Negative SEO Tactics in 2018: How to Fix Your Site After It’s Been Attacked

Negative SEO Tactics in 2018: How to Fix Your Site After It’s Been Attacked

If 2017 taught us anything, it’s that not everyone – I don’t care what industry you’re in – is ethical.  The same goes for digital marketing. In every niche, there are black mustachioed villains (cue your best evil laugh) who are more willing to wreak havoc on their competitors than do the hard work of making their site more visible to search engines, and more effective conversion and sales vehicles.

As a suite of tactics, negative SEO is nothing new. The dark arts of SEO have been around since the industry began. The methods used today have grown and become more sophisticated as nefarious agents and the marketers who hire them are increasingly knowledgeable. Google too, has become more advanced.


Before we dive into the most common negative SEO tactics, there’s a tactic I believe will be exploited more in 2018: fake negative reviews and social signals.

During the 2016 US Presidential Election, bots “pwnd” us with fake comments and skewed what was thought to be public opinion. The trend continued into 2017; most notably bots broke the FCC’s public comment system during a request for feedback regarding Net Neutrality.

Bot generated comments are inescapable; they’ve overrun comment threads on news websites and Facebook feeds. They’ve been employed to create negative buzz around undeserving products and services. Fake reviews have even blurred the line between truth and fiction to a degree where the differences are indistinguishable on some platforms (Amazon has had a huge problem with this). Think about the impact that could have on your brand!

How to Combat Fake Reviews and Social Signals

  1. Gather product reviews: Encourage your customers to submit reviews of your products and services on Google as well as other trusted review sites.
  2. Post customer reviews on your website: There are many ways to do this, but one option is a site called TrustPilot. You can integrate TrustPilot with your website and send emails to customers encouraging them to review your products or services.
  3. Monitor reviews: Determining whether a review is fake or not is not extremely difficult. Bogus reviews include a lot of hints that they’re fake. If you suspect reviews left on any site are fake, contact the website owner and explain why you believe the review is not authentic. They may not remove it, but they may give you the opportunity to respond.
  4. Respond to every review whether you believe it is fake or not: Google includes responses to reviews into their algorithm, so a positive response to a negative review can yield positive effects. Furthermore, it shows your customers you’re willing to make good on bad customer experiences.
  5. Claim social profiles on every popular social platform: Even if you have no plans to use these platforms, you should own your brand on places like Twitter, Facebook, YouTube, Instagram and any other platforms widely used in your niche.
  6. Don’t purchase fake reviews: Finally, don’t ever consider (not even for a second) to use a service like Fiverr to generate reviews! There are more than 100 offers to post “Google Local Reviews”, from people who most likely have never purchased your products or services. Chances are they do not live in a ZIP code your business services!
An example of fake review writers offering their services

I believe we’ll see an increase in negative reviews and social signals because other some of the methods discussed below are becoming less effective.

Cliffs Notes on Common Negative SEO Tactics

There’s a litany of information on the tactics covered below. While it’s helpful to know all the details of each tactic, it’s more important to know how to monitor against attacks and what to do if your site is targeted.

1. Spammy Link Development or Removal of High-Quality Links

This is the most widely used negative SEO tactic, it’s less effective today because advancements to Google’s linking algorithm make bad links less damaging than before.

How it happens

The attacker creates a network of links on low-quality sites or known link farms to lower your site’s domain authority. Additionally, agents may use anchor text that includes your money keywords, or they may use other link text that Google would flag because it is against their Webmaster Guidelines. Additionally, these same people may reach out to those high-quality sites and attempt to get your links changed or removed.

How to stay safe

Monitor your backlinks using tools like SEMRush, Ahrefs, and Google Search Console. Look large increases in backlinks and referring domains.  Also make sure that your high-quality links still exist.

For our clients, we always perform a Backlink Analysis. This report lets us see the current state of a site’s backlinks when we begin work. As our engagement with a client matures, we perform checks to monitor for changes in a client’s backlink profile to determine if something unnatural is afoot.

If your site has been attacked using this tactic, it’s best to inform Google of the links you wish to have them ignore using the disavow links tool.

2. DDoS (Distributed Denial-of-Service) Attacks

The goal is to repeatedly crawl your site to make it difficult for your customers to use, difficult for Google to crawl, and ultimately take it offline due to heavy server load. If you think this doesn’t happen very frequently, Nexusguard reported in June 2017 that DDoS attacked had increased 380% in the first quarter of 2017!

How it happens

Using automated crawlers (and mayhem), an agent sends a heavy load of traffic to your site to crash it. If Google cannot reach your site and easily crawl it, your visibility will decline. Furthermore, the real traffic you get, won’t come back due to the poor site experience.

How to stay safe

Keep track of your site’s speed. If you notice that your site is slowing down, and there are no onsite technical issues, have your webmaster or hosting company review server logs to determine the source of traffic. If you determine that the traffic load is an attempt to crash your site, then you can block those nefarious crawlers with your robots.txt and .htaccess.

Additionally, if your site uses WordPress, there are security measures you should take. Plugins like Wordfence can track traffic sources by IP and country, and automatically block them. If you’re on a cheap host, you’re already at a disadvantage for a lot of negative SEO tactics, so you may want to consider moving to a more secure, managed hosting provider like WPEngine or Cloudflare – they offer unmetered DDOS attack mitigation, so no matter how large the attack is, your site is covered!

3. Intentional Content Duplication

It’s been said that copying is the sincerest form of flattery, but try telling that to Google!

