Advice needed! How to clear a website of a Wordpress Spam Link Injection Google penalty?
-
Hi Guys,
I am currently working on website that has been penalised by Google for a spam link injection. The website was hacked and 17,000 hidden links were injected.
All the links have been removed and the site has subsequently been redesigned and re-built. That was the easy part
The problems comes when I look on Webmaster. Google is showing 1000's of internal spam links to the homepage and other pages within the site. These pages do not actually exist as they were cleared along with all the other spam links.
I do believe though this is causing problems with the websites rankings. Certain pages are not ranking on Google and the homepage keyword rankings are fluctuating massively.
I have reviewed the website's external links and these are all fine.
Does anyone have any experience of this and can provide any recommendations / advice for clearing the site from Google penalty?
Thanks, Duncan
-
Piggybacking on Kane - since these bad/phantom pages were in one folder, can you request removal in Search Console? It should at least speed things up. Unfortunately, the links can show for weeks or months after they're removed, even if Google doesn't seem to be caching them. If the pages aren't indexed/cached, and the numbers in the console seem to be gradually dropping, I'm not sure if there's a lot more you can do, unfortunately.
-
Hey Duncan, sounds like you've covered the basics. If this had happened a month ago I'd tell you to wait it out, but since it's been 5 months it seems like it should have cleared up by now if it was simply a matter of waiting for Google to deindex everything.
I've put a note out to other associates on Moz Q&A to see if they have any suggestions.
-
We got a hacked site warning on Google results for the company Brand name....but nothing in the Search Console.
Performance is not exactly site wide - some pages only rank for exact match page title search term but not any variations... (e.g. Very Green widgets - page title - the site will rank for Very Green widgets but no variations e.g. Green widgets).
Other pages seem to be fine.... but none rank on page one.
It does seem those pages that had the most links pointing to them have been affected the worse. However, that said - there is a page that that has several 1000 internal spammy links showing but the page does rank ok and does rank for different keywords....another piece of the puzzle!
We checked rankings and at the time of the hack - the site definitely dropped.
Hope that helps!!
Duncan
-
Gotcha... It's fairly standard to see old links in Search Console that have long since been removed, so that concerns me less as long as the 404s are showing up properly and getting noindexed.
Did you receive any "hacked site" warnings in Search Console back in May?
As far as performance issues - is this sitewide, or does it just seem to be occurring on the pages that had the most links pointed at them? Do you still have any pages ranking in top 3 for a semi-competitive term? Out of the pages that did have spammy links to them, are any performing well - on page 1 for target keyword?
-
HI Kane
Thanks for your response! We did do a disavow just on some old directories which looked ok - but it was more of a precautionary measure.
CMS is now all good and secure.
The spammy links were a in subfolder which was deleted (creating 1000's of 404's). The website was then entirely moved to a new secure hosting environment.
Just on your questions...
Yes - the website was fine up until the hack.
The hack happened in May of this year.....a full clean up happened within 3 days after the attack.
Your last point.....yes - they are showing up as 404's. The website initially had 17,000 spammy 404 errors. Google has since reduced that to 3000. As these pages are removed from the index, this gives me hope that the problem is being resolved.
However - the strange part - even though the 404's are being reduced in Webmaster, the number of internal spammy links showing in the Console are not being reduced. It's static.
For example, the homepage shows 6,300 internal links. In reality it only has about a 120. The rest are all spammy (404) links. I do believe that this is causing ranking problems.....? Do you think that is right?
Thanks, Duncan
-
Hi Duncan,
Here's some initial thoughts on steps I would take:
- Since external links are fine, there shouldn't be a need to do anything disavow-related, but I would definitely do that if you see any external links pointed to those old pages, which is common with hacked sites.
- Sounds like you've covered your bases regarding preventing the site from getting hacked again at a CMS level, database level, plugin level, etc., so I'll assume that is good to go.
- If these spammy internal pages were all in a specific subfolder, you could block that subfolder via Robots.txt to send a stronger signal that the URLs should be ignored and de-indexed.
- The internal links should disappear as the pages are removed from the index, but that can take awhile, and it's not uncommon for Search Console to display pages/links/data that have since gone away.
And a couple of questions for you:
- Once those bases are covered, then you're still faced with the potential "penalty", or poor performance. I'm assuming that these pages not ranking in Google were performing well before the site hack?
- How long has it been since the site was initially hacked, and how long since full cleanup was completed?
- Are the spammy internal pages showing up as 404 crawl errors yet?
