Firefox "Reported Attack Page!" / "Deceptive site" block
Firefox's malware protection, fed by Google Safe Browsing, blocked the site for serving attack code or malware.
What you see
Deceptive site ahead (or) Reported Attack Page! Firefox blocked this page because it may try to install dangerous programs that steal or delete your information (for example, photos, passwords, messages, and credit cards). Go Back
What’s actually happening
Firefox throws a full-page block — older builds say "Reported Attack Page!", current ones "Deceptive site ahead" or "Reported Unsafe Site" — with a "Go Back" button and a buried "See details / ignore the risk" link. It looks like a Firefox-specific problem, but the data comes straight from Google Safe Browsing, the same list Chrome uses. So a site flagged in Firefox is almost always flagged in Chrome too. It usually means the site got compromised and is serving malware or attack scripts.
Common causes
- Site compromised and serving malware or drive-by attack scripts to visitors
- Injected/obfuscated JavaScript in templates or database content (e.g. injected into wp_posts or header.php)
- Nulled or outdated plugins/themes carrying a backdoor that was used to plant the attack code
- A third-party or ad script on the page pulling in malware from an external host
- Google Safe Browsing flagged the URL; Firefox mirrors that list, so the block persists until Google clears it
How to fix it
- Check why Google flagged it — Firefox is just the messengerFirefox pulls from Google Safe Browsing, so go to Google's Transparency Report (transparencyreport.google.com/safe-browsing) and enter the domain to see the verdict, and open Google Search Console, Security Issues for sample URLs and the category. Fixing it in Firefox alone isn't a thing — you clear it at the source.
- Clean the malware on the serverScan the whole document root: diff core files against clean copies, search templates and the database for injected <script>, eval(, and base64 payloads, and check recently changed files. Load the flagged sample URLs and read the page source to find exactly what's being served.
- Lock the site down so it doesn't get re-flaggedRotate every credential (CMS, FTP, hosting panel, DB), update core/plugins/themes, remove nulled extensions and unknown admin accounts, and patch the vulnerability that let them in. Clearing the payload without closing the hole just resets the clock.
- Request a review through Google Search ConsoleWith the site clean, submit a review under Security Issues and note what you removed. Malware reviews typically take a few days, phishing often around a day. Because Firefox uses the same list, clearing Google fixes Firefox, Chrome, and Safari together.
- If you're a visitor who needs in anywayYou can click "See details" then "ignore the risk" to proceed, or temporarily turn off Settings, Privacy & Security, "Block dangerous and deceptive content." Only do this for a site you fully trust — the warning exists because Google saw attack code there.
Stop it recurring
Patch and harden the CMS, drop nulled plugins/themes, enforce strong admin credentials with 2FA, and scan regularly so a compromise is caught before it lands on the Safe Browsing list.