Mostly CMSs like WordPress are hacked by the hackers, so they can SEO Spam the site and increase traffic to their own sites. Automates Bots and scripts can exploit popular CVEs for your WordPress site and SEO Spam your site within a few minutes.
In this blog, we will discuss SEO Spam and its effects on your WordPress website ranking. Also, how you can detect such attacks and stop it before it causes any damage.
Find & Fix BlackHat SEO SPAM In Your WordPress Site In (2024)
What is SEO SPAM?
The websites shown by the search engines in its result are ranked according to various factors. These factors may be based upon relevance, reliability, User-Network traffic, etc. But One of the most important factors is the number and quality of incoming links that the website has.
Now, this behavior of the search engine algorithm is exploited in SEO Spam.
SEO Spammers use a wide range of methods and techniques to attack your site. They try to insert links and contents pointing to their site in other high ranked websites (your site), to get their own website get ranked high. This method of exploiting the search engine algorithm is also often referred to as spamdexing.
Hackers do this kind of attack so that they could increase traffic to their sites or rank their site higher in search engines thus more user traffic to their site.
Due to various user-defined misconfigurations and some core vulnerabilities, WordPress sites are an easy target for SEO Spam. We will discuss them and their fixes further.
The Pharma Hack
One such example of the SEO Spamming attack is the Pharma Hack. In this attack, the hacker will override the title tag and insert spam links into the page content. These changes made by the hacker will NOT visible to you or anyone that visits your site but the search engine. This technique is called cloaking.
The search engine bots such as Googlebot read these injected tags and rank your WordPress website appropriately on the basis of them.
The Japanese Keyword Hack
Another popular example of this attack is the Japanese Keyword Hack. These attacks typically create new pages with auto-generated Japanese text on your site. They are generated randomly and in random directory names such as:
https://example.com/asdfg/45/qwerhtml
These pages often contain some keywords and content pointing to other malicious sites thus bumping up their SEO rank. In this attack, the hacker is often found to add themselves as a property owner in the Search Console. This is to tap the full benefit of these hacks by manipulating your site’s settings.
Thus if you received a notification from Google stating that someone you don’t know has verified your site in Search Console. There’s a strong possibility that your site is under attack.
Detection of SEO Spam
If you carefully observe the behavior of your site, you can find out the signs which indicated the presence of blackhat SEO Spam on your website. The following are some of them mentioned.
Google Search Console Warning
Google can be very handy while looking out for blackhat SEO spam.
If your WordPress installation is verified with Google Search Console. You will receive notifications if it detects unusual link or page activity on your WordPress website.
Some of these warnings may be like:
- User-generated spam penalty
- Unnatural links to your website penalty
- Unnatural links from your website penalty
- Hacked website penalty
- Spammy structured markup penalty
- The hidden text or keyword stuffing penalty
- Cloaking or sneaky redirects penalty
- Thin content with low or no added value penalty
Google Search Console is a handy tool while maintaining your site.
Malicious Activity in Google Analytics
Once again google website monitoring tools will help us out here.
If you notice things like a sudden increase in your network traffic etc, it may be an indication of SEO Spam. Hackers might have compromised your site and are now trying to get their own site’s SEO rank up which has given your site a temporary boost.
Visit the page as Google bot / Checking for Pharma Hack
Since the SEO Spam pages are designed such a way that only the search engine bots are able to view them. So we will make requests similar to search engine bots such as Google Bot to view them.
Install the respective addon according to web browser Chrome User-Agent Switcher or Firefox User-Agent Switcher.
Once installed visit your site and change the User-Agent header to either one of the following :
Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Googlebot/2.1 (+http://www.googlebot.com/bot.html)
Googlebot/2.1 (+http://www.google.com/bot.html)
Now you will fetch the site as GoogleBot would. Check out for any new page or change in links.
Dorking Your Site / Detecting Japanese Keyword Hack
Using custom queries in google search bar to get specific results is called Google Dorking. We will use to see if any random pages in a random directory are generated thus indicating the presence of Japanese Keyword Hack.
Enter the following query in the Google Search Bar. It will show all the pages of your site WordPress installation parsed on Google. Now you should check for any pages that seem malicious or misleading.
site:your-site-here.com/
SEO Spam Removal in WordPress
Most SEO Spams are not hard to remove once found, we talk in detail about the general steps of how to remove SEO SPAM. Steps to remove Pharma Hack and Japanese Keyword Hack will remain common.
Removing All Malicious File Created During the Hack
Connect to your WordPress server locally or through ssh to find and remove all the malicious files. Once connected through SSH or locally follow the following commands.
Navigate to the WordPress root directory or where you found the Blackhat Seo Spam
cd dir/
Now enter this cmd to list all files in the directory (Including the Hidden Ones)
ls -la
Check the contents of each file for any malicious code or Links, remove them
rm file_name
Repeat the same process for each directory until done.
Check your .htaccess file
BlackHat SEO Spammers use .htaccess file to modify its contents and use it to their advantage. Thus checking the .htaccess file replacing it with your clean version makes sense.
Step 1
Locate the .htaccess file for your WordPress installation. In WordPress, it must in the root directory of the installation.
Also, note that .htaccess file is a hidden file in Linux so you will have to use the following command in order to view it.
ls -la
Step 2
Replace the .htaccess files with default version or you’re own clean and modified version. One can download the default version of .htaccess of WordPress from here.
Upload a New SiteMap
Once you have configured your site securely you need Google and other search engines to parse your reconfigured WordPress Installation. This can be achieved by pushing through a new sitemap.
A sitemap has a list of all pages and directories of your site. Uploading and submitting a new sitemap allows search engines to reindex your site. Thus, it will also remove all the SEO spam content present on your site that was indexed by the search engines.
Quick links
- Astra Security Suite Review: Discount Coupon Save Upto 25%
- Why Google Hates BlackHat SEO And How You Can Get Penalized
- 7 Reasons Why You Should Take Astra’s WordPress Security Course
- WordPress Security & 20 Ways to Keep your WordPress Blog Safe
Conclusion: Fix BlackHat SEO SPAM Of WordPress Website
Thus your WordPress website can be exploited by these SEO Spammers without you getting to know. These SEO Spam attacks will degrade the overall content quality and search engine rank of your Website.
You can use the techniques mentioned in this article to detect and fix these BlackHat SEO Spam attacks & protect your WordPress website from these attacks.
Stay Secure!