Malicious SEO hacking is known by many names—“Blackhat SEO”, “Dirty SEO”, “SEO Poisoning”—but in the end the result is always the same: your site visitors are greeted with a warning from Google that your site may hacked. In many cases website owners find that their site has also been blacklisted or their hosting suspended. This type of hack can be reputation destroying and that’s why it’s so important to safeguard yourself.
The hacker’s goal with this type of malware is to use your site’s top search results and best pages and relink them to spam sites. By hijacking many, many authentic links, they’re gaming the system to boost their own rankings. Links will typically redirect to high profit scams like viagra sales, online casinos or pornography. Your legitimate search results will be replaced with whatever the hacker chooses.
Identifying and finding this hack
Since the malware only displays itself in search results, you’ll probably first notice this hack when a customer or your web host contacts you. You can assume that the actual hack happened quite a while ago; long enough for code to be injected and then indexed by search engines. Various forms of this malware may change the displayed titles of your site, pages, descriptions and links.
Tracking down the hack in the source code can be tricky since the malware is conditional, that is, designed only to be visible under certain circumstances. For example, only viewable to the Google bot that is indexing your site, and then to visitors using Google to search for your site. Expect the hack to be hidden in either legitimate or disguised files and always assume that the hacker created a backdoor or two for easy reentry into the site. Here are a few ways you can identify if you’ve been compromised:
- Plug your site into the Fetch as Google tool in Google Search Console.
- Use the free Unmask Parasites scanner
- Try Sucuri’s free Sitecheck Scanner
Cleaning the malware from the site
Black Hat SEO spam can be almost invisible to website owners, so how can you go about cleaning it?
- The original hack most likely compromised or added PHP and Javascript files. Go through your site and clean out the infected code.
- Examine your database for any suspicious user accounts or code hidden in tables.
- Both active and unused WordPress installs can be compromised so you should never use your server to store old themes, plugins or WordPress versions.
Depending on the type of hack, indexing, and caching – a successful cleanup may not immediately remove spam from your search listing. Google has published steps you will need to take to have them remove the hack warning. Other blacklists authorities will have their own procedures and your site could be on multiple blacklists. Having Google re-crawl your cleaned site and removing any spam URLs that have created 404 errors will help speed up the process of flushing out the spam search results.
Preventing Backhat SEO hacks
There are three common ways for SEO poisoning of your site:
- Poor passwords: Always use strong, unique passwords. We’ve written about this many times and the best way to secure your passwords is with a manager like 1Password or LastPass.
- Hacked WordPress Administrators: Limit the Admin users in your site to the few that actually need those privileges. For day-to-day upkeep, Author or Editor roles are sufficient and safer.
- Software: Security holes in themes, plugins or even WordPress core files are easy targets for exploits. A quick, automated scan of your site will tell a hacker what software you’re using and they can swiftly move in. Know what software your site is running, use tools like WP Scan Vulnerability Database to keep up on vulnerabilities, and manage your updates on a regular basis.
Ongoing proactive monitoring techniques should be used to identify issues. Make sure you create and understand how to use Google Search Console. It is built with tools that can help ID potential security and reputation problems. Track your site on a blacklist watch list and immediately investigate if your IP or domain shows up.
Above all else, don’t ignore this problem. The downside in terms of customers and dollars lost can easily exceed your wildest guess. Invest the needed resources into monitoring, prevention and reaction.
Or just hire Cinch
Frankly, many businesses find that the most effective way to retain and protect their online reputation is to outsource their security and maintenance to us. Chat with us to learn more and see if Cinch is a good fit for you!
