What is SEO Spam?
SEO spam is what attackers will inject into a website to attempt to use your SEO ranking for something else not ranked otherwise that will further the attackers’ objective. They spam and destroy the website while trying to generate revenue or achieve some other goal.
Due to this, generally, the website owner is completely unaware of what’s going on unless they receive warnings or are added to blocklists.
Usually, a hacker will try to avoid being detected by rearranging links that aren’t visible to the average site visitor and only crawlers/index engines can see it.
How to Identify & Remove SEO Spam
SEO spam can be found on a site in a multitude of ways, depending on how the site is built. A lot of the time site owners may not know they’ve had SEO spam injected unless they’ve actively checked their site through search engine tools and scanners or received some alert or a report from one of their visitors.
A site owner may find hundreds or even thousands of spammy blog posts inserted into their blog, or their legit blog posts injected with SEO spam.
A lot of the time you can also catch SEO spam within modified themes files (header.php, footer.php, index.php, functions.php). Shady plugins can also be a culprit in some cases too, or entire directories placed into the file structure with thousands of spam files.
Here’s an example of what SEO spam can look like:
<style>.if{position:absolute;top:-908px}</style><span class="if">Got <a href="https://spammywebsite.com/cbd-oil-for-pain">the best cbd oil for pain</a> and info about cbd oil.</span>The best ways to find SEO spam is through tools such as the Google search console, transparency report, or simply Googling the site yourself. Website scanners and security plugins are also handy in this instance too.
Sometimes a spam infection doesn’t even try to hide and will redirect all website traffic to bogus websites:
To remove the SEO spam, however, can be more of a grueling process. Since SEO spam can appear in places you’d never really expect, it can be tricky to find. If you’re not as knowledgeable about manually removing infections the best option is to find a malware removal service to do it for you. Sucuri provides 24/7 coverage for cleanups, as well as unlimited in the case any re-infections may occur.
SEO spam damage is quite dangerous for your website and reputation as its effects can be seen and felt for months even after the infection has been completely removed as you will need to wait for crawlers like Google to fully re-index your website and clear their caches.
And until that process is completed you will feel a harsh dip in your SERP(search engine results page) positioning and by consequence the amount of traffic you receive. Your website may also end in a blocklist which just exacerbates the problem further.
How to Prevent SEO Spam
Preventing SEO spam is important if you want to avoid any issues regarding site traffic dips, blocklists, and preserving an online presence. The best method of mitigating these risks is making sure CMS versions, plugins, and themes are always up-to-date, however. Having all login sections, accounts, and adding 2FA are also important.
Also, ensure all plugins and user privileges are kept to a minimum. Keeping regularly stored backups can also be handy in the case you need to revert anything, but having some sort of barrier between the visitor and origin server will ensure no malicious requests get through. Utilizing a Web Application Firewall (WAF) will be the most effective in this instance.
In Conclusion
Having an infected site can be an incredible nuisance. when you don’t even notice you’ve been infected, or for how long it even existed, it can be pretty frustrating to find out that’s the culprit for damaged SEO. Finding out if you’re infected with SEO spam is crucial, however. Feel free to use our free SiteCheck tool to look for anything though, or use our free WordPress plugin to regularly scan the site for any malware.
Rianna MacLeod
John Castro
Denis Sinegubko
Luke Leal
AJ Syed Ali
Marc Kranat
Ben Martin