What is Negative SEO?
It’s a bright and sunny Tuesday morning, you have your coffee in hand at your desk, and everything is all right with the world. You’re looking forward to another productive day at work, when suddenly, you get notifications on your phone from your Google Analytics.
Traffic has dropped to near zero overnight, Google has sent you an email about manual action, and there are 23 missed calls from your admin. You regularly audit your website for issues and check all your backlinks yourself. What just happened?
Then it dawns on you, you’ve just been hit with a malicious negative SEO attack. This can be from a competitor or another party that wants to disrupt your business.
But if we’re being honest, there is no need to panic. Depending on the severity of the attack, there are always solutions that can help you recover.
What Are the Different Types of Negative SEO?
Problem – Toxic Backlink Building
One of the more popular methods of negative SEO is through toxic backlinking. What this means is the person initiating the attack creates a large number of backlinks to illicit websites like porn, gambling, and others. This results in a massive number of poor-quality, irrelevant links to your website.
Another way this is done is through Private Blog Networks, where the attacker creates artificial links to your website.
These links are manipulative, leading to other spurious websites, and have keyword-stuffed anchor texts. There are also chances that the attacker chooses the base of operations in other countries to target a business’s local SEO.
Solution – Toxic Backlink Building
Like the adage goes, prevention is the best solution, and it couldn’t be more true in this case! Regularly audit your website’s backlinks through tools like Google Search Console and others. If it does happen, identify the toxic links by looking at irrelevant domains and anchors. Remember to document everything and keep a record of these links in case evidence is needed.
The Google Disavow tools should be used as a last resort – we don’t recommend this if you are not experienced. Also, when submitting a disavow file, ensure that you’ve spoken to their webmaster about removing the link. Lastly, remember to remain calm! Google’s algorithms are advanced enough to identify and ignore negative SEO attacks.
Problem – Content Scraping
Another malicious negative SEO attack is content scraping. This is done when the attacker copies content from your website and posts it on multiple other sources. The goal here is to outrank your website for the same kind of content. It can also raise duplicate content flags, which can delist your website from searches.
The scraped content is used on a scraper site, which tends to rank higher than your website. It confuses the search engine algorithm as to what the original source of the content is. It dilutes your content’s uniqueness and demoralizes people who have taken time and effort to create it. Automated scraping bots can also slow down your server with aggressive crawling.
Solution – Content Scraping
Content scraping can be challenging to protect against, but it’s not impossible. The first step is to have Google Alerts monitor the internet for specific key phrases that you use on your website. Something that all webmasters and business owners should do is register with the DMCA to set up a formal copyright notice.
The DMCA (Digital Millennium Copyright Act) is part of US copyright law, which prevents other parties from stealing your intellectual rights.
You can leverage the DMCA to file takedown requests on the scraper website, the hosting provider, and with Google. Ensure that when publishing, there are clear authorship and date stamps on the article.
Problem – Malware Injection
A truly malicious negative SEO attack on your website comes in the form of malware injection. The attacker gains access to your website through unscrupulous means and then injects malicious code into your website’s files. These can be anything from unauthorized scripts to redirects to phishing pages. When this happens, Google’s Safe Browsing system detects this malicious code and blacklists your website.
This can cause visitors to land on a warning page when they navigate to your website. Most likely, they are going to navigate away from it, causing a sudden drop in traffic and trust metrics. Another way hackers can take advantage is to host SEO-related spam pages with hidden text and spurious links.
Solution – Malware Injection
The answer to protecting your website from this type of attack is to ensure all your assets are updated. This includes your CMS, plugins, and themes. When choosing plugins or themes, ensure that you only opt for the newer ones, as sometimes older assets will have outdated security protocols. Create strong passwords and enable 2FA (two-factor authentication) on all of your logins.
It is a great idea to implement a website firewall that can prevent a range of attacks like DDOS and other types. To be safe, create backups of your website regularly and store them offline so you’ll always have a backup ready to go up in case of a really bad attack.
How to Find if Your Site Is Suffering From Negative SEO?
Drastic and Unexplained Drop in Traffic
Perhaps the most obvious sign that your website is under attack is the sudden loss of traffic. This is especially telling when you have made no changes to your website or there have been no updates to the algorithm. Check if your competitor’s keywords are doing well, and if they are, you can confirm that you’ve been attacked.
High-ranking keywords completely disappear from search results without any changes to your content. There are also ranking plunges with pages on the 1st page being demoted to the 3rd page and beyond.
