Moz Q&A is closed.
After more than 13 years, and tens of thousands of questions, Moz Q&A closed on 12th December 2024. Whilst we’re not completely removing the content - many posts will still be possible to view - we have locked both new posts and new replies. More details here.
Advice needed! How to clear a website of a Wordpress Spam Link Injection Google penalty?
-
Hi Guys,
I am currently working on website that has been penalised by Google for a spam link injection. The website was hacked and 17,000 hidden links were injected.
All the links have been removed and the site has subsequently been redesigned and re-built. That was the easy part
The problems comes when I look on Webmaster. Google is showing 1000's of internal spam links to the homepage and other pages within the site. These pages do not actually exist as they were cleared along with all the other spam links.
I do believe though this is causing problems with the websites rankings. Certain pages are not ranking on Google and the homepage keyword rankings are fluctuating massively.
I have reviewed the website's external links and these are all fine.
Does anyone have any experience of this and can provide any recommendations / advice for clearing the site from Google penalty?
Thanks, Duncan
-
Piggybacking on Kane - since these bad/phantom pages were in one folder, can you request removal in Search Console? It should at least speed things up. Unfortunately, the links can show for weeks or months after they're removed, even if Google doesn't seem to be caching them. If the pages aren't indexed/cached, and the numbers in the console seem to be gradually dropping, I'm not sure if there's a lot more you can do, unfortunately.
-
Hey Duncan, sounds like you've covered the basics. If this had happened a month ago I'd tell you to wait it out, but since it's been 5 months it seems like it should have cleared up by now if it was simply a matter of waiting for Google to deindex everything.
I've put a note out to other associates on Moz Q&A to see if they have any suggestions.
-
We got a hacked site warning on Google results for the company Brand name....but nothing in the Search Console.
Performance is not exactly site wide - some pages only rank for exact match page title search term but not any variations... (e.g. Very Green widgets - page title - the site will rank for Very Green widgets but no variations e.g. Green widgets).
Other pages seem to be fine.... but none rank on page one.
It does seem those pages that had the most links pointing to them have been affected the worse. However, that said - there is a page that that has several 1000 internal spammy links showing but the page does rank ok and does rank for different keywords....another piece of the puzzle!
We checked rankings and at the time of the hack - the site definitely dropped.
Hope that helps!!
Duncan
-
Gotcha... It's fairly standard to see old links in Search Console that have long since been removed, so that concerns me less as long as the 404s are showing up properly and getting noindexed.
Did you receive any "hacked site" warnings in Search Console back in May?
As far as performance issues - is this sitewide, or does it just seem to be occurring on the pages that had the most links pointed at them? Do you still have any pages ranking in top 3 for a semi-competitive term? Out of the pages that did have spammy links to them, are any performing well - on page 1 for target keyword?
-
HI Kane
Thanks for your response! We did do a disavow just on some old directories which looked ok - but it was more of a precautionary measure.
CMS is now all good and secure.
The spammy links were a in subfolder which was deleted (creating 1000's of 404's). The website was then entirely moved to a new secure hosting environment.
Just on your questions...
Yes - the website was fine up until the hack.
The hack happened in May of this year.....a full clean up happened within 3 days after the attack.
Your last point.....yes - they are showing up as 404's. The website initially had 17,000 spammy 404 errors. Google has since reduced that to 3000. As these pages are removed from the index, this gives me hope that the problem is being resolved.
However - the strange part - even though the 404's are being reduced in Webmaster, the number of internal spammy links showing in the Console are not being reduced. It's static.
For example, the homepage shows 6,300 internal links. In reality it only has about a 120. The rest are all spammy (404) links. I do believe that this is causing ranking problems.....? Do you think that is right?
Thanks, Duncan
-
Hi Duncan,
Here's some initial thoughts on steps I would take:
- Since external links are fine, there shouldn't be a need to do anything disavow-related, but I would definitely do that if you see any external links pointed to those old pages, which is common with hacked sites.
- Sounds like you've covered your bases regarding preventing the site from getting hacked again at a CMS level, database level, plugin level, etc., so I'll assume that is good to go.
- If these spammy internal pages were all in a specific subfolder, you could block that subfolder via Robots.txt to send a stronger signal that the URLs should be ignored and de-indexed.
- The internal links should disappear as the pages are removed from the index, but that can take awhile, and it's not uncommon for Search Console to display pages/links/data that have since gone away.
And a couple of questions for you:
- Once those bases are covered, then you're still faced with the potential "penalty", or poor performance. I'm assuming that these pages not ranking in Google were performing well before the site hack?
- How long has it been since the site was initially hacked, and how long since full cleanup was completed?
- Are the spammy internal pages showing up as 404 crawl errors yet?
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Too many dofollow links = penalty?
