PhishTank Blacklist Removal

By DrGlenn — USA-based WordPress security specialist· 290+ cleanups across 34 countries· Updated June 22, 2026

Is PhishTank blocking your website?

If your site is listed by PhishTank — a PhishTank “Valid Phish”/“Online” listing for your URL (surfaces via many aggregators) — it usually means it was hacked or abused at some point. Here is how to get cleaned up and delisted.

Step 1 — Make sure the site is actually clean

Requesting delisting while the problem is still live just gets you re-listed. Check first:

If anything turns up, get it fully cleaned first — removing the visible malware is not enough if a backdoor remains.

Step 2 — Request delisting from PhishTank

PhishTank takes per-URL false-positive disputes from the phish detail page (free). Start here: phishtank.com

  1. Locate the phish detail page for the exact flagged URL on phishtank.com.
  2. Click “Something wrong with this submission?” and select false positive, with an explanation/evidence.
  3. Moderators investigate (often within a couple of business hours).
  4. On approval the URL is removed within ~15 minutes.
  5. For domain reputation tied to Cisco/Talos, file separately at the Talos reputation center.

Good to know: Appeals are per individual URL, not whole domains; removal from PhishTank does not remove the URL from downstream feeds. PhishTank is operated under Cisco Talos. Free.

Step 3 — If it keeps coming back

A listing that returns means the infection or abuse was never fully resolved — usually a backdoor, a rogue admin, or malware in the database. As a USA-based WordPress security specialist I remove it completely, submit the delistings for you, and harden the site so it stays clean.

Get my site cleaned · See how it works · read my client reviews.

More guides: SORBS, Sucuri, Cisco Talos · all blacklist & antivirus guides · full report-link directory.