WordPress SEO spam: tips to find and remove it
We wish all websites were well protected from malicious attacks and hackers — and we are always ready to help them stay safe. We have previously published a post answering the popular user question: “My website has been hacked: what to do?”.
Today, let’s focus specifically on SEO spam as a type of malicious attack. We will discuss what it is, what it includes, and how to deal with it. If your website is built with WordPress, this post will be particularly useful for you — because we list ways to find and remove SEO spam on WordPress.
What is SEO spam?
You may have heard about SEO spam in SEO questions and answers. SEO spam, also known as spamdexing, is a set of techniques used to increase search engine ranking and visitors by manipulation.
Spammers deceive the search engine bots into including the content they otherwise would not, as well as fooling users into clicking links they otherwise would not. Another popular term for these practices is “Black Hat SEO”.
Even relatively innocent techniques like keyword-stuffing on your own website are considered SEO spam. However, today we focus on malicious SEO spam that involves the hacking of other websites in order to insert spam links or other assets into it. By applying these techniques, hackers try to exploit the reputation and popularity of websites.
Types of WordPress SEO spam
WordPress is popular, which makes it a lucrative target for hackers. When breaking into your website, SEO spammers have a wide choice of malicious tactics. They often use them in combination, and these may go unnoticed. A lot of time may pass before you find your site built on WordPress infected with SEO spam and negative consequences already begin to show. Here are the most common ones.
Spammy keyword insertion
In order to rank for their own products or services, spammers will insert their keywords on your site. You and your users cannot see them. This is one of the black-hat SEO techniques.
Spammy link injection
SEO spammers want to use the authority of your website to insert links that lead to other properties. The links are hidden in your content. This is also called clickjacking. Links are often related to pharmaceutical sales, gambling, adult content, and so on).
Spammy posts and pages
Hackers can also use your website to create WordPress posts and pages that rank for the keywords they want. They may not be found on your menu but they will be on your lists of posts and pages.
It’s also possible that SEO hackers start sending emails to your customers that promote their own products or services. You will be seen as the sender of these emails in the eyes of your customers and search engines. Both may start seeing you as a spammer.
Spammers can also replace your WordPress site’s ads, banners, pop-ups, CTAs, etc. with the promotions they want. They may also lead to their own web resources.
How can SEO spam hurt your website?
The worst thing here is that SEO malware on your WordPress website is considered your fault. Here is what often happens in this case:
- SEO spam can undermine your brand’s authority.
- Due to security warnings, your rankings, performance, and traffic can drop.
- You can be blacklisted from Google services and email providers.
- Your hosting account can get suspended by your host.
How to find SEO spam in WordPress?
It can be tricky to find WordPress SEO spam on your own because it is disguised. However, here are the common tools and ways to help you discover the infection.
Google Search Console
The Google Search Console is a comprehensive tool for the overall SEO health of your site but it can also help you discover any blackhat SEO spam in WordPress. It will show you the issues by marking them with red flags in Security & Manual Actions — Security Issues. You can also use the Google Search Console to see if there is no sudden drop in traffic, as well as which keywords you rank for, search referrals, and more.
Google Transparency Report
You can also use the Google Transparency Report to enter the URL of your site or particular page. Google will tell you whether or not it considers the site or pages safe to visit and whether or not you have harmful content. Since hackers can fool even Google bots, the results may not be 100% accurate.
Google search in an incognito mode
You can open Google search in an incognito mode and search the URL of your website. By analyzing the search results, you may notice ones with alien keywords among them related to products or services you have never offered. These are often illegal ones.
Simple website examination
Look through your admin dashboard — do you see something unusual? This can be unknown posts and pages, admin users you don’t know of, plugins you have never installed? This is a hint you may have WordPress SEO spam.
WordPress security plugins
WordPress has plugins for every purpose, and SEO spam is no exception. Some multipurpose WordPress security plugins are also good for this. Some of them provide integration with malware scanning tools:
- Sucuri WordPress Plugin
- Ninja Scanner
- Security & Malware scan by CleanTalk
- Quttera Web Malware Scanner
- Cerber Security, Antispam & Malware Scan
- BulletProof Security
- iThemes Security
How to remove SEO spam in WordPress?
As long as you find malicious links or posts on your website, you can remove them. The above-mentioned plugins can also serve as blackhat SEO spam WordPress removal tools. You can also try to delete the links and posts from your admin dashboard, via PhpMyAdmin in the database, and so on.
However, with spam malware, it’s necessary to remove the root of the problem. So you may need a comprehensive website clean-up like one used to remove malware from your WordPress website, which involves such important steps as:
- doing a complete WordPress site backup
- installing the latest version of the WordPress core
- reinstalling your WordPress plugins and themes
- telling Google your website is clean again
Contact our support team to remove WordPress SEO spam
We specialize in helping websites resolve numerous big or small issues related to security, performance, SEO, and much more. Our web agency experts will be able to successfully scan your WordPress site and remove blackhat SEO spam from it, as well as strengthen it against future against spam attacks by implementing the best website security practices:
- keeping WordPress core, plugins, and themes updated
- deleting vulnerable plugins
- installing and configuring WordPress security plugins
- using a strong username and password
- and many more
Stay safe, retain your reputation, and keep your SEO rankings!