How to Spot If Your Site has Been Hacked with Your SEO Tool
A hacked website can have crucial damage on your business. Especially if you’re dependent on traffic from Google’s search engine. This post will give you an overview of the risks, how to avoid hackers and what to do, if disaster strikes.
At Atcore we use a wide range of tools and services when working with Search Marketing, including SEO. SEO is a rather technical discipline involving in-depth knowledge about algorithms, crawling, indexing, coding, content, links, social and several other factors.
This blog post will give you an alternative use of these tools – identifying whether your site has been compromised and maybe even hacked!
Why would someone hack my site in relation to SEO?
As relevant traffic from Organic Search is becoming more and more important as a high converting traffic source, focus to get that #1 ranking is high from all parts of the World. Some people will go a long way to trick the search engines and hacking sites is one of the darker methods being used.
Hacking a site and (illegally) getting control over the content is one step in the process of using other people and companies sites to eventually get traffic, sales and earning money online.
Hackers will compromise a lot of sites in order to control many sites and use these sites for building links to other sites and eventually use these links to rank their desired sites.
By hacking a lot of sites, hackers have the ability to:
- 1. use these sites to build links to their own other money sites
This method is pretty straight forward as the hacker will place links to their own sites in order to build trust and eventually fool Google into thinking that the hacker’s site is very authoritative and should rank high on given searches.
- 2. rank the hacked sites and redirect the traffic to their own money sites
This method is a bit more sophisticated as the hacker will NOT rank their own sites, but point all the links to another hacked site. On the hacked site they will create and upload relevant content and once they have obtained high rankings with the hacked site, they will eventually redirect all the traffic to their own sites.
By doing this, they can easily redirect traffic to whatever site they want and therefore be a lot more agile in their illegal activities.
We have seen both examples recently.
Whichever method is being used depends on what the end-goal for the hacker is. However the fact is that sites are getting hacked for control and an “easy way” of building links to other sites with the sole purpose of ranking them in top positions.
Why would a hacker compromise your site?
Well, simply – because they can!
This is the one reason why a foreign hacker would target your site. They do not care who you are, what your site is about or if they harm your business.
They are only in it for the links and the volume of available sites – the more the merrier.
The more sites a hacker gains access to the greater is the likelihood that he or she reaches his or her goals.
Hacking sites is “the easy way out” compared to doing it the right way by building great content and earning links over time because of the quality. Outreach and link earning is hard work and takes a lot of ressources. That is not something a hacker is going to spend their time on when they can cheat and do it by hacking other sites and achieve the ranking and thereby the traffic and revenue faster.
The SEO consequences of having your site hacked
In relation to SEO and Organic Rankings, having a site hacked and used by a spammer to rank his or her own sites can have dramatic consequences for the hacked site.
Google specifically do NOT want hacked or compromised sites show up in their search results as they can potentially be a threat to the user and manipulating search results is highly frowned upon by Google.
So when Google realises that a site might be hacked, they take instant action and penalise or even remove the site from the search results. Google will quickly figure out why and what happened to the site and react with lower rankings which turns into lower traffic and subsequently lesser business or revenue from the site.
Once Google identifies a hacked site, they will usually do 3 things:
1. Remove the site completely or demote the rankings
2. Put a warning label in the search results informing the users that the site is hacked or compromised. Usually it looks like this:
3. Put a warning in Search Console (former Webmaster Tools) informing the webmaster about their findings:
So, again, being hacked in an SEO perspective can have severe implications and literally kill a sites rankings and Organic Traffic.
We have also seen that a hacked site eventually might lead to the domain being blacklisted for sending mails and hence will not be able to deliver mails to recipients as the domain has been flagged as spam by many spam filters. Double whammy! …as the traffic disappears and mails will not get delivered.
How to identify if a site is hacked before Google will penalise it?
Once a site has been hacked and Google has identified the issue and maybe even removed or penalised the site, it can be very difficult to actually figure out what is happening to the site and what to do about it. Getting the old rankings a traffic back can be extremely difficult and can take months (…of lost traffic and revenue).
Identifying potential problems as fast as possible and fixing them can really make or break a site’s traffic.
Using SEO tools in reverse to identify hacking
The Atcore SEO Team keep an extremely close eye on our clients sites health in relation to SEO and Organic Rankings. This is where a tool like Searchmetrics comes in handy.
For in-depth reporting and recommendations, we set up each client and their keywords specifically, however the tool will also monitor millions additional keywords enabling us to see a broad image of the total keywords the site is visible on.
Taking the historic rankings into account, we can fast and easily identify sudden changes including drops or huge increase in rankings or number visible keywords.
If a site is experiencing huge fluctuations, red flags go up and we will investigate like in the example below, where we began investigating immediately.
We then used Searchmetrics to investigate which keywords suddenly increased in rankings and we were quite surprised as these keywords were NOT RELATED to the sites content in anyway:
Auch! Seeing the nature of the keywords was kind of scary, but realising that the site actually had pages/URL’s ranking for a lot of these keywords, we investigated these strange pages.
When accessing the pages from the Google Search results, the user would get redirected to a Chinese site. Looking into the Chinese site, we realised that it was a front for hackers trying to install Malware and eventually steal credit card info or other criminal activity.
One element in SEO is certainly content which the hacker published, but links are also key to high rankings and looking at the recent Link Profile and the most used Anchor Texts using Majestic, our assumptions were confirmed:
Again, the most used link texts from other site did NOT remotely match the existing content of the site.
Analysing the actual sites where these links were coming from, we quickly realised that all the sites were also hacked.
Logging into the site’s CMS (WordPress in this case) did NOT reveal any info as the hackers were extremely skilled and hid the hack from the CMS. Eventually accessing the server through FTP we found the problem, fixed it (removed the offending pages) and closed off the security hole that the hacker used.
The SEO visibility graph above illustrates this with the SEO Visibility dropping “back to normal” again.
4 Steps to Stay Ahead of SEO Hacking
Step 1: Keep everything updated
Every time there’s a new update – new security holes are being fixed. To make it difficult for the hackers, you should always keep your CMS, server and everything else that has an internet connection up-to-date.
Step 2: Use Searchmetrics to monitor important metrics
Set up an account with Searchmetrics and use the Research and Project areas to monitor your rankings and the number of keywords. Also activate the Visibility Guard to automatically notice spikes in errors and rankings.
Step 3: Use Majestic to monitor content
Set up an account with Majestic and keep a close eye on the Anchor Text Development.
Step 4: Use Google Search Console to monitor your security status
Create an account with Google Search Console, verify your site and keep a close eye on Manual Actions and Security Issues. However DO remember that once Google has put a message in Search Console and deemed your site as being hacked, the problems has ALREADY begun and getting the rankings back can take quite some time.
What to do if your site has already been hacked?
If your site has already gotten the kiss of death – eg. the dreaded notice in Search Console and/or in the search results, there are several steps you need to take to combat the problem.
First, let’s see what Google recommends that you should do:
Google recommends; identifying the problem, assess the damage, clean and rise the site and Request a review. The review process is a request to Google where you inform them of what actions you have taken to remove the spam/hack “ask” them to “reinstate” your site if they find that it is clean. Everything is done through Search Console and requires that your site is verified.
If you have any questions regarding the problems with SEO Hacking, SEO Tools or SEO in general, we would love to hear from you. Comment below, write us an email (firstname.lastname@example.org) or give us a call (6060 4444).
Also if you find this article interesting please share it on your favorite social media.