Since WordPress is the most frequently used CMS in the world, it has been found that WordPress websites are often targeted by SEO spammers. There are millions of insecure WordPress installations being done across the world daily including – un-patched vulnerabilities in plugins, themes, and WP core.
Do you have SEO spam on your wordpress site? you don’t need to be worried about SEO spam infected WordPress site , Discover what WordPress spam is and learn how to find and remove blackhat SEO spam links. Follow this step by step tutorial to effectively remove WordPress SEO Spam from your website
What is SEO Spam ?
Search engines use a wide variety of factors to decide where a particular website should, ideally, rank on the SERPs. Speaking of factors, one of the key factors is the number and quality of the incoming links that a particular website possesses. All in all, when a website has more quality and relevant links, it will rank higher.
SEO spammers tend to use an amalgamation of spam links, keywords, and various other phrases to insert in someone’s website, thus improving the search engine rankings of their website.
In many cases, these spammers also add a link to another website having spam, malware or other content that the search engines are least bothered to index. Using this approach, called SEO Spam also known as ‘spamdexing‘, these spammers use their low-quality websites to rank higher in the search engine results.
The main reason behind the popularity of this hack is that it can target any WordPress website irrespective of its size. Commonly, small websites, non-governmental organizations, WP blogs lacking SSL certification or don’t have effective security measures are easy targets of this particular hack.
In case, the spammer is successful in overloading your website with his content, it will significantly reduce the speed of your website as well.
Usually, the owner remains unaware of this hack as it is well – camouflaged. Therefore, this is one of the most tricky hacks to detect. You could easily become a victim of the hack without even knowing it.
How SEO spam affects your website?
To have a better comprehension of what exactly happens to your website when it comes to face to face with the spam attack, let us understand it with the help of a real-life example.
As per this example, a seller is looking to sell illegal pharmaceutical products, Viagra or Cialis online. The seller has also chosen a website through which he is planning to sell these illicit drugs i.e. Canada Drugs.
They have used the exact words of the products as their keywords and they have inserted these keywords in the top-ranking pages of the websites they have hacked in the past. This is termed as the Black-Hat SEO technique and called Wordpres Pharma Hack as well. And whenever a buyer is looking to buy these illegal drugs online, these websites will be ranked.
When we typed ‘buy viagra cialis online’ following were the Google search results –
The catch here is that the top-ranking websites for this particular keyword were not pharmaceutical ones, but rather –
- About Us page was of an eco-friendly company.
- The tariff details were of some French-based musical website.
- The beverage page of the menu of a Mexican restaurant
Have you noticed how random that is? The spammer has targeted websites that were easy to attack.
We have mentioned above that this hack is not that easy to track. The spammer has executed it in such a manner that you are not able to see it and it is only visible to the search engine crawlers.
When we opened the first website, there was nothing weird and pages looked quite normal.
However, when the website was searched on Google and opened the website, we were presented by the spam page that promotes the pharma website of the hacker – Canada Drugs.
Types of SEO Spam in WordPress
Once the hacker has access to your WordPress website, there are numerous malicious ways they can use. SEO spam happens to be one of them. But, the worrying fact is that this particular hack can be combined with other types of hacks, making it more lethal.
Let us take a look, in detail, at what are the common types of website SEO spam are –
If unfortunately, the hacker has somehow gained access to your database, he can send emails to endorse his product. Now, since the hacker has used your email address to send the emails, the customers will not have any sort of doubt and deem it as trustworthy. They will only get an idea of hacker’s tricks once they open it.
Here is when you will start facing issues. Your customer will be flagging your emails as spam and eventually, mail servers will make you as ‘spam’.
Inserting spam keywords
Even if the spammy keywords are not visible on the public pages, the hacker can use these keywords to rank your website for particular search terms they are using in a scam. This is called Black Hat SEO technique which comes under cloaking.
You and users will not be able to see it. Whenever a user will search for these keywords, your website will rank.
Creating new pages
Creating new web pages is also one of the methods used by hackers to gain complete control over your website. At times, they can create thousands of them. These hackers can use these pages to influence search engines.
Spammy ads and banners
Hackers can replace advertisements, call to actions (CTAs), banners and use their products and content of their website instead.
Spammy link injection
Hackers are always on a lookout for a healthy website that has an impressive ranking in the search results. They further use such websites to add malicious links intended to redirect the visitors to their website.
