Moz Q&A is closed.
After more than 13 years, and tens of thousands of questions, Moz Q&A closed on 12th December 2024. Whilst we’re not completely removing the content - many posts will still be possible to view - we have locked both new posts and new replies. More details here.
Advice needed! How to clear a website of a Wordpress Spam Link Injection Google penalty?
-
Hi Guys,
I am currently working on website that has been penalised by Google for a spam link injection. The website was hacked and 17,000 hidden links were injected.
All the links have been removed and the site has subsequently been redesigned and re-built. That was the easy part
The problems comes when I look on Webmaster. Google is showing 1000's of internal spam links to the homepage and other pages within the site. These pages do not actually exist as they were cleared along with all the other spam links.
I do believe though this is causing problems with the websites rankings. Certain pages are not ranking on Google and the homepage keyword rankings are fluctuating massively.
I have reviewed the website's external links and these are all fine.
Does anyone have any experience of this and can provide any recommendations / advice for clearing the site from Google penalty?
Thanks, Duncan
-
Piggybacking on Kane - since these bad/phantom pages were in one folder, can you request removal in Search Console? It should at least speed things up. Unfortunately, the links can show for weeks or months after they're removed, even if Google doesn't seem to be caching them. If the pages aren't indexed/cached, and the numbers in the console seem to be gradually dropping, I'm not sure if there's a lot more you can do, unfortunately.
-
Hey Duncan, sounds like you've covered the basics. If this had happened a month ago I'd tell you to wait it out, but since it's been 5 months it seems like it should have cleared up by now if it was simply a matter of waiting for Google to deindex everything.
I've put a note out to other associates on Moz Q&A to see if they have any suggestions.
-
We got a hacked site warning on Google results for the company Brand name....but nothing in the Search Console.
Performance is not exactly site wide - some pages only rank for exact match page title search term but not any variations... (e.g. Very Green widgets - page title - the site will rank for Very Green widgets but no variations e.g. Green widgets).
Other pages seem to be fine.... but none rank on page one.
It does seem those pages that had the most links pointing to them have been affected the worse. However, that said - there is a page that that has several 1000 internal spammy links showing but the page does rank ok and does rank for different keywords....another piece of the puzzle!
We checked rankings and at the time of the hack - the site definitely dropped.
Hope that helps!!
Duncan
-
Gotcha... It's fairly standard to see old links in Search Console that have long since been removed, so that concerns me less as long as the 404s are showing up properly and getting noindexed.
Did you receive any "hacked site" warnings in Search Console back in May?
As far as performance issues - is this sitewide, or does it just seem to be occurring on the pages that had the most links pointed at them? Do you still have any pages ranking in top 3 for a semi-competitive term? Out of the pages that did have spammy links to them, are any performing well - on page 1 for target keyword?
-
HI Kane
Thanks for your response! We did do a disavow just on some old directories which looked ok - but it was more of a precautionary measure.
CMS is now all good and secure.
The spammy links were a in subfolder which was deleted (creating 1000's of 404's). The website was then entirely moved to a new secure hosting environment.
Just on your questions...
Yes - the website was fine up until the hack.
The hack happened in May of this year.....a full clean up happened within 3 days after the attack.
Your last point.....yes - they are showing up as 404's. The website initially had 17,000 spammy 404 errors. Google has since reduced that to 3000. As these pages are removed from the index, this gives me hope that the problem is being resolved.
However - the strange part - even though the 404's are being reduced in Webmaster, the number of internal spammy links showing in the Console are not being reduced. It's static.
For example, the homepage shows 6,300 internal links. In reality it only has about a 120. The rest are all spammy (404) links. I do believe that this is causing ranking problems.....? Do you think that is right?
Thanks, Duncan
-
Hi Duncan,
Here's some initial thoughts on steps I would take:
- Since external links are fine, there shouldn't be a need to do anything disavow-related, but I would definitely do that if you see any external links pointed to those old pages, which is common with hacked sites.
- Sounds like you've covered your bases regarding preventing the site from getting hacked again at a CMS level, database level, plugin level, etc., so I'll assume that is good to go.
- If these spammy internal pages were all in a specific subfolder, you could block that subfolder via Robots.txt to send a stronger signal that the URLs should be ignored and de-indexed.
- The internal links should disappear as the pages are removed from the index, but that can take awhile, and it's not uncommon for Search Console to display pages/links/data that have since gone away.
And a couple of questions for you:
- Once those bases are covered, then you're still faced with the potential "penalty", or poor performance. I'm assuming that these pages not ranking in Google were performing well before the site hack?
