April 5, 2017

Russian hacking has been all over the political news, but what you may not know is that the number of hackers from Russia, China, and elsewhere trying to get into nearly all business websites in the U.S. has exploded in the past few years – and it can have major impact on SEO.

Are hackers wrecking your website's SEO?

The surge of hacking may not seem like a very big deal to you if your website is mostly informational and does not store sensitive information like credit card numbers, but the hacking has risks and costs for even the smallest businesses. Web spam, according to Google, is one of the main reasons websites are hacked. In many cases, the hackers are not even targeting a specific business, but are using hundreds or thousands of “bots” to try to hack into several vulnerable websites at the same time.

While it may not be directed specifically at you or your business, all this malicious hacking can have a serious negative impact on your website’s SEO:

Website Vandalism

Hacking Hurts SEO

Example of “This site may be hacked” warning in Google search results

The most obvious cyber-security risk is that your website could be hacked, and all or part of the site could be replaced with something offensive, criminal, or otherwise damaging. You may have even seen a few victims of this type of hack which is essentially digital vandalism.
Removing the hacked content, closing the hole through which the hackers entered, and restoring your website is time consuming and costly. Most web hosting providers do an OK job of preventing cyber-vandalism attacks, but it is a good idea to harden the security of your website. Make sure you have a good backup plan, and the strongest website security that will work for your website without hindering its usability for your visitors.

The Effect of Cyber-Vandalism on SEO:
If your site is down, people can’t get to it, and neither can Google. If it is down long enough or often enough, Google may stop showing your pages in the search results. If Google detects the hack, they will notify you through the Webmaster Tools Search Console. Unfortunately, they will also notify everyone who sees your website in Google’s search results with a hacked site warning, too!

DDoS: Distributed Denial of Service – Intentional or Unintentional

DDoS attacks are one of the most common types of hacks. The intent is to send so much traffic through the web hosting server that it is overwhelmed and shuts down, preventing anyone from using the website.
DDoS is also one method which is believed by some to be an effective form of “negative SEO” to lower the Google rankings of a competitor’s website, since it could theoretically take a site offline long enough to cause Google to remove it from the search results. DDoS is illegal, so don’t get any bright ideas about that trying it for negative SEO against that competitor who always gets under your skin.

Not all traffic surges caused by hackers are meant to be a DDoS attack, though. For example, many websites are build with WordPress or other content management systems which allow comments or contact form submissions. While both are useful and often necessary, they attract spammers who are trying to get confirmed email addresses for the domain to use in spam email lists – or are trying to leave multiple links to spam websites you your website’s comments. If you have a WordPress site with comments, you have likely seen such spam comments on your website – maybe even a “spam flood” where you receive hundreds of link-filled spam comments.
While those unwanted link drops and fake contact form submissions may seem harmless, and you may already have a security plugin which stops most of them – they are still creating a lot of unwanted traffic “noise” on your server.

The Effect of DDoS and Spam Flooding:
While those bogus comments and contact form submissions may seem harmless, and you may already have a security plugin which stops most of them – they are still creating a lot of unwanted traffic “noise” on your server.

That can slow down your website enough that neither Google nor your visitors are going to like it very much.

The high volume of even the simplest of spam-hack attempts on nearly every site on the web is actually causing websites and servers to slow down and function improperly – even when the hackers can’t do what they came to do. Blocking certain types of hacking at the server level can relieve some of this unwanted traffic.

Prevention & Mitigation

If you are at all concerned about your website being attacked for negative SEO, an intentional take-down, or random cyber vandalism – there is work to be done.
A properly configured, robust security plugin such as Wordfence (for WordPress), a more secure commenting system such as Disqus, using very secure passwords, along with some adjustments and updates to your host server’s configuration (many hosts use outdated versions of PHP and MySQL which may be vulnerable), can all help prevent these thousands of attempted hacks from becoming a catastrophe. It is not quite as easy as that, though. By default, most of the available “easy” methods of securing a website are lacking. Security plugins and add-ons come preconfigured block too many things which may actually be beneficial, such as crawlers and bots from some helpful content distribution sites and even some search engine bots – or they come as a clean slate and you need to know exactly what you want to do with it. In my experience, the monthly subscriptions for security add-ons which are sold by most web hosting providers are almost completely worthless. I have cleaned up a few sites which were insufficiently protected by that type of security, which often slows sites down so much that you would almost be better off taking the risk of being hacked!

Like everything else with your website, securing it is not as easy as it may seem.
Misconfiguring a security plugin or web server can do almost as much damage as the hacks they are meant to prevent – so proceed with caution and get help if you are unsure of anything.