If you don’t have any competitors, there’s no need to read this article. But just in case you do, then you’d better not miss it! Why’s that, you might wonder?
Well… it’s because often times, unethical competitors prefer to blow in somebody else’s candle so that they can shine brighter. Instead of working more on their websites to improve user experience, some webmasters attack competitor sites with unnatural, spammy links, or even DDoS (Denial-of-service).
In search engines, this is referred to as negative SEO.
Grab your coffee and check out everything you need to know about negative SEO.
- What Is Negative SEO?
- The Types of Negative SEO You Should Watch For
- How to Prevent a Negative SEO Attack?
- How to Know If You Have Been Attacked and What to Do in Case of Negative SEO Attack
- What to Do in Case of Attack
- How to Protect Your Online Reputation
What Is Negative SEO?
It’s a rarely discussed topic within webmaster and SEO professionals’ communities. I don’t think it should be that way, as negative SEO is a risk you should always prepare for, even before launching a website for your company.
A negative SEO attack implies a malicious attempt of another individual to harm your website rankings. It can be a competitor’s act but, at the same time, it can be an act of vengeance from someone who wants to harm you for other reasons.
Negative SEO attacks are basically Black Hat SEO techniques so obvious that Google has to penalize them. But it’s not done on your competitors’ website. It’s done on yours, so that you’re the one who gets penalized.
Thus, they try to push you out of the search engine ratings for important keywords, so that they can rank above you. Many times, your business relies on those keywords.
The tricky thing with these attacks is that they are very hard to differentiate from a classic black hat link building tactic. Even for Google. You could do black hat SEO, and then blame it on someone else. That’s why sometimes, even if innocent people disavow links, the penalty sticks.
At first, people would spam your site with porn or payday loan links, with keyword rich anchor texts. Today, tactics can be a lot more complex.
When can this happen? It may be happening right now or even after a few years of successful branding and website rankings.
The Types of Negative SEO You Should Watch For
Here are the most important types of attacks you should be aware of. You cannot take actions against negative SEO unless you know what to look for and how the attacker is trying to lower your page rank using unethical practices.
1. Off Page Negative SEO
A negative OffPage SEO attack means that the attacker tries to affect your website without directly interfering with it. It’s very popular and easy to do, as the attacker doesn’t have to be the website owner. Here are some of the most common negative SEO spam attacks we know of:
- Link farming – pointing low quality links to your website. Sure, there will always be bad links to your page. There is no harm in that, it’s normal. However, you can be affected when somebody starts linking back from interconnected sites known as link building farms, and keeps doing it constantly. As a rule, these links use a specific anchor which can be one of your most important keywords. Thus, they try to fool the search engines that, in fact, you are trying to manipulate rankings in search results. The anchor may also be a keyword that is not related to your website but instead, it may be harmful to it. For instance, the attacker may use „spammer” as an anchor and if successful, rank you page high in search engines for this specific word.
- Search engines do not like duplicate content. Instead, websites that are proving to be informative and original rank higher in search results. Can this turn against you if someone tries to harm your overall ranking? Yes it can, and it is not even complicated. The attacker has nothing more to do than copy and paste your website content all over the web, thus creating hundreds and thousands of duplicates up to the point search engines will start ignoring you.
- Forceful crawling. It’s important for Google bot to be able to access you website in order to index you pages and update your ranking constantly. However, if it is unable to crawl your website, you may have a problem and it is not a small one. Although rare, there are attacks that are trying to crash your website so that the bot will not be able to access it anymore.
- Fake social media profiles. A competitor or any other person, who might want to hurt you or your business, may also do it by means of social media. How? By creating fake social media profiles, maybe even under your own name and spreading false or hurtful information through them. Some of your customers or followers may be fooled by these false profiles and affect your business in many different ways, mostly negative.
Example of attack: Robert Neu, owner and founder of wpbacon.com, a WordPress podcast website, discovered a farm link attack with the specific anchor text „porn movie” on his page.
As a consequence, he ranks higher now for these specific keywords than any other keywords that until recently were relevant to him.
2. On Page Negative SEO
Negative OnPage SEO attacks are more difficult to implement because they involve hacking your website and getting access to its administration panel. However, you should be aware that such attacks can occur at anytime, especially if you are not updating your CMS regularly, thus leaving it vulnerable to external access through scripts and other hacking software. How such attacks can hurt your website and implicitly your business?
