If 2017 taught us anything, it’s that not everyone – I don't care what industry you’re in – is ethical. The same goes for digital marketing. In every niche, there are black mustachioed villains (cue your best evil laugh) who are more willing to wreak havoc on their competitors than do the hard work of making their site more visible to search engines, and more effective conversion and sales vehicles.
As a suite of tactics, negative SEO is nothing new. The dark arts of SEO have been around since the industry began. The methods used today have grown and become more sophisticated as nefarious agents and the marketers who hire them are increasingly knowledgeable. Google too, has become more advanced.
Before we dive into the most common negative SEO tactics, there’s a tactic I believe will be exploited more in 2018: fake negative reviews and social signals.
During the 2016 US Presidential Election, bots "pwnd" us with fake comments and skewed what was thought to be public opinion. The trend continued into 2017; most notably bots broke the FCC's public comment system during a request for feedback regarding Net Neutrality.
Bot generated comments are inescapable; they've overrun comment threads on news websites and Facebook feeds. They've been employed to create negative buzz around undeserving products and services. Fake reviews have even blurred the line between truth and fiction to a degree where the differences are indistinguishable on some platforms (Amazon has had a huge problem with this). Think about the impact that could have on your brand!
I believe we'll see an increase in negative reviews and social signals because other some of the methods discussed below are becoming less effective.
There’s a litany of information on the tactics covered below. While it’s helpful to know all the details of each tactic, it’s more important to know how to monitor against attacks and what to do if your site is targeted.
This is the most widely used negative SEO tactic, it’s less effective today because advancements to Google's linking algorithm make bad links less damaging than before.
How it happens
The attacker creates a network of links on low-quality sites or known link farms to lower your site's domain authority. Additionally, agents may use anchor text that includes your money keywords, or they may use other link text that Google would flag because it is against their Webmaster Guidelines. Additionally, these same people may reach out to those high-quality sites and attempt to get your links changed or removed.
How to stay safe
Monitor your backlinks using tools like SEMRush, Ahrefs, and Google Search Console. Look large increases in backlinks and referring domains. Also make sure that your high-quality links still exist.
For our clients, we always perform a Backlink Analysis. This report lets us see the current state of a site's backlinks when we begin work. As our engagement with a client matures, we perform checks to monitor for changes in a client's backlink profile to determine if something unnatural is afoot. If your site has been attacked using this tactic, it’s best to inform Google of the links you wish to have them ignore using the disavow links tool.
The goal is to repeatedly crawl your site to make it difficult for your customers to use, difficult for Google to crawl, and ultimately take it offline due to heavy server load. If you think this doesn't happen very frequently, Nexusguard reported in June 2017 that DDoS attacked had increased 380% in the first quarter of 2017!
How it happens
Using automated crawlers (and mayhem), an agent sends a heavy load of traffic to your site to crash it. If Google cannot reach your site and easily crawl it, your visibility will decline. Furthermore, the real traffic you get, won't come back due to the poor site experience.
How to stay safe
Keep track of your site's speed. If you notice that your site is slowing down, and there are no onsite technical issues, have your webmaster or hosting company review server logs to determine the source of traffic. If you determine that the traffic load is an attempt to crash your site, then you can block those nefarious crawlers with your robots.txt and .htaccess.[/vc_message][vc_column_text]Additionally, if your site uses WordPress, there are security measures you should take. Plugins like Wordfence can track traffic sources by IP and country, and automatically block them. If you’re on a cheap host, you’re already at a disadvantage for a lot of negative SEO tactics, so you may want to consider moving to a more secure, managed hosting provider like WPEngine or Cloudflare – they offer unmetered DDOS attack mitigation, so no matter how large the attack is, your site is covered!
It's been said that copying is the sincerest form of flattery, but try telling that to Google! If you’re a manufacturer or distributor of popular products, content you get from a manufacturer or supply to resellers may show up in Copyscape. For example, when multiple sites are selling the same product and are all using the same product description and specifications. To make your content more valuable to Google, it needs to be unique and useful!
How it happens
A tool is used to copy your site's pages and recreate them on another domain. Remember, Google typically rewards the best visibility to the site deemed to have the original content, so this method is only effective when your content has not been discovered yet. However, a scraped site may start performing well if Google determines it has some quality link signals pointing to it.