Read: How To Know When It’s Time To Find a New SEO Agency
Low Quality Backlinks on Your Audit
If you audit your website’s backlinks consistently, then you might have come across spammy domains and links for your website. During an attack, they don’t come as 1 or 2 links, but as a huge influx of hundreds.
You can also notice this when there is a volume spike of linking domains for your website. Foreign language links, irrelevant anchors, and toxic sources are also the things you’ll notice during the audit.
Negative Reviews and Brand Mentions
Bad reviews and negative brand mentions are another method attackers use to target your business. These kinds of attacks target your brand’s reputation and can harm your SEO metrics as well.
The most common point of origin of these attacks is fake review campaigns where random people leave 1-star reviews on your Google My Business Page. Checking the language for similarity in all the reviews can give you an insight into whether this is a coordinated attack.
Website Flagged for Hacked Content
When you navigate to your website, you are greeted with a warning splash screen citing “Deceptive Site Ahead” or other error messages to the same effect. There will also be warnings on your Google Search Console about “Security Issues”.
If you have security plugins, they will also show malware warnings. Sometimes website titles show keywords unrelated to your website. These are signs that you’ve been a target of malicious code injection or hacking.
Content Ranking on Scraper Site
If you’re using Google Alerts for snippets, you get notifications about how those phrases are ranking on unknown domains. You can check this out by copying and pasting an article title that you suspect of being scraped in searches.
If a random website is ranking higher than yours for the same article, it means you’ve been content scraped. Another side effect is loss of traffic for high-performing pages. The scraped content can be identified with tools like Copyscape or other plagiarism checkers.
How to Prevent Your Site From Negative SEO?
Regular Backlink Auditing
Consistently auditing your website is the best way to prevent negative SEO attacks from different sources. Tools like Google Search Console, Ahrefs, and Semrush can all help you set up notifications for abnormal changes in various metrics. Ensure you keep an eye out for drastic changes, including spammy domains, irrelevant niches, or anchor text.
Today’s tools also come with link intelligence that can flag potentially toxic links and send you notifications. It is a good idea to establish a baseline for a healthy link profile so you can track anomalies more easily.
High Security Protocol and Passwords
Having stronger passwords is perhaps the easiest thing you can do, but many people don’t follow it. Resist the urge to have the same passwords for your logins and use a password manager that can help.
It is vital that you use two-factor authentication for all your logins, including website admin, hosting, and business email. Ensure that you remove old or inactive user accounts of former employees. Hackers can take advantage of their compromised accounts to initiate negative SEO.
The disavow is the most powerful weapon you have against negative SEO, but you need to use it properly. The disavow tool tells the Google search engine to ignore the links that you specify.
The links are submitted via a .txt, which also needs to be in the correct syntax.
Be extremely careful with this, as disavowing good links is also a risk when you use this tool. Another thing to note is that this is not a magic bullet – Google does not guarantee action, but it is the official way to report toxic spam links.
Monitor for Content Scraping
Something to be aware of is that content can be duplicated on other websites without your permission. This process is called content scraping, and you need to take precautions to make it as difficult as possible for the attacker.
The easiest way to do this is by registering your website on the DMCA website, which you can leverage to take down other websites that use your content. Also, remember to watermark original images so you can use them as evidence for your takedown claim.
Track Online Brand Mentions
Brand mentions are a signal that your website is targeted by a third-party. Set up alerts for brand-related keywords and unique names on Google Alerts, Talkwalker, and Mention. These phrases include your brand keywords, product names, and executives.
Monitor popular social media platforms like Facebook, Instagram, and X for these terms as well. Another good idea is to search for “Brand name + scam” on searches to see what results you get.
One of the most common issues for lapses in security has to do with improper updates. Enable automatic updates for all your digital assets and platforms, including CMS, plugins, and themes. Remove unused plugins and themes that you are not using from your profile.
In addition to these, a weekly manual check ensures you can catch those critical updates that haven’t been scheduled yet. It is good practice to test your updates on a staging site to ensure that they are compatible.
Key Takeaways
- Consider sudden and unexplained traffic drops as a serious red flag and investigate them.
- Audit your backlinks and other metrics to ensure that there are no threats against your website.
- Implement high-security frameworks and best practices to keep bad actors out.
- Monitor for content scraping attempts through tools and use DMCA to take them down if found.
- Track online brand mentions and negative reviews for any signs of manipulation.
- Use Google’s disavow tool as a last resort for disavowing spammy domains from your website.