If 2017 taught us anything, it’s that not everyone – I don’t care what industry you’re in – is ethical. The same goes for digital marketing. In every niche, there are black mustachioed villains (cue your best evil laugh) who are more willing to wreak havoc on their competitors than do the hard work of making their site more visible to search engines, and more effective conversion and sales vehicles.
As a suite of tactics, negative SEO is nothing new. The dark arts of SEO have been around since the industry began. The methods used today have grown and become more sophisticated as nefarious agents and the marketers who hire them are increasingly knowledgeable. Google too, has become more advanced.
Before we dive into the most common negative SEO tactics, there’s a tactic I believe will be exploited more in 2018: fake negative reviews and social signals.
During the 2016 US Presidential Election, bots “pwnd” us with fake comments and skewed what was thought to be public opinion. The trend continued into 2017; most notably bots broke the FCC’s public comment system during a request for feedback regarding Net Neutrality.
Bot generated comments are inescapable; they’ve overrun comment threads on news websites and Facebook feeds. They’ve been employed to create negative buzz around undeserving products and services. Fake reviews have even blurred the line between truth and fiction to a degree where the differences are indistinguishable on some platforms (Amazon has had a huge problem with this). Think about the impact that could have on your brand!
How to Combat Fake Reviews and Social Signals
- Gather product reviews: Encourage your customers to submit reviews of your products and services on Google as well as other trusted review sites.
- Post customer reviews on your website: There are many ways to do this, but one option is a site called TrustPilot. You can integrate TrustPilot with your website and send emails to customers encouraging them to review your products or services.
- Monitor reviews: Determining whether a review is fake or not is not extremely difficult. Bogus reviews include a lot of hints that they’re fake. If you suspect reviews left on any site are fake, contact the website owner and explain why you believe the review is not authentic. They may not remove it, but they may give you the opportunity to respond.
- Respond to every review whether you believe it is fake or not: Google includes responses to reviews into their algorithm, so a positive response to a negative review can yield positive effects. Furthermore, it shows your customers you’re willing to make good on bad customer experiences.
- Claim social profiles on every popular social platform: Even if you have no plans to use these platforms, you should own your brand on places like Twitter, Facebook, YouTube, Instagram and any other platforms widely used in your niche.
- Don’t purchase fake reviews: Finally, don’t ever consider (not even for a second) to use a service like Fiverr to generate reviews! There are more than 100 offers to post “Google Local Reviews”, from people who most likely have never purchased your products or services. Chances are they do not live in a ZIP code your business services!
I believe we’ll see an increase in negative reviews and social signals because other some of the methods discussed below are becoming less effective.
Cliffs Notes on Common Negative SEO Tactics
There’s a litany of information on the tactics covered below. While it’s helpful to know all the details of each tactic, it’s more important to know how to monitor against attacks and what to do if your site is targeted.
1. Spammy Link Development or Removal of High-Quality Links
This is the most widely used negative SEO tactic, it’s less effective today because advancements to Google’s linking algorithm make bad links less damaging than before.
For our clients, we always perform a Backlink Analysis. This report lets us see the current state of a site’s backlinks when we begin work. As our engagement with a client matures, we perform checks to monitor for changes in a client’s backlink profile to determine if something unnatural is afoot.
If your site has been attacked using this tactic, it’s best to inform Google of the links you wish to have them ignore using the disavow links tool.
2. DDoS (Distributed Denial-of-Service) Attacks
The goal is to repeatedly crawl your site to make it difficult for your customers to use, difficult for Google to crawl, and ultimately take it offline due to heavy server load. If you think this doesn’t happen very frequently, Nexusguard reported in June 2017 that DDoS attacked had increased 380% in the first quarter of 2017!
Additionally, if your site uses WordPress, there are security measures you should take. Plugins like Wordfence can track traffic sources by IP and country, and automatically block them. If you’re on a cheap host, you’re already at a disadvantage for a lot of negative SEO tactics, so you may want to consider moving to a more secure, managed hosting provider like WPEngine or Cloudflare – they offer unmetered DDOS attack mitigation, so no matter how large the attack is, your site is covered!
3. Intentional Content Duplication
It’s been said that copying is the sincerest form of flattery, but try telling that to Google!
If you’re a manufacturer or distributor of popular products, content you get from a manufacturer or supply to resellers may show up in Copyscape. For example, when multiple sites are selling the same product and are all using the same product description and specifications. To make your content more valuable to Google, it needs to be unique and useful!
4. Content or Code Changes
To use an offline analogy, this like leaving your house key under the mat at your front door. Someone malicious finds the key, unlocks your house, and remodels portions or all of it. Sometimes the changes go unnoticed, maybe they swap out a light fixture or two. Sometimes, they remodel the whole house in tacky gold lame.
5. Remove your site from Google
Someone you’ve hired in the past decides to harm your site when the relationship ends; also known as the “Et tu Brute?” method.
When you terminate a relationship with an employee or outside vendor, remove their access prior to the end of the relationship if you suspect that they may attempt to harm your business when they are let go. Also, never turn over ownership of a site to a third-party agency. You can usually give them enough access to tools without requiring making them an owner of a tool like Google Search Console.
Hacks (code injection, redirecting traffic, information theft, etc.) can take shape a variety of different ways. Hacks are frequently carried out with no negative SEO purpose in mind. But, if Google discovers that your site has been hacked, they display a message in search results that communicate to searchers that your site has been compromised and may not be safe.
This can discourage people from staying on your site. There is some work in migrating to HTTPS, but the investment is worth it, as it adds more encryption to the data your site collects.
Additionally, don’t forget to lock down any directory and file permissions. If scripts and files use permissions that allow for write and execute access by users at large, the code on your site can be can be modified and executed via FTP. But most importantly, use secure passwords!
Final Thought: Document. Everything.
Whew! There’s a lot of ways that sites can be attacked. Finally, you can take one additional step in Google Analytics to correlate your activities to fluctuations in traffic. Use annotations to help determine if drops in traffic or performance are related to your changes or are the work of someone on the outside.
If you are looking for a list of Google algorithm changes over the past several years, check out this list from Moz, or this list of confirmed and suspected Google updates from Search Engine Roundtable. Between annotations, listed updates and regularly scheduled monitoring, you can be ready in the event an attack does occur and defend your site as necessary.
Build a Strong Foundation with an Onsite SEO Audit
You wouldn’t build your house without laying a strong foundation. Don’t build your web content on a foundation of shoddy SEO. Start with a technical onsite SEO audit to accelerate your success.