As a small business, your website is a critical component of your success — in fact, it’s hard to be in business at all without a website these days. SEO is vital to ensuring your website gains the most visibility from as many potential customers as possible. Small businesses spend an average of $497 per month on SEO services to improve search rankings, keyword selection, and number of backlinks. However, an increased focus on SEO among small businesses has led to a popular type of cyberattack with the potential to destroy your search rankings.

Negative SEO attacks (also called SEO spam attacks) accounted for more than half of all cyberattacks in 2018 and have become increasingly common. This number was also up 7.3% from the previous year. These attacks sink website search rankings by deluging sites with countless files containing malicious keywords and backlinks. Search rankings can make or break a small business, so understanding how to strengthen SEO security and prevent these types of attacks is a must.

How Negative SEO Attacks Work

Cybercriminals rely on a variety of methods to launch negative SEO attacks. They might insert malicious links into existing website pages, create new pages full of malicious links and spammy content, or make pages on your website lead to other sites using website redirects.

Website redirects are one of the most common types of negative SEO attacks and account for 8% of malware files. When a website redirect occurs, visitors navigating your site are intentionally redirected to a malware-infected or phishing website and exposed to cybersecurity risks. As a result, you lose web traffic.

The easiest way for cybercriminals to deploy a negative SEO attack is by adding spam to blog posts or comment fields. Cybercriminals use black hat SEO tactics that deploy bots to leave endless spammy comments on sites. These comments make your site look suspicious and can discourage visitors from doing business with you.

So, what do cybercriminals get out of SEO spam? Usually, they use these attacks to improve their search rankings by stealing traffic from other sites.

How to Boost Your Website’s SEO Security

Negative SEO attacks don’t just tank your website’s rankings — they hurt your credibility with customers and visitors. Furthermore, they open up other pages of your site to security breaches and can even cause search engines to flag or blacklist your site.

To prevent cybercriminals from sinking your rankings and eroding your credibility, strengthen your website’s SEO security with the following steps:

1. Update your software and plugins. Outdated software and plugins on your website can create vulnerabilities that cybercriminals can exploit, so it’s important to keep your content management system’s software current. As a best practice, your business can perform routine checks to ensure all software is up-to-date and check whether security patches are complete. It’s also a good idea to remove applications you don’t need: The more complex your site (and the more you rely on applications created by third-party developers), the higher your security risk.

2. Sanitize input fields. As a best practice, you should always sanitize input fields to protect your site from bad bots and prevent cybercriminals from inserting modified queries. These modified queries can lead to a much larger security issue, such as a data breach. To sanitize input fields, predefine what a user can enter into a text box. For example, phone number fields should allow users to enter only numbers, parentheses, and hyphens.

3. Use a CAPTCHA. Even if you haven’t heard the term before, you are likely familiar with a CAPTCHA; it’s the variety of images with a theme you need to correctly select to log in to your account or make a payment on many websites. Essentially, a CAPTCHA is a test that computers use to distinguish human website visitors from bots. By applying one to your website’s login, account sign-up forms, and ecommerce checkouts, you can stop cybercriminals from deploying bots to fill your website with SEO spam.

4. Keep track of backlink profiles. Building low-quality links and redirects is a typical way cybercriminals carry out negative SEO attacks, so it’s crucial to keep track of these items on your website. As a best practice, use SEO monitoring tools that can track backlinks and keywords to help you quickly detect when a cybercriminal is creating malicious redirects to your site.

5. Install a web application firewall (WAF) to prevent spammy comments. Lastly, you can block bad bots from deploying spammy comments on your website by installing a WAF. When evaluating WAF options, make sure the solution you choose includes a built-in CAPTCHA as an added layer of security. The WAF acts as a gatekeeper for your website and blocks the top security threats before they ever reach your site.

Building up your business’s search rankings takes a lot of work and is an investment for your business. Don’t let cybercriminals take that power away from you — strengthen your SEO security by understanding how and why these attacks occur. Start by implementing a comprehensive web security solution that can block these SEO attacks to keep your small business secure from SEO spam and bad bots.

Monique Becenti is a product and channel marketing specialist at SiteLock, a cloud-based website security provider currently protecting more than 16 million websites globally. Monique is passionate about improving the customer experience for all. SiteLock’s combination of dedicated research and developmental efforts, aggressive product road maps, and access to a massive global data set make the company a leading innovator in web security.