These hackers also use a method known as ‘clickjacking‘. As per this method, they deceive the users by adding a hidden link under the clickable content.
When the user clicks on such links, they are taken to another website, these websites usually sell or promote illicit products. This can also lead to your Google ads disapproved due to malware in website.
This Black Hat SEO method that hijacks search results of Google by displaying Japanese words both in the title and the meta descriptions of the infected pages. This particular method is also known as Japanese Keyword Hack, Japanese Search Spam, or Japanese Symbol Spam.
Such pages tend to have affiliate links to all those stores that are selling forged branded merchandise. They tend to explore your popularity and search rankings so that they can advertise other websites or stores fraudulently. These pages are monetized utilizing affiliate links to stores selling forged branded merchandise and then showing to Google search.
How to find SEO spam?
Since SEO spam can be in the core files of your website, it can be a bit tricky to find it. If you are worried sick about how you will find SEO spam, then you don’t need to be. Let us discuss some tools that will help SEO spam on your WordPress website –
The best thing about WordPress is that it has plugins for every purpose and it has plugins for SEO spam too. You also have multipurpose wordpress security plugins, at your disposal, that you can use for this. Here is the list of tools that offer integration with malware scanning tools –
- Cerber Security, Antispam & Malware Scan
- Ninja Scanner
- Security & Malware scan by CleanTalk
- Quttera Web Malware Scanner
Google Transparency Report
With the help of the Google Transparency Report, you can add a web address of your website or even the URL of a particular page. Google will tell you whether the website or the page is secure enough to be visited or not. Even if your website is not affected, it can be a good idea to check your website standing with the leading search engine.
While the above point is intended for the users of your website, there are a plethora of online scanners available out there that are, especially, beneficial for the owners.
UnmaskParasites , Wp hacked help and Sucuri Site Check are some of the popular ones. These scanners can help you scan your wordpress for malware effectively.
Using these scanners, you can –
- Scan for SEO spam.
- Locate vulnerabilities such as outdated plugins and various other issues related to security.
- Checking your blacklist status.
- Google Search Console
Using this holistic console, you will not only locate Black Hat SEO spam but at the same time, you will also maintain the overall SEO health of your website. With the help of Google Search Console, you will have an idea of any drop in the website traffic as well.
How can I prevent my Website from SEO Spam
SEO spam not only hurts your website’s rankings but they also end up hurting your credibility with your users as well.
You can stop the hackers from hurting your rankings and credibility by strengthening your SEO security using following-discussed steps –
Have a CAPTCHA
CAPTCHA (Completely Automated Public Turing Test) is a set of images with a theme you have to select correctly to log in to your account or to make a payment on a website. CAPTCHA makes out whether the user is a bot or a human being.
By deploying CAPTCHA at your website, the hackers will not be able to deploy bots to fill your website with SEO spam.
Install a web application firewall (WAF)
If you install a WAF, bad bots will not be able to comment spam on your website. When you evaluate WAF options, the solution you have opted for must have a built-in CAPTCHA.
Update your software and plugins.
Outdated plugins and software can lead to vulnerabilities that are easy to exploit by hackers. Owing to this, it is imperative that you have the latest content management system. You must ensure, on regular intervals, that your software is up to date and security patches are complete.
Keep track of backlink profiles
It is through low-quality links and redirects that the hackers carry out their SEO spam attacks. Therefore, it is important you have kept a track of these things on your website.
You can use SEO monitoring tools that will come handy in keeping a track of backlinks and keywords to help you make out when a hacker is initiating a malicious redirect on your website.
How to remove your WordPress SEO spam links
Toxic links can prove detrimental to your website. They tend to consume your whole website and also hamper the rankings in the SERPs. Now, you might be wondering how? Well, Google Penalties because of the unnatural links coming from –
- Blog Comments
- Blogrolls & Other Blocks of Links
- Site-Wide Links
- Footer Links
- Web Directory Links
- Anchor Text Distribution
- Forum Profile Links & Signatures
- Article Directory Links
- Link Networks
Comment spam is considered a type of spamdexing. Hackers use various tools to deploy comments automatically to scale higher rankings in the SERPs.
Owing to this, the blogging platforms tend to mark these comments as nofollow so that they don’t get indexed by Google.