- They can modify your content: I’ve seen it many times, especially on websites powered by WordPress that were not updated for a few months or even years. Sometimes the hackers are running scripts from the “header” or “footer” templates while other times, they just post some articles that at a first look may appear as if they were published by a website administrator. You think you would notice if someone modifies your content? Well, in some cases it won’t be difficult at all. However, some attackers may disguise their content under different scripts in the HTML file such as “display: none”. In such cases, you will not know anything until it will be too late, unless you look at the HTML code once in awhile. It is very difficult to do so however, should you manage several websites that comprise thousands of templates and script files.
- They can get your website de-indexed: How? By changing your robots.txt file from the server. Not everyone can do it but if they are committed to harming you, they might hire a professional hacker to exploit vulnerabilities from your hosting and/or content management system.
- Complete hacking of the website: We’ve all seen at least a couple of hacked websites. Usually, an attack of this sort completely replaces your website with another web page that may contain a message, some visuals or nothing at all.
How to Prevent a Negative SEO Attack?
Sometimes, attacks appear out of nowhere and you can be a victim, regardless of how prepared you are. However, it’s better to be prepared just in case, because this way you can reduce the chances of being hacked or attacked to a minimum. Here’s a list of the most important steps you can undertake towards security:
1. Stay up to date: Consult with specialists, read the news, stay connected to a few web masters’ online communities. Knowledge is power. You don’t need to learn to be a coder or a hacker but instead, to have at least basic information about how you can be attacked and what to do in such a case.
2. Secure access to your website: Start with your hosting. Limit access to your files. Then, secure the admin section of your website. Use passwords and usernames that are impossible to guess by others and change passwords from time to time just to make sure they are not discovered, guessed or leaked by your employees. Also, if you are using WordPress, change the default database prefix “wp_” with a random prefix, so that it will be harder or even impossible to guess by someone from the outside. Finally, if you are working with remote located personnel, never send them login access details by email because mail boxes may also be hacked.
3. Update your content management system regularly: WordPress and other popular CMSs are constantly updated in order to correct bugs and vulnerabilities and prevent exploits and hacks. If you are running a customs content management system, it will probably cost you to make updates whenever a vulnerability is found but they are money well spent. The costs of recovery from a negative SEO attack on your website are exponentially higher. Also, if you are using plugins with your CMS, update them as well and try to limit their use to just a few. Verify the sources of these plugins and only install scripts compiled by trusted companies.
4. Check your network security regularly: All the computers from your office may be vulnerable to attacks if they are not properly updated and checked from time to time. They are all important but you should treat with special care the computers that have direct access to your server and the website’s scripts. Check for malware all the computers that will be part of your office network before they are connected for the first time and then regularly, along with the other devices. Also, use an encrypted SSL protocol for your website.
5. Check if your site is properly indexed: Check your rank from time to time with tools such as Rank Tracker that can be programmed to verify your website regularly. You should be concerned if your website suddenly drops from the search engines’ results. If it happens every time you check, you may have a problem.
6. Check your site’s loading speed: If you notice that your website has become suddenly slow and the loading time has increased despite the fact that you didn’t install any new plugins, contact your hosting provider. Even if the problem is not related to the hosting services, they may be able to tell you why this is happening, where the problem is located and so on. Sometimes, it may be quite hard to check every file from the server but if you know where to look, you might find a malicious script – if such a script exists – way quicker.
7. Verify for duplicate content: Use tools such as Copyscape and determine whether or not you have been a victim of a negative SEO attack of this sort. In some cases, the removal of the copied article will be enough. However, if you want to be thorough, you may need to contact Google and file a copyright infringement report.
The report is available in Google’s webmaster tools and you can access it here.
8. Monitor your link profile growth: Verify how many websites link back to your website, how the back linking grows and the number of referring domains. If the backlinks are suddenly starting to grow exponentially, verify if they are legit or not and take immediate action in case you are suspicious. If you do not pay attention and let an attack to take its course, it may be too late to take action once the damage is already done.
9. Limit file uploads to only the necessary files: This is a major concern. If you have the possibility, prevent direct access to your system root and to uploaded files. Set up an upload folders outside your root directory and create scripts to get access to them to the website or to your users. Some web hosts will help you in this matter. If not, talk to your webmaster for support.
10. Don’t let the search engine index your admin pages: Also, make sure your administration panel and its adjacent pages are not indexed by the Google bot or other search engines’ bots. Apply the required settings in your robots.txt file. If you don’t know how to do it, ask a webmaster to do it instead. When the admin pages are not indexed, it will be harder for hackers to find them.
This will only be possible with a custom CMS however, as WordPress, Joomla and other free CMSs available today have specific addresses to their admin panel.
