How To Find & Fix BlackHat SEO SPAM In Your WordPress Site (2020)

Mostly CMSs like WordPress are hacked by the hackers, so they can SEO Spam the site and increase traffic to their own sites. Automates Bots and scripts can exploit popular CVEs for your WordPress site and SEO Spam your site within a few minutes.

BlackHat SEO Spam - WordPress CVE

In this blog, we will discuss SEO Spam and its effects on your WordPress website ranking. Also, how you can detect such attacks and stop it before it causes any damage.

Find & Fix BlackHat SEO SPAM In Your WordPress Site In (2020)

What is SEO SPAM?

The websites shown by the search engines in its result are ranked according to various factors. These factors may be based upon relevance, reliability, User-Network traffic, etc. But One of the most important factors is the number and quality of incoming links that the website has.

Now, this behavior of the search engine algorithm is exploited in SEO Spam.

SEO Spammers use a wide range of methods and techniques to attack your site. They try to insert links and contents pointing to their site in other high ranked websites (your site), to get their own website get ranked high. This method of exploiting the search engine algorithm is also often referred to as spamdexing.

Hackers do this kind of attack so that they could increase traffic to their sites or rank their site higher in search engines thus more user traffic to their site.

Due to various user-defined misconfigurations and some core vulnerabilities, WordPress sites are an easy target for SEO Spam. We will discuss them and their fixes further.

The Pharma Hack

One such example of the SEO Spamming attack is the Pharma Hack. In this attack, the hacker will override the title tag and insert spam links into the page content. These changes made by the hacker will NOT visible to you or anyone that visits your site but the search engine. This technique is called cloaking.

The Pharma Hack - Fix BlackHat SEO

The search engine bots such as Googlebot read these injected tags and rank your WordPress website appropriately on the basis of them.

Guide to Remove WordPress Pharma Hack

The Japanese Keyword Hack

The Japanese Keyword Hack

 

Another popular example of this attack is the Japanese Keyword Hack. These attacks typically create new pages with auto-generated Japanese text on your site. They are generated randomly  and in random directory names such as:

https://example.com/asdfg/45/qwerhtml

These pages often contain some keywords and content pointing to other malicious sites thus bumping up their SEO rank. In this attack, the hacker is often found to add themselves as a property owner in the Search Console. This is to tap the full benefit of these hacks by manipulating your site’s settings.

Thus if you received a notification from Google stating that someone you don’t know has verified your site in Search Console. There’s a strong possibility that your site is under attack. 

Detection of SEO Spam

If you carefully observe the behavior of your site, you can find out the signs which indicated the presence of blackhat SEO Spam on your website. The following are some of them mentioned.

Google Search Console Warning

Google can be very handy while looking out for blackhat SEO spam.

If your WordPress installation is verified with Google Search Console. You will receive notifications if it detects unusual link or page activity on your WordPress website.

Some of these warnings may be like:

  1. User-generated spam penalty
  2. Unnatural links to your website penalty
  3. Unnatural links from your website penalty
  4. Hacked website penalty
  5. Spammy structured markup penalty
  6. The hidden text or keyword stuffing penalty
  7. Cloaking or sneaky redirects penalty
  8. Thin content with low or no added value penalty

Google Search Console is a handy tool while maintaining your site. 

Malicious Activity in Google Analytics

Once again google website monitoring tools will help us out here.

If you notice things like a sudden increase in your network traffic etc, it may be an indication of SEO Spam. Hackers might have compromised your site and are now trying to get their own site’s SEO rank up which has given your site a temporary boost.

Visit the page as Google bot / Checking for Pharma Hack

Since the SEO Spam pages are designed such a way that only the search engine bots are able to view them. So we will make requests similar to search engine bots such as Google Bot to view them.

Install the respective addon according to web browser Chrome User-Agent Switcher or Firefox User-Agent Switcher.

User-Agent Switcher

 

Once installed visit your site and change the User-Agent header  to either one of the following :

Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)

Googlebot/2.1 (+http://www.googlebot.com/bot.html)

Googlebot/2.1 (+http://www.google.com/bot.html)

Now you will fetch the site as GoogleBot would. Check out for any new page or change in links.

Dorking Your Site / Detecting Japanese Keyword Hack

Using custom queries in google search bar to get specific results is called Google Dorking. We will use to see if any random pages in a random directory are generated thus indicating the presence of Japanese Keyword Hack.

Enter the following query in the Google Search Bar. It will show all the pages of your site WordPress installation parsed on Google. Now you should check for any pages that seem malicious or misleading.

site:your-site-here.com/ 

Detecting Japanese Keyword Hack

 

SEO Spam Removal in WordPress

Most SEO Spams are not hard to remove once found, we talk in detail about the general steps of how to remove SEO SPAM. Steps to remove Pharma Hack and Japanese Keyword Hack will remain common.

Removing All Malicious File Created During the Hack

Connect to your WordPress server locally or through ssh to find and remove all the malicious files. Once connected through SSH  or locally follow the following commands.

Navigate to the WordPress root directory or where you found the Blackhat Seo Spam

cd dir/

Now enter this cmd to list all files in the directory (Including the Hidden Ones)

ls -la

Check the contents of each file for any malicious code or Links, remove them

rm file_name

Repeat the same process for each directory until done.

Check your .htaccess file

BlackHat SEO Spammers use .htaccess file to modify its contents and use it to their advantage. Thus checking the .htaccess file replacing it with your clean version makes sense.

Step 1

Locate the .htaccess file for your WordPress installation. In WordPress, it must in the root directory of the installation.

Also, note that .htaccess file is a hidden file in Linux so you will have to use the following command in order to view it.

ls -la

Step 2

Replace the .htaccess files with default version or you’re own clean and modified version. One can download the default version of .htaccess of WordPress from here.

Upload a New SiteMap

Once you have configured your site securely you need Google and other search engines to parse your reconfigured WordPress Installation. This can be achieved by pushing through a new sitemap.

A sitemap has a list of all pages and directories of your site. Uploading and submitting a new sitemap allows search engines to reindex your site. Thus, it will also remove all the SEO spam content present on your site that was indexed by the search engines.

Quick links

Conclusion: Fix BlackHat SEO SPAM Of WordPress Website 

Thus your WordPress website can be exploited by these SEO Spammers without you getting to know. These SEO Spam attacks will degrade the overall content quality and search engine rank of your Website.

You can use the techniques mentioned in this article to detect and fix these BlackHat SEO Spam attacks & protect your WordPress website from these attacks.

Stay Secure!

 

Humble Request

if you really enjoyed this post please share this post to your friends so they learn something new and grow in digital marketing. Your valuable comments are oxygen for me.
SHARING IS ♥️

About Shubs

Hey, Shubham Is Full-Time Blogger and SEO Geek, who loves to talk about SEO, WordPress and Blogging on his blog GoTechBros. He believes in helping others in every way possible. Get In Touch With Him On : LinkedIn, Twitter.

Leave a Reply

Your email address will not be published. Required fields are marked *