Your site no longer looks like your site. Worse, it no longer feels like it, either. It’s out of control. Has your SEO been poisoned? And how do you fix it?
“My heart is hardened, I cannot repent. Scarce can I name salvation, faith, or heaven, Swords, poison, halters, and envenomed steel are laid before me to dispatch myself. And long ‘ere this I should have done the deed, had not sweet pleasure conquered deep despair.” — The Tragedie of Doctor Faustus, Christopher Marlowe
At one point, donned in garb and hat, I uttered these words to a packed house on a university campus, pretending to be a man who poisoned his life and soul in his thirst for knowledge and power.
These days, you don’t have to make a pact with the devil in order to gain knowledge about anything. Education is freely available; you only need to study and work hard to give your brain the skills it craves. You need not “dispatch” yourself with a different poison.
Yet, even if you steer clear from other poisons, you may find others trying to poison the well of information you’re proudly trying to deliver to the world.
In the world of SEO and content marketing, there is a term that few recognise. It can be practised by the hooligans of the industry, the so-called snake oil charlatans, and more often than not, the literal criminals who wish to use your good website to propel their bad ones.
It’s called SEO poisoning, and while rare, it is not outside the realm of possibility.
What is SEO poisoning?
You don’t even need to make a deal with the devil for SEO poisoning to happen.
You simply need to have an insecure website, perhaps coupled with a search engine specialist looking for fast, easy wins and unconcerned with the long-term viability of the company they work for.
SEO poisoning is a process whereby someone has done something they shouldn’t have to harm a page and its ability to rank. It could be a malicious type of poison where a bad actor breaks into your site and causes problems, or it could even happen from a lack of maintenance.
What are the types of SEO poisoning?
There are numerous ways for websites to suffer from search poisoning, though most tend to be the product of nefarious means.
Many, if not all, can be reversed, but those reversals can take several weeks, if not months. Worse, you need to recognise and understand the problems before you can begin to fix them.
Black hat SEO
Let’s start with the obvious one: black hat search tactics. Just as in every classic western, white hat refers to the good guys and black hat, the bad guys – or at least ethically dubious. Any SEO tactics that might not be entirely within the spirit of Google’s webmaster guidelines could be characterised as black hat.
Black hat tactics include disguising websites under a cloak, using private link networks to manipulate domain and page rankings, and keyword stuffing to improve page position.
Black hat approaches for SEO can work for websites, and may provide some short term boosts. The reason why black hat SEO is seen as a problem is the long-term legitimacy. If an SEO practitioner uses black hat tactics to improve a website’s search rankings, they probably won’t stick around long enough to deal with the fallout if and when the search engine penalises the website. Or worse; if they are still around, they may attempt to remedy the situation with even more black hat techniques, further exacerbating the problems down the track.
Recovering from a search engine penalty may end up taking longer and being harder to achieve than if you’d simply used white hat practices in the first place.
Typosquatting
A different type of SEO poisoning, typosquatting is a less common approach where a competitor or scammer attempts to hijack the brand awareness of a website by using a similar web domain.
Imagine if a hypothetical rival to Pounce wasn’t doing as well, and decided to launch a rival website. They instead launch PoinceAgency.com.au
, hijacking or “brandjacking” Pounce’s domain by operating a web domain similar enough that could be easily mistaken when typed. The “i” is next to the “u” key on any QWERTY keyboard, so our rival could buy a similar domain and use typosquatting to redirect or host its own site.
Alternatively, Poince might display a broken or inaccurate version of the real Pounce website, damaging the reputation of Pounce in the process.
SEO malware
SEO malware is easily one of the more lurid types of SEO poisoning.
In internet security, malware is software that can be used for nefarious purposes, such as ransoming off your files and parts of your drive (ransomware), spying on your activities (spyware), or just downright infecting your experience before propagating and duplicating itself around your computer and network (viruses).
SEO malware is similar, but different. Your computer isn’t the target here, but the server and website hosting your content.
Search malware is typically delivered through an unsecured website, either because the passwords and login authentication isn’t great, or because code on that website hasn’t been kept secure and updated.
The result of SEO malware can often be hard to see except in search engine results pages, such as where thousands of pages mysteriously pop up seemingly indexed as part of your website, stuffed with copy and content about random topics and hosting plenty of backlinks for other sites completely unrelated to yours. All of those pages and backlinks in theory improve the SEO of the websites run by the scammer and hacker – while simultaneously poisoning and tanking your own efforts.
Another variant of SEO malware occurs when your pages are taken over and replaced with someone else’s content. Imagine if an IT business suddenly started housing dodgy Bitcoin exchanges or gambling websites.
You get the picture. This is the domain of SEO malware, and it’s a real problem.
What is the cure for SEO poisoning?
You can’t stop scammers and criminals from trying to do their thing, but you can definitely take measures to slow them down. You can make things difficult, hopefully getting the criminal to back off and find an easier mark.
If a hacker wants to break into a website and has the skills, they’ll do it. But most of the SEO poisoning we see tends to come as a result of hackers using scripts that continually look for servers and platforms with poor security. In short, the website operator has made it easy for the hackers by not being proactive in securing their systems, effectively leaving the windows open.
So you need to be proactive about your security practices in order to prevent SEO poisoning.
Much of this is easier than you could possibly expect.
- Keep your themes and plugins up to date.
- Delete any unnecessary or redundant code that might still be live within your site.
- Update your platform, including any security patches.
- Make sure you have some form of security engaged.
- Use a firewall to lock out bad actors.
- Enable multi-factor authentication to log into your website, server or any related apps or services.
In short, make things as difficult as possible for anyone trying to break in.
And backup your data. Please backup. Keep lots of backups. If a hacker really, truly wants to break in, you won’t be able to stop them. But if you have a backup, restoring your website will be that much easier, and you won’t have to start from scratch.
Good practices: that’s the antidote, that’s the cure for SEO poisoning. Do the things you’re being told to do for every other piece of security in your life, and just apply it to your website as well.