If you’re a manufacturer or distributor of popular products, content you get from a manufacturer or supply to resellers may show up in Copyscape. For example, when multiple sites are selling the same product and are all using the same product description and specifications. To make your content more valuable to Google, it needs to be unique and useful!

How it happens

A tool is used to copy your site’s pages and recreate them on another domain. Remember, Google typically rewards the best visibility to the site deemed to have the original content, so this method is only effective when your content has not been discovered yet. However, a scraped site may start performing well if Google determines it has some quality link signals pointing to it.

How to stay safe

Use a tool like Copyscape to determine if copies of your site exist. If you do find that sites are recreating a single page or more of your website, the best course of action is to attempt to contact the webmaster and ask them to remove it. If that does not work, you may want to report the scraping site using Google’s copyright infringement report.

4. Content or Code Changes

To use an offline analogy, this like leaving your house key under the mat at your front door. Someone malicious finds the key, unlocks your house, and remodels portions or all of it. Sometimes the changes go unnoticed, maybe they swap out a light fixture or two. Sometimes, they remodel the whole house in tacky gold lame.

How it happens

A hacker finds a backdoor security hole in your site and gains access to your code and content. They may make changes that are visible to your customers. Frequently though, they install scripts that show different versions of pages to Google that usually include links to other sites that they want to promote. They’re just looking to leverage your site’s domain authority to give them a rankings boost.  When a hacker looks to make large visible changes to a site, they may be making a statement, and most often, they may be holding your site for ransom; to get your site restored, you must pay up a large sum of money.

How to stay safe

Keep your software (WordPress version and all plugins) up to date! Establish a backup procedure, so if you do get attacked, it’s easier to roll back to a clean version or your site. As mentioned earlier, use a reputable host; it may cost more, but it’s going to be less expensive than correcting a compromised website.

5. Remove your site from Google

Someone you’ve hired in the past decides to harm your site when the relationship ends; also known as the “Et tu Brute?” method.

How it happens

When a working relationship is terminated, the consultant makes changes to the website that change Google’s access to the site. Most commonly this involves changing the rules in the robots.txt file to disallow all bots from crawling the website. Additionally, if your site is verified with Google Search Console, this same person could remove your site from Google’s index.  Beware of disgruntled employees who are either terminated or voluntarily leave a company, they’re commonly the types of people who perform these damaging changes.

How to stay safe

Monitor your organic traffic and rankings frequently. Check traffic several times a week using Google Analytics or similar tool. Rankings can be checked manually in a browser. You can also use the “site” command to see how many of your pages are currently indexed by Google if you suspect something has changed.  If you do have your site verified with Google Search Console, you can navigate to Google Index > Remove URLs. If a request has been made in the past 90 days, you will see it here if you are a verified owner.

Remove URLs in Google Analytics

When you terminate a relationship with an employee or outside vendor, remove their access prior to the end of the relationship if you suspect that they may attempt to harm your business when they are let go.  Also, never turn over ownership of a site to a third-party agency. You can usually give them enough access to tools without requiring making them an owner of a tool like Google Search Console.

6. Hacks

Hacks (code injection, redirecting traffic, information theft, etc.) can take shape a variety of different ways. Hacks are frequently carried out with no negative SEO purpose in mind. But, if Google discovers that your site has been hacked, they display a message in search results that communicate to searchers that your site has been compromised and may not be safe.

Example search result with a site flagged by Google

How it happens

A hacker gains access to your website via a security flaw in your website, hosting environment, or database. Once entry is gained, they can perform any number of malicious activities including theft of credit card and personal information, steal your browser’s cookies, even redirect traffic to other domains that they control.  There are literally hundreds of different tactics that can be employed once your site is breached.

How to stay safe

Keep your site’s software up to date. Install security tools on your website, such as plugins. Additionally, if you are not already using HTTPS, its time to make the switch! Google is now warning searchers in the browser if the site they are on is not secure.

This can discourage people from staying on your site.   There is some work in migrating to HTTPS, but the investment is worth it, as it adds more encryption to the data your site collects.

Additionally, don’t forget to lock down any directory and file permissions. If scripts and files use permissions that allow for write and execute access by users at large, the code on your site can be can be modified and executed via FTP. But most importantly, use secure passwords!

Final Thought: Document. Everything.

Whew! There’s a lot of ways that sites can be attacked. Finally, you can take one additional step in Google Analytics to correlate your activities to fluctuations in traffic. Use annotations to help determine if drops in traffic or performance are related to your changes or are the work of someone on the outside.

Session activity in Google Analytics

If you are looking for a list of Google algorithm changes over the past several years, check out this list from Moz, or this list of confirmed and suspected Google updates from Search Engine Roundtable. Between annotations, listed updates and regularly scheduled monitoring, you can be ready in the event an attack does occur and defend your site as necessary.


Build a Strong Foundation with an Onsite SEO Audit

You wouldn’t build your house without laying a strong foundation. Don’t build your web content on a foundation of shoddy SEO. Start with a technical onsite SEO audit to accelerate your success.

Find out more

Seth Nickerson

Seth Nickerson cut his digital marketing teeth when the Internet still had training wheels (Mosaic anyone?). He was sitting in a TV station newsroom in Portland, Oregon when his career in SEO began with a simple question: “How did we get this traffic to the website and how can we get more of it?” He knew that SEO was something worth pursuing because winning at organic search can be a game changing experience for any business.