Google Tag Manager, Malware detection and tags not firing
Have you ever been frustrated by attempting to visit a particular website, only to discover a red page with the text stating “malware detected” instead? Believe it or not, but this is Google's way of keeping you safe.
GTM is a very powerful tool in the hands of a Digital Analyst. However in rare situations, it can technically be misused to deliver harmful malware content to the websites visitors. Thanks to Google and its new security feature, it is now less risky.
On more than one occasion I have come across false malware warnings. The website was absolutely legit and there was no malware whatsoever. Yet, it was still detected and flagged and users struggled to visit it. Can this also happen to your completely legit Google Tag Manager container? Well, I can think of at least one situation where this is possible.
in to do exactly what you need it to. You include that plugin using <script src='external-domain' > HTML tag and publish your container. Weeks later, the original website of the jQuery plugin was marked as malware and subsequently, so was your container.
In a recent security update Google have advised that if your tag references a malware flagged domain, it may stop firing as well as flag the entire container. Consequently, you will end-up losing analytics data and this is not good. Not good at all.
I'd personally like Google to provide a more detailed explanation on how this new security enhancement will work. Don't get me wrong - I am all for safe browsing and reducing potential risks! It is a very important thing to do.
So if you have a GTM container full of tags - what can you do to stay on the safe side?
Stick to the built-in tags, think twice before using Custom HTML Tags and think 10 times before allowing it to use document.write
Black-list Custom HTML tags on website pages where you are not using Custom HTML Tags
Enable two-step verification on the Google Account you use to access GTM
Periodically review your tags
Never use external scripts (or scripts you don't know what they are doing) on a secure payment pages with sensitive data
Talk to Internetrix if your website and/or your GTM container tags get flagged as malware. We will do a complete security and technical audit and remove or fix malicious tags (if any) and ensure your data collection is up and running.