Fixing 'Dangerous Site' Warnings

How to resolve Google Safe Browsing alerts like 'Deceptive pages' or 'Possible Phishing Detected on User Login' that may appear on your n8n instance.

Sometimes, when you visit your n8n instance, you might encounter a red warning screen from your browser (like Chrome or Firefox) stating that the site is a "Dangerous site" or contains "Deceptive pages". This is typically caused by Google Safe Browsing misflagging the login page of your n8n instance as a phishing attempt.

This is not a vulnerability in n8n or an issue with your SSL certificate. It is a false positive from Google's automated scanning systems that affects many self-hosted applications with login screens.

Step 1: Register your site in Google Search Console

To clear this warning, you must prove ownership of the domain to Google and request a review.

  1. Go to Google Search Console and sign in with your Google account.
  2. Click on Add Property (or open the property dropdown on the top left and select "Add property").
  3. Select the Domain property type and enter your domain name (e.g., automate.yourdomain.com).
  4. Follow the instructions to verify your domain ownership. This usually involves adding a TXT record to your domain's DNS settings.

Step 2: Request a Review

Once your property is verified, you can access the security issues report and request a review.

  1. In the left sidebar of Google Search Console, navigate to Security & Manual Actions > Security Issues.
  2. You will likely see issues like "Deceptive pages" or "Possible Phishing Detected on User Login".
  3. Click the Request Review button.
  4. In the form, explain that this is a false positive. For example: "This is a self-hosted instance of n8n, an open-source workflow automation tool. The login page is for my personal use and is not a phishing site."
  5. Submit the request.
Google usually processes these reviews within 24 to 72 hours. Once approved, the red warning screen will be removed, and you can access your instance normally.

Alternative: Use a Different Subdomain

If you need immediate access and cannot wait for Google's review, the quickest workaround is to create a new subdomain (e.g., n8n-new.yourdomain.com), point it to your server's IP, and update your instance to use the new domain.