Editorial: This post was last updated October 18th, 2022.
- What is SEO spam?
- What’s the purpose of SEO spam?
- What are the types of SEO spam?
- How to find and fix SEO spam
- How to protect your site from SEO spam
What is SEO spam?
If you’re wondering what is SEO spam, a good way to gain an understanding is finding this wily beast in the wild. In your favorite browser, search with the terms buy viagra cialis. (You might want to check over your shoulder first.)
Now, without clicking anything, scroll through the results. Doesn’t it seem odd that seemingly non-pharmaceutical websites are advertising these medications?
You’ve just spotted a few likely examples of spamdexing, where innocent websites have been hacked and injected with keywords intended to lure traffic to bad actors’ scams. These guys aren’t actually in the male enhancement business, they’re infected websites and unwillingly participating in a scam.
What’s the purpose of search engine spam?
Search engine spam is an attempt to manipulate search engine rankings, so traffic is lured to a scam designed by bad actors. To do this, the hackers gain access to a normal, healthy website, and then inject keywords and links to another web property they’ve set up to rip people off.
This practice is known as spamdexing. Victims believe they’re going to a site to buy something like male enhancement drugs (which we just saw), sports gear, or designer accessories — but actually they get scammed.
So, why don’t hackers just create their own websites? Well, they probably wouldn’t have much success. Search engine algorithms are designed to ignore scam websites. That’s why hackers manipulate search engines through spamdexing.
By gaining access to legit websites and injecting links and keywords, bad actors create a path to their scammy web properties. Rather than getting ranked the way most legit websites do, bad actors piggyback off a normal site’s credibility in the eyes of search engines.
What types of SEO spam are out there?
Turns out, search engine spam can appear even in the last places you’d imagine. We’ve even seen hackers get pretty creative with infecting WordPress websites. But let’s ignore the edge cases for now and instead focus on the most common places you might see spamdexing.
Links are super important to scammers. Otherwise, there wouldn’t be a way to drive traffic to a shady web property. You’d think Viagra shoppers would know better than trying to buy meds from a museum or floral shop (as we saw above), but our own research shows SEO spam remains the number-one type of website infection.
Keywords are central to spamdexing. When shady keywords appear in the content of a credible website, search engines assume it’s safe to index the site for those terms. And when people search online — say for male enhancement or other meds, sports gear, essay writing, loan services, (the list gets long…) — results often include scams where they’ll pay for something but never receive it.
If a hacked website displays banner ads or calls to action (CTAs), hackers can easily replace the content or create new elements in order to drive traffic to their scams. This can be particularly effective, often because these clicks happen once a shopper’s mind is made up. They might not even question why a CTA is displaying where it is.
Spammy posts & pages
For the nuclear option in spamdexing, hackers can create and optimize entire web pages or blog posts dedicated to getting ranked for a spammy search term. This is especially effective when a legit site already has a good search engine ranking, as much of a hacker’s work is already done.
How to find and fix SEO spam
If your site has been infected with search engine spam, it’s critical to act quickly. This isn’t something that’ll eventually fix itself. It isn’t a task you can put off until the time for handling it magically appears.
Every second your website remains infected with SEO spam, you risk serious penalties. You could get blacklisted by search engines, so you don’t show up in their results. Or visitors could go to your site to do business, see the SEO spam, and then leave never to return.
Removing SEO spam can take time, so be proactive with it. Follow these instructions to find and fix SEO spam on your site.
1 – Make a website backup
Having a functional backup that you can restore from can be a lifesaver. Before you make any changes to your website, backup your website files and database.
2 – Run SQL commands to remove unwanted spam posts
After backups have been made for your posts table and other website files, survey your website files and pinpoint the date of the infection. Then, run these SQL commands to remove spam posts found after a certain date.
- Log in to WordPress and view your posts.
- Determine the common spam content theme.
- Open Adminer or phpMyAdmin and take note of your database prefix. (It’s often wp_ unless you have a custom prefix.)
- Enter the following SQL command to move spam posts to the trash after a certain date:
UPDATE `wp_posts` SET `post_status` = 'trash' WHERE `post_status` = 'publish' AND `post_type` = 'post' AND `post_date` > '2018/03/08';
3 – Run SQL commands to tidy up postmeta and commentmeta
Now that you’ve gotten rid of the spam posts, you’ll want to clean up your meta tables. Use the following SQL command to remove any post_meta where post_id has been removed.
DELETE FROM `wp_postmeta` WHERE `post_id` NOT IN ( SELECT ID FROM `wp_posts` );
4 – Remove spam comments
If your site has no use for comments or has been littered with spam comments and you want to delete all the comments from your database, this simple query will do the trick:
TRUNCATE TABLE `wp_comments`; TRUNCATE TABLE `wp_commentmeta`;
You can also opt for our professionals to clean up SEO spam for you. Either way, don’t endure downtime or blocklisting because of hackers. Help make the internet a safer place for everyone.
How can I protect my site from SEO spam?
Spamdexing is always a threat for website owners, but, fortunately, fending off these hackers is mostly a matter of adhering to a few best practices:
Plugins or other website applications need updates. Don’t ignore them. Updates often include security patches to keep hackers out. Without those updates, your entire site has a wide-open backdoor for an SEO spam infection.
Create strong passwords
A password like admin123 might be really easy to remember, but, unfortunately, it’s also pretty easy to guess. Make you’re using strong passwords, especially when they’re protecting access to sensitive areas of your site.
Fixing an SEO spam infection starts with being aware of it. Too often, website owners have no idea they’ve been hacked until penalties happen, such as search engine blacklisting or lost credibility. Just like a medical checkup, it’s smart to run scans on a regular basis.
Get behind a firewall
If you’re serious about preventing a search engine spam infection, a web application firewall (WAF) is an absolute must-have. It protects you by constantly updating definitions of known threats, kind of like a bouncer turning away neighborhood creepers. A WAF will even significantly speed up load times for your site.