PhishTank Blacklist Removal
By DrGlenn — USA-based WordPress security specialist· 290+ cleanups across 34 countries· Updated June 22, 2026
Is PhishTank blocking your website?
If your site is listed by PhishTank — a PhishTank “Valid Phish”/“Online” listing for your URL (surfaces via many aggregators) — it usually means it was hacked or abused at some point. Here is how to get cleaned up and delisted.
Step 1 — Make sure the site is actually clean
Requesting delisting while the problem is still live just gets you re-listed. Check first:
- Run my free Is My Site Hacked? checker.
- Cross-check on VirusTotal.
If anything turns up, get it fully cleaned first — removing the visible malware is not enough if a backdoor remains.
Step 2 — Request delisting from PhishTank
PhishTank takes per-URL false-positive disputes from the phish detail page (free). Start here: phishtank.com
- Locate the phish detail page for the exact flagged URL on phishtank.com.
- Click “Something wrong with this submission?” and select false positive, with an explanation/evidence.
- Moderators investigate (often within a couple of business hours).
- On approval the URL is removed within ~15 minutes.
- For domain reputation tied to Cisco/Talos, file separately at the Talos reputation center.
Good to know: Appeals are per individual URL, not whole domains; removal from PhishTank does not remove the URL from downstream feeds. PhishTank is operated under Cisco Talos. Free.
Step 3 — If it keeps coming back
A listing that returns means the infection or abuse was never fully resolved — usually a backdoor, a rogue admin, or malware in the database. As a USA-based WordPress security specialist I remove it completely, submit the delistings for you, and harden the site so it stays clean.
Get my site cleaned · See how it works · read my client reviews.
More guides: SORBS, Sucuri, Cisco Talos · all blacklist & antivirus guides · full report-link directory.