11. Make regular backups: It’s easier to just re-upload a database in case an attacker hacked your blog than delete all their posts manually. Also, if some scripts were installed in your files, it’s better to have your original files at hand, to replace the affected files or to compare the codes. Backups will also be helpful in case an update breaks the site.
12. Monitor your backlinks: You will get regular updates on your website profile, the websites that are linking back to you and, at the same time, the status of your competition. With the cognitiveSEO Tool you can set up alerts for new links and know exactly when an attack starts and how big it is.
How to Know If You’ve Been Attacked and What to Do in Case of Negative SEO Attack
One of the biggest problem you may face when dealing with negative SEO attacks is that most of the times, when they are noticed, it is already too late to repair the damage immediately. Usually, a company or a webmaster becomes aware of such attack after being punished by a search engine or after a significant drop in organic traffic. However, there are a few things you should look for and act immediately after you are aware of them. Here’s a list of the most reliable signs of a negative SEO attack:
- You notice a suspect number of unrelated links coming from unreliable or unrelated sources. For instance, if you have a SEO related blog in English and get hundreds if not thousands of links from gaming, porn and other unrelated websites, mostly not even in your own language.
- Significant web traffic changes. I am referring, of course, to lower organic traffic rates and not sudden increases which can happen due to a influencer pointing a link to your site.
- Sudden changes in your website’s usability. The loading times for each page increase.
What to Do in Case of Attack?
Well, prevention has been the best cure known to mankind since the dawn of civilization. I have already talked about this topic in the previous chapter so I am only going to state here some important tips you should follow after a negative SEO attack:
Use Google Webmaster Tools: Register your website and use the tools regularly to monitor your links. You will know immediately if your site was hacked, penalized or infected.
Disavow links: Matt Cutts and John Mueller recommend the Disavow Tool. Fortunately, Google has made things simple for webmasters who are suspicious about back links to their websites. You can use this tool available in Webmaster Tools in order to disavow all the links you find and seem to be unnatural for your website. As long as you do it in time, you will not face major problems. However, you can do it also after you become aware of a negative SEO attack. If you do get penalized before you manage to disavow the bad links, the reconsideration request can take longer, especially if it was a manual penalty. The cognitiveSEO tool can help you quickly generate disavow files that can be easily uploaded to Google.
Commit to Protecting Your Online Reputation
The easiest way to protect yourself or your business from negative SEO attacks is to continuously work on your online reputation. What does this mean?
- Register your name or brand as a domain: In other words, if you want to build a personal brand, buy the domain that is closest to your full name. Do the same thing if you want to protect a brand or a business. Thus, you will prevent other people from stealing this important property from you.
- Create social media profiles on all social media platforms: Even if you are not a regular user on a specific platform, it’s better to register an account in your name or brand in order to prevent others from doing the exact same thing. Post regularly on some of the most engaging social media communities for your industry.
- Encourage online reviews: People trust other people’s inputs about specific products, services or website. Therefore, the more reviews you have, the smaller the chance to be put down by an attack. Sure, they can do some damage but the reviews will still be there after an attack and you can use them in order to reclaim your position and not lose many customers.
- Invest time in a content marketing strategy: The greater your online influence in a specific industry, the easier it will be to recover from attacks and make a great name of yourself and your company. Content marketing attracts more followers, more customers and more relevant backlinks to your website.
- Create a powerful brand: The more powerful your brand is, the harder it will be for someone to destroy it. Start with your logo and continue by creating great visuals for your website and social media profiles. There are several professional tools available online that will help you design your logos and banners such as Bannersnack.
Use it to start building your brand. Then, take care of your content which should be at the same time valuable and professionally written. Don’t neglect your customers and fans, maintain all lines of communication open and make sure every single question they ask gets answered as soon as possible.
There are many ways in which someone can negatively affect your search engine rankings and even hack your website for the same purpose. We’ve learned a few things about negative SEO throughout this article and hopefully, we all know how to avoid such attacks or at least what to do afterwards. Awareness is the key and knowledge gives you power.
Stay up to date with everything that happens and check your website regularly and I am sure you will keep your website and your brand safe from the outside influence.
What do you know about negative SEO attacks? Were you attacked by competitors in this way? How did you managed to restore your rankings and maybe, your credibility? Please tell me more of your related experiences in the comments section available below. I am more than eager to learn more about this topic and I am sure our readers are searching for new data as well.
About the author:
Robert Katai is a visual marketer, blogger and content strategist at Bannersnack. He is also a professional banner creation app for designers & marketers and passionate about visual marketing, Instagram, content marketing. He is always up-to-date with the latest trends.