproved again. Cleanup is the only durable fix.

What if the same site keeps getting reinfected?

The entry point was not closed during cleanup. Reinfection within days or weeks means either the vulnerability is still open, an admin password was leaked, or a backdoor file was missed. The third cleanup on the same site should include a server-level rebuild rather than another file-level scrub.

Does Compromised Site escalate to Malicious Software?

Google can reclassify a case if the review finds evidence that the operator knew about the malicious code and left it in place. In practice, this happens when an advertiser ignores the 7-day warning, allows the account to be suspended, and then appeals without cleaning the site. The pattern of "knew and did nothing" pushes the case toward Malicious Software territory.

Related Policies You May Also Be Facing

Malicious Software Policy

The closest neighbor. If Google escalated your case or your email says Malicious Software from the start, that page is the correct starting point.

Learn More

Destination Issues

Some Compromised Site disapprovals appear alongside Destination Not Working or Destination Mismatch flags when the attacker added redirects.

Learn More

Circumventing Systems Policy

Severe compromise cases with cloaking injections sometimes get bundled with Circumventing Systems enforcement.

Learn More

Don't Wait Out the 7-Day Window

Free diagnosis within 24 hours. Cleanup that beats the suspension deadline. Honest verdict if the case is more complex than it looks.

Send Disapproval Notice Email resolve@circumventingsystemspolicy.com
Send Suspension Notice