Blogrolls & Other Blocks of Links
This category comprises the blogroll links and groups of links that do not belong to the blogroll model. Let us explain this with the help of a website that was engaged in misusing the search engines and it was not a blogroll.
The domain makes use of the widgets that are not installed on varied websites where the webmasters get to place their link. In case too many links somehow belong to this pattern, Google algorithm will consider them unnatural and you may be penalized for that. Some of such links can also belong to the statewide link category.
Such links are an example of toxic backlinks. Side-wides are responsible for hurting your website rankings. A domain needs to have the necessary authority, if you don’t have this and have received site-wides from a low-quality website then Google will penalize your website.
A couple of years back footer links were legit, but some websites started to abuse this technique. Well, owing to this reason, Google decided to deploy site-wide links into the link schemes list. Such links will end up deforming your analysis and above all does not have much value from an SEO perspective.
Let us assume you have one link from a domain rather than having several links from the same domain. The value of this one link is way more than 100 links from that same domain.
In case Google sees a link from a domain, it will be counted as one and if there is more than one link, from the identical domain, then also it will be counted as one. From a manual perspective, you qualify to receive a penalty and such links are not trusted by Google and manual actions are performed quite often. This can get your website blacklisted in google and it will show a message that “This Site May Be Hacked” in Google
Let us assume you have multiple footer links, in that case, you have successfully raised a red flag to Google.
Web Directory Links
If you are getting an increasing number of links from web directories, then it is not considered a legit practice. In case you do, then you have raised a red flag to the Google algorithm. Listing on numerous directories will do no good, instead of few quality ones that are quite popular in your niche will surely benefit you.
In case you have links from numerous directory submissions, manually or automatically, that are freshly added or made lately will get you penalized.
Anchor Text Distribution
The main rule of anchor text distribution is to avoid over-optimization. Following are the attributes of the anchor text –
- Brand Name – Anchor text will be the brand name. For exp – Harley Davidson Motorcycles.
- Branded – The anchor text had the brand. For exp – this cool company, Harley Davidson.
- Keyword Branded – The anchor text has the amalgamation of the keyword and the brand name. For exp – lots of t-shirts at the United Colors of Benetton.
- URL – There are no actual anchors, only a URL. For exp – http://www.harleydavidsonmotorcycles.com
Here is how a natural link distribution of anchor distribution will look like –
In the case of artificial anchor text distribution, it will look like –
In case your anchor text is over-optimized, chances are you may be hit by Google. This is because it has been found, most of the time, that anchor texts have unnatural links.
The right and safe way is to have a natural anchor text approach. If you team up with brands and influencers, then you will be benefited.
Forum Profile Links & Signatures
If people are discussing your website, then there is nothing like it. This is an indication that your website is doing great in its niche. However, make sure you are not link building using –
- Fake forum profiles.
- Fake signature.
- Posting content and links automatically on forums.
If you do, Google will identify this, it will reflect on your backlink profile and it will eventually affect your Google ranking. Here is an example of this –
Article Directory Links
When there is an increasing number of links coming from article directories, then it is a clear sign that something is not right. Panda, in the last few years, has targeted the article directories and the websites they linked the most.
Here is how you can find your article directory links –
If the article directories have not followed qualitative guidelines, then it can prove detrimental.
How to fix SEO Spam in WordPress site?
The best way to remove WordPress SEO spam is to detect it manually and then fix it. With the help of WP Hacked Help, you will be able to fix it easily and without wasting your precious time. This is because it will conduct in-depth research of all your files and folders, look for any suspicious code, and discover any hacks.
So, even if it is hidden or disguised, rest assured it will be found. Following this, all you need is to clean your website with a push of a button.
First and foremost, clean your website. Once you have done this, follow some preventive measures to save from future attacks. Here are the steps you need to follow –
- Make sure you update WP installation, Themes, and Plugins. You need to ensure that you are running on the latest version.
- If you have any inactive plugins or themes on your website, then make sure you remove it immediately.
- It is advisable to apply website hardening measures such as – security keys, changing passwords, and so on.
If you own a WP website, you have to safeguard it yourself. You need to be cautious as your website resides in a world where danger can strike at any moment.
We hope this article enlightened you about SEO spam, how you can fix it, and learning more about WordPress security.