Hi. I currently have 150 backlinks, 90% of them are dofollow, while only 10% are nofollow. I recently hit position #10 for my main keyword, but now it is dropped to #16 and a lot of related keywords are gone. So I have a few questions: 1. Was my website penalized for having an unnatural backlink profile (too many dofollow links), or maybe this drop in positions is just a temporary, natural thing? 2. Isn’t it too late for making the backlink profile look more natural by building more nofollow backlinks and making it 50%/50%? Thank you!
White Hat / Black Hat SEO | | NathalieBr0 -
Does google sandbox aged domains too?
Hello, i have a question. Recently i bought a domain from godaddy auction which is 23 years old and have DA 37 PA 34 Before bidding i check out the domain on google using this query to make sure if pages of this website are showing or not (site:mydomain.com) only home page was indexed on google. Further i check the domain on archive web the domain was last active in 2015. And then it parked for long about 4 years. So now my question does google consider these type of domain as new or will sandboxed them if i try to rebuild them and rank for other niche keywords ? Because its been 4 weeks i have been building links to my domain send several profile and social signals to my domain. My post is indexed on google but not showing in any google serp result.
White Hat / Black Hat SEO | | Steven231 -
Site Footer Links Used for Keyword Spam
I was on the phone with a proposed web relaunch firm for one of my clients listening to them talk about their deep SEO knowledge. I cannot believe that this wouldn’t be considered black-hat or at least very Spammy in which case a client could be in trouble. On this vendor’s site I notice that they stack the footer site map with about 50 links that are basically keywords they are trying to rank for. But here’s the kicker shown by way of example from one of the themes in the footer: 9 footer links:
White Hat / Black Hat SEO | | RosemaryB
Top PR Firms
Best PR Firms
Leading PR Firms
CyberSecurity PR Firms
Cyber Security PR Firms
Technology PR Firms
PR Firm
Government PR Firms
Public Sector PR Firms Each link goes to a unique URL that is basically a knock-off of the homepage with a few words or at the most one sentences swapped out to include this footer link keyword phrase, sometimes there is a different title attribute but generally they are a close match to each other. The canonical for each page links back to itself. I simply can’t believe Google doesn’t consider this Spammy. Interested in your view.
Rosemary0 -
Spam sites with low spam score?
Hello! I have a fair few links on some of the old SEO 'Directory' sites. I've got rid of all the obviously spammy ones - however there are a few that remain which have very low spam scores, and decent page authority, yet they are clearly just SEO directories - I can't believe they service any other purpose. Should we now just be getting rid of all links like this, or is it worth keeping if the domain authority is decent and spam score low? Thanks Sam
White Hat / Black Hat SEO | | wearehappymedia0 -
Disavow links leading to 404
Looking at the link profile anchor text of a site i'm working on new links keep popping up in the reports with let's say very distasteful anchor text. These links are obviously spam and link to old forum pages for the site that doesn't exist any more, so the majority seem to trigger the 404 page. I understand that the 404 page (404 header response) does not flow any link power, or damage, but given the nature and volume of the sites linking to the "domain" would it be a good idea to completely disassociate and disavow these domains?
White Hat / Black Hat SEO | | MickEdwards0 -
Tags on WordPress Sites, Good or bad?
My main concern is about the entire tags strategy. The whole concept has really been first seen by myself on WordPress which seems to be bringing positive results to these sites and now there are even plugins that auto generate tags. Can someone detail more about the pros and cons of tags? I was under the impression that google does not want 1000's of pages auto generated just because of a simple tag keyword, and then show relevant content to that specific tag. Usually these are just like search results pages... how are tag pages beneficial? Is there something going on behind the scenes with wordpress tags that actually bring benefits to these wp blogs? Setting a custom coded tag feature on a custom site just seems to create numerous spammy pages. I understand these pages may be good from a user perspective, but what about from an SEO perspective and getting indexed and driving traffic... Indexed and driving traffic is my main concern here, so as a recap I'd like to understand the pros and cons about tags on wp vs custom coded sites, and the correct way to set these up for SEO purposes.
White Hat / Black Hat SEO | | WebServiceConsulting.com1 -
Cross linking websites of the same company, is it a good idea
As a user I think it is beneficial because those websites are segmented to answer to each customer needs, so I wonder if I should continue to do it or avoid it as much as possible if it damages rankings...
White Hat / Black Hat SEO | | mcany0 -
Disavow - Broken links
I have a client who dealt with an SEO that created not great links for their site. http://www.golfamigos.co.uk/ When I drilled down in opensiteexplorer there are quite a few links where the sites do not exist anymore - so I thought I could test out Disavow out on them .. maybe just about 6 - then we are building good quality links to try and tackle this problem with a more positive approach. I just wondered what the consensus was?
White Hat / Black Hat SEO | | lauratagdigital0