As a small business, your website is a critical component of your success — in fact, it’s hard to be in business at all without a website these days. Search engine optimization (SEO) is vital to ensuring your website gains the most visibility from as many potential customers as possible. Small businesses spend an average of $497 per month on SEO services to improve search rankings, keyword selection, and the number of backlinks. However, an increased focus on SEO among small businesses has led to a popular type of cyberattack with the potential to destroy your search rankings.
Negative SEO attacks (also called SEO spam attacks) have become increasingly common. These attacks sink website search rankings by deluging sites with spammy keywords and backlinks. Search rankings can make or break a small business, so understanding how to strengthen SEO security and prevent these types of attacks is a must.
Hackers and spammers rely on a variety of methods to launch negative SEO attacks. They might insert malicious links into existing web pages, create new pages full of malicious links and spammy content, or make pages on your website lead to other sites using website redirects.
Spamdexing is one of the most common types of negative SEO attacks. Spamdexing is when hackers redirect visitors navigating to your site, to a malware-infected or phishing website. As a result, you lose web traffic and trust.
The easiest way for cybercriminals to deploy a negative SEO attack is by adding spam malware to blog posts or comment fields. Cybercriminals use black hat SEO tactics that deploy bots to leave endless spammy comments on sites. These comments resemble a hacked website and can discourage visitors from doing business with you.
So, what do SEO spammers get from these attacks? Typically, they use these attacks to improve their own search engine rankings by stealing traffic from other sites.
Negative SEO attacks don’t just tank your website’s rankings — they hurt your credibility with customers and visitors. Furthermore, they open up other pages of your site to security breaches and can even cause search engines to flag or blacklist your site.
To prevent cybercriminals from sinking your rankings and eroding your credibility, strengthen your website’s SEO security with the following steps:
Outdated software and security plugins on your website can create vulnerabilities that cybercriminals can exploit, so it’s important to keep your content management system’s software current. As a best practice, site owners can perform routine checks to ensure all software is up-to-date and check whether security patches are complete. It’s also a good idea to remove applications you don’t need: The more complex your site (and the more you rely on applications created by third-party developers), the higher your security risk.
If you own a WordPress site or similar platform, be sure to use a strong password for login. Brute force attacks can attempt to guess your password by trying the most popular passwords until it guesses correctly. Hackers can also figure out your password by finding clues on social media and trying different combinations until successful. For example, children’s names, pet names, the city where you were born, etc.
As a best practice, you should always sanitize input fields to protect your site from bad bots and prevent cybercriminals from inserting modified queries. These modified queries can lead to a much larger security issue, such as a data breach. To sanitize input fields, predefine what a user can enter into a text box. For example, phone number fields should allow users to enter only numbers, parentheses, and hyphens.
Even if you haven’t heard the term before, you are likely familiar with a CAPTCHA; it’s the variety of images with a theme you need to correctly select to log in to your account or make a payment on many websites. Essentially, a CAPTCHA is a test that computers use to distinguish human website visitors from bots. By applying one to your website’s login, account sign-up forms, and eCommerce checkouts, you can stop cybercriminals from deploying bots to fill your website with SEO spam.
Setting up Google Search Console is not only good for tracking search engine results, but it’s also good for monitoring security issues. Search Console will show alerts when it appears the site’s security has been compromised. You can also keep track of what search terms your site ranks. If you begin seeing terms unrelated to your business, such as around viagra, cialis, or other pharma-related products, you are likely the target of search engine spam. Lastly, you typically get alerts if your site has received a large number of spammy links.
Building low-quality spam links and redirects is a typical way cybercriminals carry out negative SEO attacks, so it’s crucial to keep track of these items on your website. As a best practice, use SEO monitoring tools that can track backlinks and keywords to help you quickly detect when a cybercriminal is creating malicious redirects to your site.
Lastly, you can block bad bots from deploying spammy comments on your website by installing a WAF. When evaluating WAF options, make sure the solution you choose includes a built-in CAPTCHA as an added layer of security. The WAF acts as a gatekeeper for your website and blocks the top security threats before they ever reach your site.
Building up your business’s search rankings takes a lot of work and is an investment for your business. Don’t let cybercriminals scam that power away from you — strengthen your SEO security by understanding how and why these attacks occur. Start by implementing a comprehensive web security solution that can block these SEO attacks to keep your small business secure from SEO spam and bad bots.
Monique Becenti is a product and channel marketing specialist at SiteLock, a cloud-based website security provider currently protecting more than 16 million websites globally. Monique is passionate about improving the customer experience for all. SiteLock’s combination of dedicated research and developmental efforts, aggressive product road maps, and access to a massive global data set make the company a leading innovator in web security.