I am running a dropshipping website that handles product listings, customer accounts, and checkout functionality, and I have recently started receiving reports from users that AVG is flagging my site as unsafe or potentially harmful. These warnings appear inconsistently some users see browser alerts or blocked page messages, while others can access the site without any issue. From my perspective as the site owner, server logs and application logs do not show obvious signs of compromise, and other security scanners report the site as clean. This inconsistency makes it difficult to determine whether there is an actual security issue or if the site is being incorrectly flagged by AVG’s detection mechanisms.
One of the challenges is identifying what specifically triggers these warnings. The website uses a combination of third-party scripts for analytics, advertising pixels, live chat, and payment processing, which are common in e-commerce setups. I suspect that one or more of these external resources might be triggering heuristic or reputation-based detection, even though they are widely used and trusted services. Removing these scripts temporarily reduces functionality and conversion rates, so it is not a practical long-term solution. I would like guidance on how AVG evaluates third-party scripts and how to safely verify whether a specific resource is causing false positives.
Another concern involves server-side behavior. The website runs on a shared hosting environment with standard security hardening, but there are background processes such as cron jobs for order syncing, inventory updates, and price changes. I am worried that automated requests or API calls might resemble suspicious behavior patterns, especially when multiple updates occur in a short time frame. Although these processes are legitimate, they may appear abnormal to automated security scanners. Understanding how AVG distinguishes between malicious activity and normal automated server behavior would help clarify whether configuration changes are needed.
Customer trust and traffic impact are becoming serious issues. When AVG blocks access or displays warning messages, users often abandon the site immediately, leading to lost sales and increased support requests. Even after the warning disappears, users may hesitate to return. From a business perspective, this creates a significant problem, especially since the site relies on paid traffic and organic search. I am looking for best practices on how website owners can proactively ensure compatibility with AVG’s security checks and minimize the risk of being flagged without clear cause.
I have also attempted to submit the site for review or reclassification, but the process is not always clear or fast. In some cases, the site appears clean after review, only to be flagged again days or weeks later. This cycle makes it difficult to maintain confidence that the issue has been permanently resolved. Any guidance on the correct procedure for reporting false positives, providing supporting evidence, or monitoring site reputation within AVG’s ecosystem would be extremely helpful.
Finally, I am interested in understanding long-term preventive measures. This includes recommendations for server configuration, script management, SSL usage, content delivery networks, and security headers that align well with AVG’s detection models. My goal is to run a secure, trustworthy dropshipping website that does not trigger unnecessary security warnings while still using modern e-commerce tools and integrations. Insights from the AVG community on avoiding false positives, improving site reputation, and maintaining ongoing compatibility with AVG security products would be greatly appreciated.