How to stay safe
Use a tool like Copyscape to determine if copies of your site exist. If you do find that sites are recreating a single page or more of your website, the best course of action is to attempt to contact the webmaster and ask them to remove it. If that does not work, you may want to report the scraping site using Google's copyright infringement report.
To use an offline analogy, this like leaving your house key under the mat at your front door. Someone malicious finds the key, unlocks your house, and remodels portions or all of it. Sometimes the changes go unnoticed, maybe they swap out a light fixture or two. Sometimes, they remodel the whole house in tacky gold lame.
How it happens
A hacker finds a backdoor security hole in your site and gains access to your code and content. They may make changes that are visible to your customers. Frequently though, they install scripts that show different versions of pages to Google that usually include links to other sites that they want to promote. They’re just looking to leverage your site's domain authority to give them a rankings boost. When a hacker looks to make large visible changes to a site, they may be making a statement, and most often, they may be holding your site for ransom; to get your site restored, you must pay up a large sum of money.
How to stay safe
Keep your software (WordPress version and all plugins) up to date! Establish a backup procedure, so if you do get attacked, it’s easier to roll back to a clean version or your site. As mentioned earlier, use a reputable host; it may cost more, but it’s going to be less expensive than correcting a compromised website.
Someone you’ve hired in the past decides to harm your site when the relationship ends; also known as the "Et tu Brute?" method.
How it happens
When a working relationship is terminated, the consultant makes changes to the website that change Google's access to the site. Most commonly this involves changing the rules in the robots.txt file to disallow all bots from crawling the website. Additionally, if your site is verified with Google Search Console, this same person could remove your site from Google's index. Beware of disgruntled employees who are either terminated or voluntarily leave a company, they’re commonly the types of people who perform these damaging changes.
How to stay safe
Monitor your organic traffic and rankings frequently. Check traffic several times a week using Google Analytics or similar tool. Rankings can be checked manually in a browser. You can also use the "site" command to see how many of your pages are currently indexed by Google if you suspect something has changed. If you do have your site verified with Google Search Console, you can navigate to Google Index > Remove URLs. If a request has been made in the past 90 days, you will see it here if you are a verified owner.
When you terminate a relationship with an employee or outside vendor, remove their access prior to the end of the relationship if you suspect that they may attempt to harm your business when they are let go. Also, never turn over ownership of a site to a third-party agency. You can usually give them enough access to tools without requiring making them an owner of a tool like Google Search Console.
Hacks (code injection, redirecting traffic, information theft, etc.) can take shape a variety of different ways. Hacks are frequently carried out with no negative SEO purpose in mind. But, if Google discovers that your site has been hacked, they display a message in search results that communicate to searchers that your site has been compromised and may not be safe.
How it happens
A hacker gains access to your website via a security flaw in your website, hosting environment, or database. Once entry is gained, they can perform any number of malicious activities including theft of credit card and personal information, steal your browser's cookies, even redirect traffic to other domains that they control. There are literally hundreds of different tactics that can be employed once your site is breached.
How to stay safe
Keep your site's software up to date. Install security tools on your website, such as plugins. Additionally, if you are not already using HTTPS, its time to make the switch! Google is now warning searchers in the browser if the site they are on is not secure.
This can discourage people from staying on your site. There is some work in migrating to HTTPS, but the investment is worth it, as it adds more encryption to the data your site collects.
Additionally, don't forget to lock down any directory and file permissions. If scripts and files use permissions that allow for write and execute access by users at large, the code on your site can be can be modified and executed via FTP. But most importantly, use secure passwords!
Whew! There's a lot of ways that sites can be attacked. Finally, you can take one additional step in Google Analytics to correlate your activities to fluctuations in traffic. Use annotations to help determine if drops in traffic or performance are related to your changes or are the work of someone on the outside.
If you are looking for a list of Google algorithm changes over the past several years, check out this list from Moz, or this list of confirmed and suspected Google updates from Search Engine Roundtable. Between annotations, listed updates and regularly scheduled monitoring, you can be ready in the event an attack does occur and defend your site as necessary.