Compromised sites

Abusing the ad network

Google provides translated versions of the Advertising Policies Help Center, though they're not meant to change the content of the policies. The English version is the official language used to enforce Google Ads policies. To view this article in a different language, use the language dropdown at the bottom of the page.

Ads across the Google Network should be useful, varied, relevant, and safe for users. Google Ads doesn't allow advertisers to attempt to trick or circumvent our ad review processes with their ads, content, or destinations.

Learn more about the Abusing the ad network policy.

Violations of this policy will not lead to immediate account suspension without prior warning. A warning will be issued at least 7 days prior to any suspension of your account. Learn more about suspended accounts.

In this article

A compromised site is a site or destination whose code has been manipulated to act in ways that benefit a third party without the knowledge of the site or destination’s owner or operator, often in a way that harms the site’s users.

The following would lead to disapproval for compromised site:

red x mark Destinations which are hijacked and hacked

Examples (non-exhaustive):

  • Sites injecting scripts or code that transmits user data without consent, like credit card skimmers, installing malware on end user devices, launching pop-up ads, redirecting users to other websites, and doing things with user data without the end user’s consent
  • Operating a website using a content management system with known security vulnerabilities, where it has been exploited

Options to fix

If this policy is affecting your ad, review your options to fix below.

Verify disapproved ads for Compromised site

  1. Go to Ads within the Campaigns Campaigns Icon menu.
  2. Add a filter for "Policy Details: Compromised site".
  3. If there are ads disapproved for "Compromised site", continue to the next steps.

Review the disapproval reason

Review the disapproval reason to view where the content is loaded from. Google Ads sometimes shows compromised domains in your Google Ads account when it’s possible to identify them.

Review your site and remove any code that refers to the identified domains. Google provides information to help you fix your site through Help for Hacked Websites. You can also use Google Search Console to run a Security Issues Report to identify malicious software and other security issues on your site. You can also set up email notifications in Search Console to proactively monitor for these issues.

Check the status of your site

Check the status of the website or final URL of disapproved ads in Google's External Safe Browsing Site Status Checker. You can also contact your web developer or security specialist for a thorough security assessment of your website. This can help identify and eliminate any malware, malicious code, or security vulnerabilities.

When a site is disallowed in Safe Browsing, it means that it has been disallowed as a result of the unsafe content that it may be exposing to users using features like organic listings. Fix the malware issue on your site and file an appeal through Google Search Console to have the domain removed from the Safe Browsing threat list. Your site or landing pages should automatically be re-enabled to serve ads after you’ve successfully completed this process. Contact support if your ads are still disapproved after completing this process.

If you can’t fix the ad’s destination, you can update the ad with a new destination that follows this policy. Editing the ad will resubmit the ad and its destination for review.

Troubleshoot issues with Malicious software

  • Contact your web developer or security specialist for a thorough security assessment of your website. This can help identify and eliminate any malware, malicious code, or security vulnerabilities.
  • Update your website software. Make sure that your content management system (CMS), themes, and plugins are updated to the latest versions.
  • Use Google Search Console to review your site. You can use Google Search Console to run a Security Issues Report to identify malicious software and other security issues on your site. You can also set up email notifications in Search Console to proactively monitor for these issues.
  • If you can’t fix the ad’s destination, you can update the ad with a new destination that doesn’t violate this policy.

After cleaning your website, resubmit your ads for review. The review process can take some time, so allow the system up to 72 hours to recrawl and re-evaluate the landing page.

Appeal the policy decision

Editing the ad will resubmit the ad and its destination for review. In case changes have been made to only the landing page, appeal those ads using the "Made changes to comply with policy" button.

If you've fixed your destination or believe that there's been an error, appeal the policy decision directly from your Google Ads account using the "Dispute" button in the Policy Manager. After confirming that both the ad and ad destination are allowed, your ads can be approved.

Steps to submit an appeal

  1. In the “Status” column of the ad you want to dispute, hover over the ad status, and click Appeal.
  2. Under "Reason for appealing", select Dispute decision or Made changes to comply with policy.
  3. Under "Appeal the following", select which ads you want to appeal.
  4. Click Submit.

You can check the status of your appeal in Policy manager in your account.

Was this helpful?

How can we improve it?
false
Search
Clear search
Close search
Main menu
16800087627575331475
true
Search Help Center
true
true
true
true
true
73067
false
false
true
false