Search Engine Optimization, or SEO, is one of the most important keys to running a successful business online. Having your website at the top of Google’s search results is indispensable for your business. 91.5% of Google traffic is concentrated on the first page of results. Shockingly, less than 10% of people proceed to page 2. With the task of trying to beat all your other competitors to the first page, there is no time for any slip-ups. But a serious threat exists that can threaten your search engine rankings and everything you’ve worked so hard for. This threat is SEO poisoning.
What is SEO Poisoning?
SEO poisoning is when hackers infect your site with malicious code and use aggressive SEO tactics to redirect your visitors to their own sites to increase their revenue as well as infect these visitors with malware. The black hat tactics that they use to swindle their way to the top of the search engines include keyword stuffing, doorway pages, and invisible text.
- Keyword stuffing is often done by inserting repeating keywords in the input type=”hidden” meta tag or in the keyword tag. This ensures that the keywords are hidden from the user’s view but are still scanned by search engines.
- A doorway page is a page that is designed to contain keywords that a search engine’s bots will pick up on in order to be placed higher on the search engine rankings.
- Invisible text is the method of hiding keywords in the body of a web page by changing their color to match that of the background of the page. The more keywords a hacker injects into an infected site, the higher the site rises in the search engine rankings.
While these tactics are considered poor netiquette, hackers don’t care as long as their search engine rankings increase. They are aiming these tactics at search engines rather than a human audience, after all.
Who’s at Risk?
To determine what sites to target, hackers often look at what searches and topics are trending. They make sure to get their poisoned sites at the top of the search results in time for holidays like Halloween and Christmas when people are doing a lot of shopping online. For example, you may think you’re clicking on a site that sells Halloween costumes but you are actually clicking on a compromised site with nothing to offer but the danger of being infected with malware. According to data from GFI Labs, Black Friday and Cyber Monday are among the most targeted holidays for malicious scams.
Another big target for hackers is sites that use the same CMS, like WordPress, Joomla!, or Drupal. This means that the hackers are probably exploiting vulnerabilities found in the CMS to infect the sites. Business owners are at a big risk for SEO poisoning because, for hackers, using a legitimate site with a good reputation makes it harder for search engines to identify and remove the hacked site.
When a visitor clicks on a compromised site, scripts determine if the user is a search crawler bot or a real person. Search bots and real people are sent in two different directions. While users are being redirected, it may look like the page is loading but the site is actually looking for vulnerabilities where they can infect the user with a virus. The poisoned site may advertise for things like fake anti-virus malware or medications like Viagra and Cialis.
How Does SEO Poisoning Affect Your Search Rankings?
SEO poisoning can be devastating for your business. People won’t want to return to your site after experiencing redirects and other suspicious occurrences. Not only will visitors be wary of your site, but search engines will be suspicious too. Knowing the indicators of SEO poisoning can help you to identify a problem as soon as it arises so that you can minimize the damage that is done to your business and reputation. You may notice that your search engine rankings have dropped, especially for keywords that usually perform well.
Sometimes the only unusual thing you notice may be a warning from Google telling you that your site has been compromised. The malicious code that hackers install on your site will show visitors a different version of your site than the version that it shows the search engines. This makes the search engines suspicious and they will start to penalize you by lowering your rankings or worse, banning your site altogether.
Has Your Site Been Poisoned?
To figure out if your site has fallen prey to SEO poisoning, you can use Google’s handy Fetch as Google tool. This tool will show you your site as it would look to a Googlebot user agent. It triggers the scripts that a hacker may have installed to present a different version of your site to Google. If your site looks different, you may be infected.
To repair your site, you can follow Google’s infection recovery guide or learn how to fix a hacked WordPress site here. When repairing your site, pay special attention to the header.php file. This file is often modified by hackers to include scripts to redirect search bots and users in different directions. Also, check the footer and index files as these are often targeted by hackers as well. If you aren’t confident in your website repair abilities it is always better to hire a professional rather than risk causing any more damage to your site by trying to fix it yourself.
Stay on Guard
After the hack is dealt with, it’s important to make sure you aren’t slacking when it comes to your site’s security. There’s always a chance that your site may be hacked again. Remember to keep your CMS as well as your plugins and themes updated. It’s also important to install a firewall if you don’t have one already. SEO poisoning can be a huge setback, affecting your business and reputation. You want to make sure that you do everything you can to make sure this doesn’t happen again so you can focus on what you do best, running your business.