It’s a tactic that’s arguably as old as search engine optimization (SEO) itself.
SEO spam, often referred to as spamdexing, basically has the same core goal as any other black hat tactic. Rather than working to gradually build up one’s web presence and generate revenue organically, it attempts to take a fast-tracked shortcut to make money — using someone else’s website to promote content that wouldn’t appear on the search engine results page otherwise.
As you might expect, this has the potential to destroy both your website and your brand.
Don’t make the mistake of thinking that you’re safe from SEO spam injection if you’re a smaller business, either. If anything, the fact that you’re a smaller entity makes you a more attractive target, as smaller organizations are likely to have a careless attitude or lack a proper security budget. To make matters worse, since attacks of this nature are difficult to detect, they can remain hidden in plain sight for a long time, causing exponentially more damage as time goes on.
First, by knowing the signs of spamdexing:
- A sudden, unexpected decrease or increase in user traffic with no clear source
- Unexpected ads or unusual anchor text showing up on your website
- New, spammy content appearing on your website
- Spam being sent via your email server
- Unexpected warnings or penalties in the Google Search Console
- Crawl errors on your website
Note that in addition to looking for the above signs manually, you can use a tool such as Ahrefs to check your backlink profile, or a third-party scanner designed to detect the presence of SEO spam. Either way, once you’ve determined you’re the victim of spamdexing, the next step is to figure out how it happened. How did hackers gain access to your site?
Generally speaking, it’s because of poor security. Failing to keep things updated, using weak passwords or credentials, and so on. The good news is that this means protecting yourself from SEO spam isn’t actually that difficult.
- Audit your passwords. Ensure every user with administrative privileges uses strong login credentials. You might also consider adding brute force protection.
- Use a firewall. This is just basic cybersecurity. You should also use antimalware and antispam software on your website.
- Keep everything up to date. We cannot stress this enough. Do not slack on installing patches and updates. Failing to keep your website updated effectively means you’re leaving the door open to hackers.
- Assign user permissions with care. No user should have permissions they don’t absolutely need. Otherwise, there’s the potential for a hacker to gain unfettered access to your site, at which point they can essentially go wild.
Maintaining your reputation and trust is more important than ever before. Spamdexing, although it’s not as dangerous a tactic as it was five years ago, can still damage both. It’s therefore critical that you’re proactive with your website’s security — because that is, and always will be the best way to keep yourself safe from SEO spam.