Negative SEO is real. It is possible to damage, if not destroy, a site through the use of malicious backlinks and aggressive backlink spamming.
Negative SEO is a legitimate danger that can result in lost organic search visibility and revenue. But it is possible to defend against negative SEO.
Negative SEO is the practice of implementing black hat SEO techniques on another site. Usually, an SEO attack is unleashed by a disgruntled competitor and his or her minions with the goal of reducing that site’s rankings.
Most SEOs are happy to play by the rules. We publish our content, we promote ourselves on social media, and we roll with the punches every time Google updates their algorithm.
But sometimes — not often, mind you — you get on the wrong side of someone who doesn’t share your scruples. They play dirty. They might try to bog down your website with hundreds of spammy links, flood Yelp with fake reviews, or just hack your website outright.
Fortunately, if you’re diligent, you can usually catch malicious SEO attacks before they do irreparable harm.
Whether you’re a victim, think you might be a victim, or simply want to protect against a potential attack, here are seven things you can do to protect your website against negative SEO.
Regular link audits are good practice for any business, but they can save your bacon if you’re ever the victim of a negative SEO attack. Monitoring your link profile growth is hands down the best way to spot suspicious activity before it spirals out of control.
Most websites will enjoy graphs that look something like this:
However, if you suddenly notice a huge spike or drop and you haven’t been working on link building, that should raise some red flags:
This is exactly what happened to Robert Neu, founder of WP Bacon, a WordPress podcast site. In 2014 he was the victim of link farm spam which gave him thousands of links with the anchor text “porn movie.” It cost him hundreds of visits, and he dropped 50 spots in ranking for one of his main keywords.
Fortunately, Neu was able to recover rankings and traffic lost as a result of the attack in relatively short order. Despite a continued barrage of spam, he was able to submit a disavow file listing the attacking domains.
Your links might also suffer if you’ve been hacked. Perhaps the attacker has altered your content to include spammy links or modified your links to redirect to theirs. These attacks are insidious and can be difficult to spot, and the only way to safeguard your website is to perform regular website audits.
It’s crucial that you monitor your link profile growth carefully so you can catch an attack before it costs you too much. Use link auditing software or perform a manual audit to check on your backlink health. If you are a victim of link farm spamming, let Google know and disavow the links ASAP.
Site speed is a key ranking factor. If your website is becoming sluggish and you have no idea why you should use crawling software to look for anything suspicious.
If you can’t find anything and there’s still a problem, you might be the victim of forceful crawling. Forceful crawling causes a heavy server load, which means your site will slow down and might even crash.
If you think you’re the victim of a crawling attack, you should contact your hosting company or webmaster to try and determine where the load is coming from. If you’re tech savvy, you can also try to find the perpetrators yourself.
Content marketing has been the name of the game these last few years, but not everyone is equally creative when it comes to content creation. Consequently, scraping has become all too frequent.
Scraping is the process of lifting content from your website and copying it verbatim to other websites. Usually, the attacker will claim it as their own in an attempt to beef up their thin content, but sometimes they’ll combine it with a link farm attack to spam your site.
Scraping has serious consequences. If the copied content gets indexed before your content then your page might be devalued, and your site might fall in rank as a result.
Use a tool like Copyscape to discover if anyone’s plagiarized your content. If they have, ask the webmaster to remove your content. If they refuse (or don’t respond), report them by filling out Google’s Copyright Removal form.
You work hard to build up your brand reputation and win customers. Negative reviews hurt, but you usually often use them as learning experiences on how to improve. But what about a tidal wave of negative reviews?
Unless you’ve made a big public PR plunder recently, a whole slew of negative reviews might be a sign that someone is trying to flood your site with fake reviews. If you don’t act fast, these can seriously damage your reputation.
Keep an eye on your Google My Business listing and your online reputation using social media listening software.
Here’s how you flag and report fake reviews:
In late 2014, Bartosz Goralewicz experienced something strange — a client’s site was getting thousands of hits that would land on the page and then immediately bounce. This began to have an effect on their rankings — user experience is an important signal, and this looked like bad UX.
What was actually happening was that someone had programmed a bot to target certain keywords, land on competitor sites, and then bounce, which created a false SERP bounce rate.
This insidious attack is difficult to spot if you aren’t monitoring your keywords’ CTR. Log in to Google Search Console, click Search Traffic > Search Analytics, and look at your CTR across all keywords. If you notice a large spike for no reason, contact Google and begin disavowing the offending links.
You probably don’t need to be told to check your SERP ranking from time to time, but just in case, here’s a compelling reason why you should: A drop in rank might be the result of malicious intent. Complete de-indexing as a result of a hack doesn’t often happen, thankfully, but I’ve heard horror stories of shady SEOs that changed a former clients’ robots.txt file to say Disallow: / after they were let go.
It’s hard to imagine the full consequences of de-indexing your website, but fortunately, Moz bit the bullet in late 2014 so that we don’t have to wonder. They used Google’s URL removal tool to remove Followerwonk from the web, and within 2-3 hours all Followerwonk URLs had practically disappeared from Google SERPs.
Of course, now that Penguin’s getting refreshed in real-time, changes could happen much faster. That’s good news if you’re trying to recover from an attack, but it also means that victims who aren’t paying attention could pay a severe price – and quickly.
For a full overview of your site’s performance, use rank tracking software to monitor your visibility. If you notice sudden drops, check your website’s crawl stats in Google Search Console and make sure your robots.txt is still set up properly.
Negative SEO might not be all that common, but cyber attacks are on the rise year after year. Make sure your software is up to date, you apply all security patches to your software, and your CMS software is equipped with powerful encryption to protect your users.
You should also migrate your site to HTTPS, especially if you’re in e-commerce or storing other sensitive customer data. Not only does HTTPS encryption offer you greater security, but it’s also a ranking signal, and it might improve your SEO overall.
Cyber attacks aren’t technically negative SEO, but they will have an impact on your SEO. Google flags compromised sites with a “this site may be hacked” line into your search listing, which will definitely warn traffic away.
Check out these security tips from Creative Bloq for more advice on how to beef up your security.
Negative SEO is rare. Most of the time, Google is good at catching problematic linking behavior and curtailing it before it has an impact on your SERPs. That said, clever people are continuously trying to find ways to game the system.
My advice: take some advice from Google’s Webmaster Trends Analyst John Mueller:
If you think you’ve been the victim of negative SEO, do what you can to isolate the problem and then let Google know. In the meantime, your best bet is to monitor your site performance carefully and to catch problems before they escalate.