- How long has it been since the site was initially hacked, and how long since full cleanup was completed?
- Are the spammy internal pages showing up as 404 crawl errors yet?
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Does google sandbox aged domains too?
Hello, i have a question. Recently i bought a domain from godaddy auction which is 23 years old and have DA 37 PA 34 Before bidding i check out the domain on google using this query to make sure if pages of this website are showing or not (site:mydomain.com) only home page was indexed on google. Further i check the domain on archive web the domain was last active in 2015. And then it parked for long about 4 years. So now my question does google consider these type of domain as new or will sandboxed them if i try to rebuild them and rank for other niche keywords ? Because its been 4 weeks i have been building links to my domain send several profile and social signals to my domain. My post is indexed on google but not showing in any google serp result.
White Hat / Black Hat SEO | Aug 6, 2019, 4:53 PM | Steven231 -
How does Google determine if a link is paid or not?
We are currently doing some outreach to bloggers to review our products and provide us with backlinks (preferably followed). The bloggers get to keep the products (usually about $30 worth). According to Google's link schemes, this is a no-no. But my question is, how would Google ever know if the blogger was paid or given freebies for their content? This is the "best" article I could find related to the subject: http://searchenginewatch.com/article/2332787/Matt-Cutts-Shares-4-Ways-Google-Evaluates-Paid-Links The article tells us what qualifies as a paid link, but it doesn't tell us how Google identifies if links were paid or not. It also says that "loans" or okay, but "gifts" are not. How would Google know the difference? For all Google knows (maybe everything?), the blogger returned the products to us after reviewing them. Does anyone have any ideas on this? Maybe Google watches over terms like, "this is a sponsored post" or "materials provided by 'x'". Even so, I hope that wouldn't be enough to warrant a penalty.
White Hat / Black Hat SEO | Aug 10, 2014, 6:53 PM | jampaper0 -
Website not listing in google - screaming frog shows 500 error? What could the issue be?
Hey, http://www.interconnect.org.uk/ - the site seems to load fine, but for some reason the site is not getting indexed. I tried running the site on screaming frog, and it gives a 500 error code, which suggests it can't access the site? I'm guessing this is the same problem google is having, do you have any ideas as to why this may be and how I can rectify this? Thanks, Andrew
White Hat / Black Hat SEO | Nov 7, 2013, 9:47 AM | Heehaw0 -
Pages linked with Spam been 301 redirected to 404\. Is it ok
Pl suggest, some pages having some spam links pointed to those pages are been redirected to 404 error page (through 301 redirect) - as removing them manually was not possible due to part of core component of cms and many other coding issue, the only way as advised by developer was making 301 redirect to 404 page. Does by redirecting these pages to 404 page using 301 redirect, will nullify all negative or spam links pointing to them and eventually will remove the resulting spam impact on the site too. Many Thanks
White Hat / Black Hat SEO | Nov 11, 2014, 8:55 PM | Modi0 -
Site being targeted by hardcore porn links
We noticed recently a huge amount of referral traffic coming to a client's site from various hard cord porn sites. One of the sites has become the 4th largest referrer and there are maybe 20 other sites sending traffic. I did a Whois look up on some of the sites and they're all registered to various people & companies, most of them are pretty shady looking. I don't know if the sites have been hacked or are deliberately sending traffic to my client's site, but it's obviously a concern. The client's site was compromised a few months ago and had a bunch of spam links inserted into the homepage code. Has anyone else seen this before? Any ideas why someone would do this, what the risks are and how we fix it? All help & suggestions greatly appreciated, many thanks in advance. MB.
White Hat / Black Hat SEO | Jan 21, 2013, 11:39 PM | MattBarker0 -
Link Building using Badges
In light of penguin update, is link building using badges(like "I love SEOMOZ" badge) still considered a white hat tactic? I have read old posts on SEOMOZ blog about this topic and wondering if this method is still effective. Look forward to feedback from MOZers.
White Hat / Black Hat SEO | May 21, 2012, 2:10 PM | Amjath0 -
Partners and Customers logo listing and links
We have just created a program where we list the customers that use our software and a link to their websites on a new "Customers" page. We expect to have upwards of 100 logos with links back to their sites. I want to be sure this isn't bordering on gray or black hat link building. I think it is okay since they are actual users of our software. But there is still that slight doubt. Along these same lines, would you recommend adding a nofollow or noindex tag? Thanks for your help.
White Hat / Black Hat SEO | May 4, 2011, 6:23 PM | PerriCline0