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Do links from subdomains pass the authority and link juice of main domain ?
Hi, There is a subdomain with a root domain's DA 90. I can earn a backlink from that subdomain. This subdomain is fresh with no traffic yet. Do I get the ranking boost and authority from the subdomain? Example: I can earn a do-follow link from **https://what-is-crm.netlify.app/ **but not from https://netlify.app
White Hat / Black Hat SEO | | teamtc0 -
What to do with internal spam url's google indexed?
I am in SEO for years but never met this problem. I have client who's web page was hacked and there was posted many, hundreds of links, These links has been indexed by google. Actually these links are not in comments but normal external urls's. See picture. What is the best way to remove them? use google disavow tool or just redirect them to some page? The web page is new, but ranks good on google and has domain authority 24. I think that these spam url's improved rankings too 🙂 What would be the best strategy to solve this. Thanks. k9Bviox
White Hat / Black Hat SEO | | AndrisZigurs0 -
Mark up seen as spam - how to solve?
Hi, I have a problem with my structured data. a few week's ago, i received this message in search console:
White Hat / Black Hat SEO | | chalet
'the mark on some pages of your website look like techniques that conflict with the Google guidlines for structured markup with spam'
i checked the guidlines and my website ( www.chalet.nl) but couldn't found any issues that are in conflict with the guidlines from google. So i asked a controle request.
the request was unfortunately rejected. my question: how can i decect the wrong mark? Kind regards,
Jeroen0 -
What is really a bad link in 2017?
Hi, Routine answer is: A link which doesn't provides any value. Tired of listening to this statement where we can see number of back-links been generated with different scenarios. There are still many low DA websites which speaks exactly about a brand and link a brand naturally. So, is this a bad link or good link? Let's be honest here. No one gonna visit such pages and browse through our website; it's all about what it's been doing in-terms of SEO. Do these websites to be in disavow list? Beside the context how a brand been mentioned, what are the other metrics to disavow a domain? Expecting some real answers for this straight question. If it's a low DA site and speaking about exactly our website- Good or bad? Vice-versa...high DA website mentioned website with less matching content. What is the proportion of website authority and content context? Can we keep a medium DA backlinks with some Moz spam score?
White Hat / Black Hat SEO | | vtmoz0 -
Common passwords used for spam accounts?
This is a bit of a longshot. I know that many of the spam forum accounts, blog posts etc that have in the past been used for SEO are generated automatically. Does anyone know of any common passwords that are often used when setting up these accounts? I only ask as, trying to clean up the backlink profile for my website, I found myself in desperation keying in random passwords trying to access the spam accounts created on various forums by our former SEO agency. Eventually I got lucky and worked out the password for a series of forum accounts was, not very imaginatively, 'seo'. Having worked out this, I was able to delete the spam signatures on about 10 forums. But there are many other accounts where I have no idea of the password used. I guess I'm just wondering if there are standard stock passwords used in the past by many SEOs? Not likely to get an answer to this one, I know, but worth a shot.
White Hat / Black Hat SEO | | mgane0 -
Disavow links leading to 404
Looking at the link profile anchor text of a site i'm working on new links keep popping up in the reports with let's say very distasteful anchor text. These links are obviously spam and link to old forum pages for the site that doesn't exist any more, so the majority seem to trigger the 404 page. I understand that the 404 page (404 header response) does not flow any link power, or damage, but given the nature and volume of the sites linking to the "domain" would it be a good idea to completely disassociate and disavow these domains?
White Hat / Black Hat SEO | | MickEdwards0 -
Google profile
I have a google profile https://plus.google.com/u/0/106631271958142100588/ wich is assigned to the url www.propdental.es but i also write a lot of content for to others url My question is if should i create another profile to the others urls witch are also mine but not associated between them. Or can i use the same profile without the risk of losing ranking on the weakest url, as they all compete for similiar keywords Thanks
White Hat / Black Hat SEO | | maestrosonrisas0 -
Link idea? good or bad?
OK so my website ranks fairly well for keywords i would say 50-60 % are ranking in the top 3 my DA is 15 and PA is 28 I have a few other sites that i blog on that i own they have a DA of 11 and PA of 20 i was thinking of just guest posting on those using a keyword Anchor text that im not ranking for and seeing what that would do. I was thinking of creating a few other sites and just blog about random stuff for 3-6 months generate traffic and start guest posting redirecting links back towards me. Is this bad?
White Hat / Black Hat SEO | | gslc0